In July 2018, F5 released its first annual Application Protection Report based on the results of an F5-commissioned Ponemon survey of 3,135 IT and security practitioners across the globe. Additional research conducted by Whatcom Community College, University of Washington Tacoma, along with data from White Hat Security and Loryka served to make this one of the most comprehensive application protection reports available today. In it, we provide a practical model for understanding the complexities of web applications; we look at the cold, hard facts about how, why, where, and how frequently apps are attacked; and we suggest concrete steps that security professionals can take today to protect their applications.

Based on the breadth of data examined, the full report provides aggregate global averages of our findings across all industry sectors. Yet, there were clearly distinct differences in data collected and survey responses across specific industries that are useful to examine more closely. This article explores those differences in greater depth.

Industry Breakdown

The 3,135 cyber-security professionals we surveyed in the US, Canada, United Kingdom, Brazil, China, Germany, and India represented 16 industries in total. By far, most respondents were from the Financial Services, Industrial & Manufacturing, Public Sector, Health & Pharmaceuticals, and Technology & Software industries. A fair number of respondents represented Retail, Services (that is, companies providing consulting and/or business services rather than tangible goods), Energy & Utilities, Consumer Products, Communications (typically, voice, data, and video-transmission providers), and Entertainment & Media companies. Individual industries that represented less than 1% of respondents—Defense & Aerospace, Agriculture & Food Service, and Transportation—are represented as “Miscellaneous” in Figure 1.