Raidiam research: 84 % of enterprises risk sensitive data exposure due to API security gaps
Bybit’ s swift response to major hack prevented wider crypto market collapse, report concludes
CISO news
Raidiam research: 84 % of enterprises risk sensitive data exposure due to API security gaps
new report from Raidiam, a specialist in secure API access
A management, has uncovered an API security crisis hiding in plain sight: 84 % of enterprises operating outside regulated environments have API security protections that fall dangerously short of what’ s needed given the sensitivity of the data they expose.
The report, Helping Enterprises Recognize and Address Critical Risk, is based on a security profiling exercise across 68 organisations spanning fintech, payments, SaaS and enterprise platforms. The findings reveal that while 85 % of these organisations handle sensitive or high-value personal and financial data, the vast majority still rely on outdated or weak mechanisms like static API keys and basic OAuth secrets, without additional safeguards.
“ We’ ve all read the recent headlines; API security should not be an afterthought. The gap between the sensitivity of data and the strength of controls is a board-level risk – not just a technical issue,” said David Oppenheim, Head of Enterprise Strategy at Raidiam.
“ In regulated environments like Open Banking, stronger controls like mutual TLS and certificate-bound tokens are already standard. Outside those frameworks, there’ s a gaping hole.
“ We found that even firms handling payment and personal data still rely on static API keys and basic secrets. In today’ s threat landscape,
that’ s the digital equivalent of leaving the vault door open,” Oppenheim added.
Key findings from the report include:
• 84 % of organisations were placed in the“ Act Urgently” category – exposing sensitive APIs with insufficient security controls
• 85 % handle payment data or special category personal data, yet only one organisation met the benchmark for modern, cryptographic API protection
• 57 out of 68 organisations use bare API keys or basic OAuth credentials, despite known vulnerabilities
• Less than half conduct regular APIspecific penetration testing or runtime anomaly monitoring, leaving blind spots for attackers to exploit
• Real-world breaches – like the Dell partner API hack in 2023 – prove attackers are already exploiting these weak points.
Bybit’ s swift response to major hack prevented wider crypto market collapse, report concludes
ybit, the world’ s second-largest cryptocurrency exchange by trading
B volume, has been featured in a new research report by Glassnode, the leading onchain market intelligence provider trusted by top-tier financial institutions worldwide.
The findings highlight Bybit’ s unprecedented recovery rate and how the exchange’ s zero-time response helped contain a potential crisis, absorbing market shock that could have sent the crypto industry into a downward spiral.
The report, titled Digital Asset Market Resilience: A Deep Dive into the Bybit-Lazarus Hack, analyses the timeline, trading activity, and critical market data from February 2025’ s unprecedented cyber attack – the largest crypto hack in history at a hefty $ 1.4 billion while benchmarking it against major disruption events across both the digital asset and traditional financial markets.
The report examined the performance of three key assets traded on Bybit: BTC, ETH, and SOL. A day after the hack on February 22, ETH open interest on Bybit experienced one of its most severe contractions on record due to widespread position unwinding and forced deleveraging. However, over the following two months, open interest changes turned predominantly positive, with most values returning to long-term averages and at times exceeding normal volatility thresholds.
Both BTC and SOL followed a similar pattern to ETH’ s after the breach. According to the report, at the time of publication, all three had been restored to pre-hack levels, with BTC and SOL achieving significant milestones in May – BTC reached a new high in futures perpetual open interest at $ 8.5 billion, while SOL hit $ 1.2 billion.
“ When examining perpetual trade volumes for the Ethereum asset, we observe stability in trading activity before and after the hack event, with volumes remaining largely unchanged. Additionally, following Ethereum’ s outperformance in recent weeks, trade volume on Bybit has surged, reaching a new all-time high of $ 8.5B / day, a remarkable milestone given that Ethereum was the primary asset targeted in the hack,” wrote the analysts in the report.
10 WWW. INTELLIGENTCISO. COM