Massive increase in mobile app assessments conducted YoY driven by high ROI, product enhancements, customer acquisition and demand for standard-based mobile application security
CHICAGO – Jan. 24, 2023 — NowSecure, the recognized experts in mobile security and privacy, today announced record growth in the 2022 calendar year. With our best-in-class mobile security automation powering 87% growth in mobile app assessments, NowSecure customers reported the ability to release and monetize mobile apps 30% faster, reduce testing and delivery costs by 30% and reduce appsec risk by 40%. Built on a foundation of industry standards and observability, informed by the experience of over 11,000 pen tests and millions of automated scans of mobile apps conducted over more than a dozen years, NowSecure has the most comprehensive experience and technology to help enterprises deliver secure mobile apps faster. Across all facets of the business and industry, NowSecure sustained substantial growth, further solidifying its status as a leader in mobile application security.
Growing Mobile App Threat Landscape
The global app economy saw record growth in 2022 with over 255 billion mobile apps downloaded globally and $469 billion generated in revenue. The continued deployment of IoT devices controlled via mobile apps and the rollout of 5G capabilities will add more fuel to the fire. This year also saw a significant number of mobile app-related breaches disclosed, including My2022 Olympic Games, Tim Hortons, TikTok, Hyundai and Kurbo by WW. More alarming, mobile apps for U.S. government agencies including the Army and CDC disclosed the discovery of Russian-owned embedded Pushwoosh embedded software that potentially posed a national security surveillance threat, because it originated from a Russian-owned software company. Multi-year trends show risks are getting worse. The NowSecure Mobile Risk Tracker shows more than 85% of mobile apps have security and privacy vulnerabilities and 70% leak private data. In many instances, that statistic is worse depending on the industry. Yet shockingly, the majority of organizations are not taking this risk profile seriously.
As the economic slowdown continues to affect IT budgets, outsourced pen testing is typically the first to get cut. A Spiceworks Ziff Davis’ 2023 State of IT survey found that 43% of organizations plan to reduce non-essential spending, 30% are reevaluating vendors or contracts, 29% are decommissioning infrastructure, and 27% are planning a hiring freeze or slowdown. Industry observers expect cyberattacks to grow in a recession as organizations cut corners on security expenses, setting the stage for potential disaster in the global app economy. Mobile apps act as a key sales channel, means of customer engagement, employee productivity tool and are pervasive in the supply chain, thus protecting them remains critical. Insecure mobile apps can have a disastrous effect on the bottom line through damaged brand reputation, loss of customer trust, diminished company value, regulatory fines and legal settlements.
NowSecure Business Momentum
In the wake of the increased threat landscape and economic slowdown, NowSecure achieved several key milestones in the growth across all facets of the business, including:
- Proven Value to Customers: With our security automation tools and services, customers reported the ability to release and monetize 30% faster, reduce testing and delivery costs by 30% and reduce appsec risk by 40%. Equally important, development productivity soared due to integration with developer environments, detailed remediation instructions and a less than 1% reported false positive rate.
- Business Growth: Massive increase of 87% in mobile app assessment licenses year over year, driven by market demand for mobile security automation.
- Customer Momentum: With the addition of new product offerings and significant customer-reported value, NowSecure saw customer expansion grow by 53%.
- Record Testing: NowSecure processed a record-setting 5 million mobile app assessments, more than 400 pen tests and identified millions of vulnerabilities. As an ADA Authorized Lab, NowSecure supported the ongoing initiative to enhance the security and privacy posture of mobile apps in the Google Play ecosystem by partnering with over 115 development teams to help them achieve an independent security review through the MASA validation process.
- Headcount: NowSecurians welcomed 66 new employees to the team in 2022, expanding company diversity and global reach. Our Research and Development team saw exceptional growth, increasing headcount by over 62%.
- Expanded Executive Team: To help bolster our product portfolio, we made the strategic executive hire of Adam Goodman as Senior Vice President of Product Management.
“2022 marked a pivotal year for mobile app security and privacy. Tech giants like Apple and Google embraced their commitments to a more secure and private app ecosystem with the launches of Apple Privacy Labels and Google Play Data safety section. In the public sector, software mandates now include mobile apps in the CISA BOD 23-01 for vulnerability monitoring / reporting and OMB 22 M-22-18 for secure development practices and SBOM tracking,” said NowSecure Chief Mobility Officer Brian Reed. “I am encouraged by the continued momentum of NowSecure and broader industry milestones. Yet, as statistics show, there is still a lot of work that needs to be done and it is ultimately the responsibility of dev and security teams to prioritize security and privacy in the developer workflow.”
New Product Innovation
2022 ushered in new products and significant improvements to the current NowSecure portfolio, further bolstering improved mobile app security, accelerated mobile releases and reduced cost to deliver. Key highlights included:
- OWASP MASVS Compliance Pen Testing – NowSecure expanded its pen testing solution to offer OWASP MASVS compliance and incorporated OWASP MASVS findings into NowSecure Platform software for automated mobile application security testing.
- NowSecure GitHub Actions – In partnership with GitHub, NowSecure launched the NowSecure GitHub Action for Mobile App Analysis, an automated dynamic mobile app security testing solution integrated into GitHub Advanced Security’s code scanning interface as well as the NowSecure GitHub Action for Mobile SBOM to support SBOM generation into GitHub Dependabot.
- ADA MASA Validation – As part of the Google Play Data safety section requirement, Google selected NowSecure as an ADA Authorized Lab to perform independent security reviews to validate mobile apps compliant with the highest standards of security.
- NowSecure Platform Update – The latest update to our core platform and its UX brought new capabilities, Policy Engine and Guided Testing, automating policy-driven security testing and expanding mobile security assessment coverage for faster, higher-quality mobile app software delivery at lower cost.
- NowSecure Pen Testing as a Service (PTaaS) – NowSecure launched a new pen testing solution that combines periodic expert manual assessments with automated continuous testing to optimize coverage, cost and frequency.
- NowSecure Mobileverse™ – NowSecure introduced a first-of-its-kind mobile security online virtual community for customer connections, information sharing, onboarding, advocacy, rewards and more.
Continued Commitment to the greater AppSec Community
As pioneers in mobile app security, NowSecure is committed to continue to help drive the industry to evolve as the mobile threat and security landscape evolves. NowSecure evangelists contributed to this mission in 2022 across several sectors of the company. Specifically through:
- NowSecure Academy: Over 1100 new students registered for the NowSecure Academy free upskilling program, with over 3,700 course enrollments in 2022.
- DevSecOps Bunch Webinar: The NowSecure monthly webinar series averaged over 130 registrants per episode and welcomed expert guests from organizations like IBM, GitHub, Qualitest, Contrast Security, Synopsys and more.
- NowSecure Connect: NowSecure hosted its annual free community event, drawing over 1,100 participants and speakers from companies including T-Mobile, Cisco, GitHub, Squarespace, Digital.ai and more.
- OWASP Participation: As a God Sponsor, NowSecure participated and spoke across 12 OWASP community events in 2022. We were also a key contributor in the MASVS refactoring community effort, with the next version set to launch this year.
- Mobile Breach Tracker and NowSecure MobileRiskTracker: To provide the most up-to-date analysis of the mobile app security risk landscape, these free tools offer real-time mobile security and privacy risk benchmarking and the latest mobile-related breach news.
- Frida and Radare: Created by NowSecure researchers, Frida and Radare offer a free open-source dynamic instrumentation toolkit for developers, reverse engineers and security researchers.
- Black Girls Hack and Cyversity Partnerships: NowSecure is committed to increasing diversity and inclusion in the cybersecurity community. Through our partnerships with Black Girls Hack and Cyversity, we provide free training, resources and mentorships to beneficiaries of each organization.
Learn more about how NowSecure is committed to providing its customers with the highest standards of mobile app security across industries through our 2022 case studies with Camelot Lottery, Tidepool, Habit Mastery Consulting, Everyone Social and the financial services industry.
As the recognized experts in mobile security and privacy, NowSecure protects the global mobile app economy and safeguards the data of millions of mobile app users. Built on a foundation of standards, NowSecure empowers the world’s most demanding organizations with security automation to release and monetize 30% faster, reduce testing and delivery costs by 30% and reduce appsec risk by 40%. Only NowSecure offers a full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing as a Service (PTaaS) and training courseware. NowSecure actively contributes and supports the mobile security open-source community, standards and certification including OWASP MASVS, ADA MASA, NIAP and is recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber.