Skip to main content

App Risk Assessment Survey Results

If any of the statements below applied to your app,

it poses a MODERATE to VERY HIGH risk to your organization.


Apps generate revenue for my organization.

A compromised app could cost more than just lost customers and lost revenue potential and/or governmental penalties.

My app stores or provides access to PII.

Many apps leak PII (e.g., name, address, passport info, loyalty/rewards program details, etc.) due to misconfigurations or poor coding techniques.

My app conducts financial transactions.

Financial information — either in transit or at rest — is the payload that cybercriminals are after. Bank information or credit card details can be easily compromised via apps if not properly secured.

My app makes API calls.

API calls provide a roadmap into your critical infrastructure. Legitimate API calls can be spoofed via compromised apps to bypass traditional security measures.


Users log in to my app.

Login credentials can be skimmed from compromised web apps. Or mobile apps can be tampered with to steal login credentials.

My app houses valuable intellectual property.

IP theft is a growing concern among many organizations as apps are being compromised to steal trade secrets. Knock off or pirated products not only damage your brand, they also hurt your revenue.

My app uses encryption keys.

If encryption keys are uncovered and compromised, any communication between the app and your back end can be viewed in the open. Sometimes encryption keys are left out in the open due to poor coding techniques or simple mistakes.

European Union citizens use or engage with my app.

The GDPR requires that measures are implemented to protect PII for European Union citizens. Many apps house, access or store this type of information, and an app breach could result in a GDPR fine.


I do not know whether my app is being attacked or tampered with once it has been deployed.

Apps are the new endpoint — and app level attacks are today’s starting point for bad actors to figure out how to breach an organization.