Forrester's "Application Risk Management in Business Survey" research, commissioned by application risk management platform supplier Veracode, surveyed more than 200 respondents from 180 different businesses across various industry sectors. Development, security and risk professionals across the UK and US were interviewed.
Most security breaches were due to exploitation of vulnerabilities in their critical software applications.
Insecure software is a top priority for management and developers alike. While companies feel they know the make-up and business criticality of their mixed application portfolios, there is little confidence in the security quality of their applications.
The UK uses less open source and outsourced applications extensively for business critical functions and has a lower of ratio of security personnel to developers, but the results in terms of breaches were in essence the same, the review concluded.
Only 34 percent of companies have a comprehensive software development lifecycle (SDLC) that includes application security.
More than half of companies (57 percent) use outsourcing regularly for business critical applications. Yet only one third of companies require rigorous security testing before accepting and implementing code from outsourcers.
The recession is also impacting security risk, as 64 percent of respondents stated that while application security is important to them, they are struggling to meet the challenge on existing budgets.
"The same economic forces driving enterprises to use third party applications are also increasing the risk of insecure software," said Matt Moynahan, CEO of Veracode. "Given the prolific use of third-parties to build business critical applications, global enterprises need a single flexible and cost-effective solution to seamlessly test the security across their entire application portfolio regardless of whether it was built internally or externally."