Cycode Releases the 2025 State of ASPM Report

Cycode, a leader in Application Security Posture Management (ASPM), today released its second annual State of ASPM Report, revealing a critical disconnect between rising application security threats and organizations’ ability to defend against them. The report, which builds on last year’s groundbreaking inaugural study, uncovers a concerning trend of escalating tool sprawl, budget drains, and a widening talent gap impacting application security posture.

The research, based on an independent, vendor-agnostic survey of 700 CISOs, AppSec Directors, and DevSecOps managers across the US, UK, and Germany, reveals that an overwhelming majority (72%) of security leaders agree that the age of AI necessitates a complete reset of how organizations approach application security.

This urgency is reinforced by the fact that 93 billion lines of code were generated in the past year alone, driven in large part by GenAI. This explosion of code is clearly overwhelming security teams, with 73% of security leaders confirming that “code is everywhere.”

“IDC’s latest DevSecOps research highlights that insecure AI-generated code ranks among the top application security challenges for organizations in 2024, aligning with Cycode’s insights. This underscores the rising importance of code security as a cornerstone of application security strategies for 2025,” said Katie Norton, Research Manager at IDC. “As development and threat environments grow more complex, strengthening code security is crucial to safeguarding innovation efforts.”

According to Cycode, 59% of respondents say today’s attack surface is completely unmanageable, with GenAI emerging as the #1 blindspot, followed by the exponential growth in code. Given these challenges, it’s not surprising that 63% of respondents believe CISOs aren’t investing enough in code security.

In response, security budgets are projected to grow by an average of 50% over the next 12 months.

This reflects the true scale of the challenge ahead. But, as the report highlights, the average enterprise is already using 50 security tools, slightly more than was reported last year. This increasing tool sprawl is creating significant operational challenges, including an overall lack of visibility into security and risk posture, alert fatigue, and difficulties in fostering collaboration between security and development teams.

Other Key Findings Include:

Alarmingly, 90% of respondents from organizations with over 61 security tools report a lack of understanding as to where their security budget is being spent. This challenge is compounded by a massive talent gap in cybersecurity, which tool sprawl further exacerbates, leaving organizations struggling to effectively manage and secure their increasingly complex IT environments.
Over 4 in 5 (83%) of security professionals surveyed agree that having too many tools requires specialist skills, and that skills are increasingly difficult to find due to the ongoing cybersecurity talent gap. This is of course compounded by the shortage of cyber professionals, which this year neared 4 million. It’s no wonder 65% of respondents said that balancing AppSec needs with the talent shortage is challenging.
Security professionals are increasingly aware of the perils of tool sprawl, with 88% confirming plans to consolidate their AppSec tools into a single platform within the next 12 months.
“The market is sending a clear signal: it’s time to reset and rethink how we approach application security,” said Lior Levy, Cycode’s Co-founder and CEO. “Organizations are investing more in code security than ever before, yet challenges like tool sprawl and an unmanageable attack surface persist. We’re at a critical inflection point and we don’t believe organizations should have to choose between innovation and security. Cycode is uniquely positioned to address these issues with its Complete ASPM, delivering a unified, purpose-built solution for this new era.”

Among those already using an ASPM platform, 90% report a significant improvement in their ability to understand and manage overall risk, enabling them to prioritize the most critical vulnerabilities. Furthermore, a remarkable 97% have seen a positive impact on collaboration between security and development teams.

The 2025 State of ASPM Report is available online and provides actionable insights for security leaders navigating the challenges of today’s fast-evolving application security landscape.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Cycode Releases the 2025 State of ASPM Report first appeared on AI-Tech Park.