2023 Snyk Customer Value Study

Hear firsthand from Snyk customers on how implementing developer-first security helped them reduce risk and increase developer productivity in 2023.

Part one

Executive summary

Customers report that Snyk has helped drive substantial ROI in time savings and risk avoidance in the past year — a 2x increase in return-on-investment from 2022. On average, organizations gained an equivalent savings of 30 development FTEs from risk avoidance and developer productivity gains, reported by over 500 Snyk customers.

$5.08M

The average savings Snyk customers realized in the past year based on risk avoidance and dev efficiency gains.

70% increase

The average increase in automated remediation by customers using the Snyk platform.

13 common standards

Snyk enables license compliance and maps to compliance standards including ISO, PCI, and SOC 2.

2.4x faster

The average amount by which customers report Snyk’s scanning is faster than alternatives.

Snyk makes it easy for leaders to choose the right AppSec tooling

With a rapidly evolving technical landscape introducing more languages, ecosystems, and processes into your software development lifecycles, it’s more important than ever before to bring in the right AppSec tooling. We asked Snyk customer executives to identify their top considerations when evaluating security tooling, with risk reduction, compliance, and automation ranking as the most important factors.

Top considerations for CISOs

50%

40%

30%

20%

10%

0%

0%

10%

20%

30%

40%

50%

Risk reduction

Compliance

Automation

Accuracy

Security depth

Reporting

Risk reduction

Compliance

Automation

Accuracy

Security depth

Reporting

Top considerations for CTOs

40%

30%

20%

10%

0%

0%

10%

20%

30%

40%

Risk reduction

Automation

Developer productivity

Reliability

Compliance

Accuracy

Ease of Use

Risk reduction

Automation

Developer productivity

Reliability

Compliance

Accuracy

Ease of Use

Did you know?

Snyk enables license compliance and helps customers achieve compliance to 13 common industry standards across the globe, including PCI-DSS, SOC 2, and ISO 27001.

Intuit

“It’s really important to prevent security issues. They’re not just expensive to handle, they’re also a red mark on a project that developers don’t want to see… Tooling has a part to play in how developers find and fix security issues.  Snyk was brought into Intuit through the development team bringing it to security as the tool they wanted to use.”

Vlad Nikolov

Principal Security Engineer, Intuit

Part two

Snyk helps customers reduce risk across the software supply chain

Risk avoidance with Snyk saved customers an average of $3.49M in 2023

Supply chain attacks have increased in both volume and frequency in recent years, making it more important than ever for businesses to have a comprehensive framework for supply chain security in place. Snyk’s industry-leading security intelligence combines public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI to help you detect early and resolve quickly to avoid expensive security events.

ROI based on risk avoidance

$5,000,000

$4,000,000

$3,000,000

$2,000,000

$1,000,000

$0

$0

$1,000,000

$2,000,000

$3,000,000

$4,000,000

$5,000,000

<750 employees

750 - 5,000 employees

>5,000 employees

Fortune 500

<750 employees

750 - 5,000 employees

>5,000 employees

Fortune 500

Enterprise customers fixed 162% more critical and high vulnerabilities with Snyk

Snyk is built for speed, with automatic issue prioritization and fix advice built into our platform. Our code-to-cloud application intelligence helps customers reduce noise in their backlogs and focus on the top risks to their business.

In 2023, Snyk customers fixed over 50 million vulnerabilities using the Snyk platform. Our broad coverage across 19 programming languages, 25+ package managers and frameworks, Terraform, and more, combined with 2.4x faster scan times than alternative solutions, means Snyk customers can scan more projects, faster.

Increase in fixed vulnerabilities YoY

<750 employees

750 - 5,000 employees

>5,000 employees

Fortune 500

0%

50%

100%

150%

200%

250%

Did you know?

Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.

Natera

“I want everybody to see security as their partner and something that enables them.  And having something early in the lifecycle truly does that. So we start with the IDE implementation and integrate with the repositories. This helps us understand the context around security vulnerabilities in our dependencies, helping us make informed decisions.”

Charlotte Townsley

Director, Security Engineering, Natera

Snyk enables customers to respond rapidly to zero-day vulnerabilities

When a zero-day vulnerability occurs, early detection and remediation are of paramount importance to CISOs and application security teams in order to reduce the impact to customers and the business. Through continuous monitoring, automatic fix advice, and industry-leading security intelligence, Snyk ensures your developers can detect and respond quickly to zero-day vulns, up to 2.4x faster than alternative solutions.

In September 2023, two critical vulnerabilities were found in the libwebp library. Using the Snyk CLI to test projects locally or using Snyk reports to quickly search libwebp across imported projects, Snyk allows customers to respond quickly to the vulns. In fact, 90% of Snyk customers who were exposed to cURL were able to fix the critical vulnerability within two days.

Average time to fix cURL vulns among affected customers

Days to fix

CVE-2023-5129 vuln

CVE-2023-4863 vuln

0

5

10

15

ShopBack

"The major differentiators [with Snyk] were easy integration with GitLab CI, and faster results.  Snyk also has several features available within the CLI. For example, it can filter or target specific vulnerabilities by level, type, or location. Most other tools I’ve used don’t have this filtering mechanism [which is] much more cumbersome.

We’re glad to have a reliable source of information about all of our third-party software, so our developers can be the first to know about any critical vulnerabilities.

With the auto-fix feature, the developer doesn’t have to search around and wonder, ‘How do I fix this?’ Instead, they can click on a button, the right patch or upgrade is prepared, and then they just merge it."

Dipin Thomas

Engineering Manager, ShopBack

Part Three

Shifting left with Snyk increases developer productivity

Snyk customers reported an average annual ROI of $1.59M thanks to developer efficiency gains

Each year, Snyk asks executives which factors are most important when considering new security tooling. CTOs consistently rank developer productivity at the top of this list. With rising salaries and a competitive hiring market, it’s not always feasible to bring on additional headcount to your security teams. Therefore, it’s essential that your developers have tooling in place that enables them to move quickly, while ensuring application security.

Snyk is proud to report that in 2023, customers reported an average savings of $1.59M in developer efficiency gains, with Fortune 500 customers seeing an impressive $8M+ in savings. We’re thrilled to see our customers finding and fixing vulnerabilities faster than ever before thanks to their successful adoption of Snyk.

ROI based on developer efficiency gains

$10,000,000

$7,500,000

$5,000,000

$2,500,000

$0

$0

$2,500,000

$5,000,000

$7,500,000

$10,000,000

<750 employees

750 - 5,000 employees

>5,000 employees

Fortune 500

<750 employees

750 - 5,000 employees

>5,000 employees

Fortune 500

Did you know?

The average U.S. developer rate is $85/hour, according to a 2023 Developer Survey by Stack Overflow.

Applied Systems

“Adopting Snyk allows Applied Systems to align our security and development goals to deliver more value to our customers.  Snyk accelerates our development process and ensures our engineers have the best information possible to enhance the security of our product portfolio.”

Tanner Randolph

CISO, Applied Systems

Fortune 500 customers saved 100K+ hours in developer efficiency gains with Snyk

Helping customers embrace developer-first application security has always been at the heart of Snyk’s mission. We achieve this by providing faster scan times, risk-based prioritization, context-rich reporting, and automation — all of which help users find and fix vulnerabilities faster than alternative solutions.

In the last year, our customers reported an average time savings of 20,729 hours, with Fortune 500 customers seeing an impressive 3x increase in developer adoption with Snyk. Check out more statistics for developer adoption for Fortune 500 customers below.

Developer efficiency gains

Developer hours saved

<750 employees

750 - 5,000 employees

>5,000 employees

Fortune 500

0

25,000

50,000

75,000

100,000

125,000

Snyk makes it easy to shift left with dev-friendly tooling and processes

Developer adoption growth YoY in the Fortune 500

250%

200%

150%

100%

50%

0%

0%

50%

100%

150%

200%

250%

Private repos

CLI & CI scans

API usage

IDE usage

Private repos

CLI & CI scans

API usage

IDE usage

Snyk is scalable and API-ready, enabling customers to see value faster than alternative tools

The results above show us just how easy it is for developers to adopt Snyk into their daily workflows. We’re also excited to share that in 2023, customers reported an average time of 12 days from Snyk purchase to first scan — a six-day reduction from the previous year. Security and development teams continuously cite Snyk Learn, Snyk’s interactive developer security & product training platform, as a primary resource in achieving such quick success.

Average time to start using Snyk by organization size

Days to first scan

Days to full deployment

<750 employees

750 - 5,000 employees

>5,000 employees

Fortune 500

0

20

40

60

Did you know?

Customers who take advantage of interactive security and product lessons available on the Snyk Learn platform are 63.1% more likely to accelerate their shift left journey!

Reddit

“Without Snyk… many security tasks would take a lot of time with Reddit’s scale, so automating some of these things has reduced the operational burden and lowered the total cost of ownership for adopting the Snyk platform."

Spencer Koch

Security Wizard, Reddit

About this report

In 2023, Snyk set out to understand the value our customers have gained in the past year with the Snyk platform in our second annual Customer Value Study. Thank you to the over five hundred Snyk customers who participated in our survey and helped make this project possible.

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo