How much do bot attacks and API insecurity cost organizations? To answer these questions, Imperva engaged the Marsh McLennan Cyber Risk Intelligence Center to analyze incident data related to vulnerable APIs and bot attacks. Imperva’s latest report, “The Economic Impact of API and Bot Attacks,” covers the findings of the analysis.
The analysis studied over 161,000 unique cybersecurity incidents and estimates that businesses face an annual economic burden of up to $186 billion due to vulnerable APIs and automated bot attacks. These two security threats, often working in tandem, are becoming increasingly prevalent and pose significant risks to organizations worldwide.
The report, based on a study conducted by the Marsh McLennan Cyber Risk Intelligence Center, offers valuable insights and highlights the importance of robust security measures for businesses looking to protect themselves. In this blog, we will cover some of the key findings.
API and Bot-Related Security Incidents Grow at an Alarming Rate
Application Programming Interfaces (APIs) have become the backbone of modern digital interactions, allowing seamless communication between diverse applications and services. However, the rapid adoption of APIs has come with significant challenges. Data from Imperva Threat Research finds that the average enterprise managed a staggering 613 API endpoints in 2023, a number that continues to grow as businesses strive to enhance agility and efficiency. Unfortunately, this expansion has made APIs an attractive target for cybercriminals.
The study conducted by the Marsh McLennan Cyber Risk Intelligence Center reveals a sharp increase in bot-related security incidents, with an 88% rise in 2022 and a further 28% increase in 2023. Insecure APIs have also contributed to a substantial financial toll, resulting in up to $87 billion in losses annually—a $12 billion increase from 2021. Automated API abuse by bots significantly contributed to the economic impact, costing organizations up to $17.9 billion each year.
The Impact on Large Enterprises
Larger organizations, particularly those with revenues exceeding $1 billion, are at heightened risk. The study found that these enterprises are 2-3 times more likely to experience automated API abuse by bots than smaller businesses. The complexity and scale of their API ecosystems often expose them to more significant security risks, with bot operators increasingly targeting these high-value environments.
Additional Key Findings from the Report
- API Adoption Expands the Attack Surface: The growing reliance on APIs, coupled with inexperienced developers and a lack of collaboration between security and development teams, has significantly increased losses from insecure APIs.
- Bots and Their Economic Impact: The rise of generative AI models and easily accessible attack tools has made it easier for even low-skilled attackers to launch sophisticated bot attacks. This trend has resulted in up to $116 billion in annual losses due to automated bot attacks.
- Global Vulnerability: The report also highlights the global nature of these threats, with countries like Brazil, France, Japan, and India experiencing high percentages of security incidents related to insecure APIs and bot attacks. While the percentage of such events in the United States is lower, 66% of all reported incidents related to these threats occurred within the country.
Looking Ahead: The Future of API Security and Bot Management
The risks associated with insecure APIs and bot attacks will only intensify as reliance on APIs grows, particularly with the integration of generative AI applications and large language models. Without proactive measures, organizations should brace for a significant rise in the economic impact of these threats.
To learn more, download “The Economic Impact of API and Bot Attacks” report and explore how Imperva Advanced Bot Protection and API Security can safeguard your organization.
Try Imperva for Free
Protect your business for 30 days on Imperva.