.png?width=1816&height=566&name=brandmark-design%20(83).png "Tech Channels - IT News, Resources & Insights")
Conventional wisdom says bugs are to blame for delayed product launches. But new data tells a different story: 60 percent of IT and security leaders say security issues are now more likely to cause delays than feature bugs. 👉Read the full report
And it’s not just timelines at risk. Careers are on the line too. Nearly 80 percent of respondents to the 2025 State of Application Security Survey, conducted by TechStudio™, an Energize Marketing® company, and Cypress Data Defense, say they are concerned about losing their jobs in the aftermath of a breach.
That concern is justified. The average cost of a data breach in the U.S. has climbed to $9.48 million, according to IBM. Despite the high stakes, security budgets often fall short. Nearly 90 percent of teams allocate just 11 to 20 percent of their overall security budgets to application security. At the same time, perimeter defenses like network security continue to receive more funding, even though application-layer vulnerabilities account for 43 percent of breaches.
"False positives, talent shortages, and late-stage vulnerability detection are creating a perfect storm for application security teams," said Aaron Cure, Co-Founder and Director of Cyber Security at Cypress Data Defense.
The consequences are serious. 62 percent of organizations admit they have knowingly shipped insecure code. One IT director from a U.S. healthcare company captured the concern: “AI-generated code might have hidden bugs that are easy to miss.”
This pressure is driving many teams to seek external help. 83 percent of respondents said they would consider outsourcing at least part of their AppSec program. The survey reveals a clear insight: while application security is now seen as a strategic priority, it remains underfunded, understaffed, and frequently treated as an afterthought.
Organizations that want to move faster without compromising security need to embed security earlier in the software development lifecycle, invest in expert support, and treat AppSec as a critical part of product delivery—not a final checkpoint. As Cure said, "Organizations urgently need proactive AppSec strategies and managed services to keep pace with modern threat.”
