4.5m web and mobile apps would turn out to be vulnerable by next year.
A widening gap has arisen in application security programmes at the US and the UK enterprises.
By next year, about 70% of internally developed applications would remain unaudited by enterprises over common threats including SQL injection, increasing attack surface at Global 2000 firms to about 4.5 million web and mobile apps.
Veracode security program management director Pejman Pourmousa said: "In order to close this gap, enterprises need a new and more scalable approach to application security that allows organisations to mature their programs with consistent enterprise-wide policies and metrics.
"Using an automated cloud-based service makes it possible for enterprises to keep pace with the speed of innovation without sacrificing security."
The study comes on the heels of recent large-scale breaches at retail organisations.
According to the study, the web and mobile apps turn out to be the path of least resistance as enterprises effectively lock down their networks.
Several web and mobile apps turn out to be vulnerable as enterprises develop more applications in a bid to fuel their businesses. However, they audit only business-critical applications for security as they lack ability to scale existing application security schemes.