Check Point® Software Technologies Ltd. announced it has been named as a Recommended vendor in the NSS Labs 2025 Enterprise Firewall Comparative Report, with the highest security effectiveness score.
62% of Mobile Apps Have Suffered a Breach in the Last Year
October 06, 2025
A new Enterprise Strategy Group (ESG) report based on responses from 300 global application development/software engineering, cybersecurity, and IT decision makers found that 93% of respondents think their mobile app security protections are sufficient. However, these same respondents report that they face an average of 9 mobile app security incidents per year, with a staggering 62% having suffered a mobile app breach in the last year alone. What this implies is that there is a gap between what developers believe is good security and what proper security measures actually are.
We understand that developers are under intense pressure to deliver at a high velocity, with 74% of respondents stating they are facing this pressure, according to the report. At the same time, focusing on time to market has compromised mobile app security for 71% of respondents. Understandably, security can become an afterthought when there are other, seemingly more important priorities. But the costs and impact of poor security posture paint a different picture. Fortunately, there's a way to integrate security without sacrificing release cycles or app performance.
The ESG report found that an organization releases an average of 13 unique mobile apps per year, with 54% of respondents experiencing application downtime, 41% reporting a loss of consumer trust, and 48% citing data leaks. As a result, maintaining a high-performing application becomes essential for securing user trust. The financial implications are equally severe, with ESG finding that the total average cost of a single mobile app security incident among survey participants averaged $7 million. The cost of taking a reactive approach to security has a significant impact on the ROI of an organization that experiences an incident.
So, how can developers protect their applications from security incidents that result in poor performance, loss of consumer trust, and financial losses? Many have taken steps to incorporate operating system-level protections or even attempted DIY solutions. However, while a step in the right direction, these protections are woefully inadequate against the sophisticated attacks mobile apps are facing day in and day out.
Bad actors have multi-pronged attacks to target mobile applications from various angles. The best way to defend against these attacks is through a multi-layered mobile application security strategy. Developers and their teams incorporate multiple tools and techniques to protect their apps. 45% of organizations taking part in the ESG report stated that they are implementing a mix of in-house tools, third-party solutions, and operating system-level protections. But there are ways to make security an integral part of your workflow without disrupting time to market.
This strategy begins at the development stage by incorporating security into the application development lifecycle. By integrating security into the development lifecycle through practices such as code hardening and injecting runtime application self-protection (RASP) checks, organizations can adopt a more proactive approach to prevent post-release threats and attacks. That's just one layer of a multi-layer app security strategy.
After incorporating protections into the development stage, teams can test to make sure they haven't left any gaps in their protection. This practice is called mobile application security testing (MAST). After development, your team can implement MAST to identify vulnerabilities and correct them before they push your application to production. Once your application is live, threat monitoring tools actively monitor your application for threats like tampering or reverse engineering post-release. If a threat is identified, it is routed to the appropriate developer, along with the necessary metadata, to neutralize the threat and mitigate its impact quickly.
The measures we have discussed so far have been to protect the client-side of your application. To protect critical API endpoints on your application's server-side, your team can use advanced security protections like app attestation. Mobile app attestation uses short-lived, encrypted tokens to verify that each real-time API request is coming from a genuine user on a verified version of your application. These tokens are based on security policies that you define to identify and address known and emerging threats.
The ESG report makes it clear that there's no doubt that development teams are facing the dual challenges of maintaining high app performance and protecting from outside threats. Prioritizing one over the other will undoubtedly leave the organization exposed, with real financial risks on the table. A better approach is to incorporate security into development, making it an automated part of your existing workflow rather than a burdensome afterthought. By doing so, your app and users will not only be safer, but there will also be minimal, if any, impact on your release velocity and application performance — securing your competitiveness in a relentless marketplace.
Industry News
November 06, 2025
November 06, 2025
Buoyant announced upcoming support for Model Context Protocol (MCP) in Linkerd to extend its core service mesh capabilities to this new type of agentic AI traffic.
November 06, 2025
Dataminr announced the launch of the Dataminr Developer Portal and an enhanced Software Development Kit (SDK).
November 05, 2025
Google Cloud announced new capabilities for Vertex AI Agent Builder, focused on solving the developer challenge of moving AI agents from prototype to a scalable, secure production environment.
November 05, 2025
Prismatic announced the availability of its MCP flow server for production-ready AI integrations.
November 05, 2025
Aptori announced the general availability of Code-Q (Code Quick Fix), a new agent in its AI-powered security platform that automatically generates, validates and applies code-level remediations for confirmed vulnerabilities.
November 04, 2025
Perforce Software announced the availability of Long-Term Support (LTS) for Spring Boot and Spring Framework.
November 04, 2025
Kong announced the general availability of Insomnia 12, the open source API development platform that unifies designing, mocking, debugging, and testing APIs.
November 04, 2025
Testlio announced an expanded, end-to-end AI testing solution, the latest addition to its managed service portfolio.
November 03, 2025
Incredibuild announced the acquisition of Kypso, a startup building AI agents for engineering teams.
November 03, 2025
Sauce Labs announced Sauce AI for Insights, a suite of AI-powered data and analytics capabilities that helps engineering teams analyze, understand, and act on real-time test execution and runtime data to deliver quality releases at speed - while offering enterprise-grade rigorous security and compliance controls.
October 30, 2025
Tray.ai announced Agent Gateway, a new capability in the Tray AI Orchestration platform.
October 30, 2025
Qovery announced the release of its AI DevOps Copilot - an AI agent that delivers answers, executes complex operations, and anticipates what’s next.
October 29, 2025
Check Point® Software Technologies Ltd. announced it is working with NVIDIA to deliver an integrated security solution built for AI factories.
October 29, 2025
Hoop.dev announced a seed investment led by Venture Guides and backed by Y Combinator. Founder and CEO Andrios Robert and his team of uncompromising engineers reimagined the access paradigm and ignited a global shift toward faster, safer application delivery.
