Last year, Cycode released the first-ever State of ASPM Report, shedding light on the biggest challenges AppSec teams face. This landmark report sparked critical conversations, helping organizations understand the urgent need to address tool sprawl and modernize their security practices. This year, the stakes are even higher.
With 93 billion lines of code generated in the past year, much of it fueled by Generative AI, the attack surface is expanding faster than ever. Breaches are also becoming costlier both in the short and long-term. All of this means that Cycode’s second annual State of ASPM Report — which builds on the foundation of last year’s insights — has arrived at a critical time.
Based on a survey of over 700 CISOs, AppSec Directors, and DevSecOps Managers across the US, UK, and Germany, the findings offer a roadmap for addressing today’s most pressing challenges.
Key Findings from the 2025 State of ASPM Report
Our latest research highlights several critical trends shaping the future of application security, and answers some of the key questions keeping security and development leaders up at night. For example:
- The Emergence of Code Security: With 73% of security leaders affirming that “code is everywhere,” there is a growing consensus on the necessity of securing code within applications. Despite this, 63% believe that CISOs are not investing adequately in code security. Additionally, 86% agree that ASPMs and CNAPPs should remain complementary solutions rather than merging into a single platform.
- Tool Sprawl Impacting Efficiency: Organizations are utilizing an average of 50 AppSec tools, with 67% of respondents indicating that managing this array is a significant hurdle. This sprawl reduces visibility, creates blind spots, and hampers collaboration between security and development teams. The result? AppSec Chaos.
- Unmanageable Attack Surfaces: A significant 59% of security professionals report that today’s attack surfaces have become unmanageable, with GenAI and code security identified as primary blind spots.
- Budget Increases with Oversight Challenges: Security budgets are projected to grow by an average of 50% in the next 12 months. However, 77% of security professionals acknowledge a lack of full understanding regarding the allocation of these funds, often due to the proliferation of point solutions that add complexity and hidden costs.
- ASPM as a Solution to AppSec Challenges: In response to these issues, 61% of organizations have begun consolidating their tool stacks, and 88% express a willingness to consolidate further within the next 12 months if given the opportunity. Cycode stands out as the only vendor in the ASPM space with proprietary scanners, making it the only ‘Complete’ ASPM. This unique approach ensures organizations can consolidate ther point solutions tools to 1 platform without compromising functionality or visibility.
For dozens more insights, download the full report now.
Who Should Read This Report?
Whether you’re navigating complex regulatory landscapes or tackling tool sprawl, this year’s report takes a truly global perspective, featuring data from 700 respondents across the US, UK, and Germany, with 50% representing organizations with over 5,000 employees. It’s an invaluable resource for CISOs, security professionals, DevSecOps practitioners, developers, and decision-makers who are committed to safeguarding their applications, software supply chains, and development pipelines.
It’s also easy-to-navigate, with each clear insight explored individually and in detail. This makes it ideal for time-strapped readers looking for concise answers to their most pressing security questions.
Explore the Full Report
To gain a deeper understanding of these findings and their implications for your organization, download the full State of ASPM Report. Or, if you’d like to learn more about how Cycode can help you deliver software fast without compromising on security, book a demo now.