Cyber Security

API and Bot Attacks Costing Enterprises $186 Billion Annually, Says New Report

19 September 2024

|

Zaker Adham

Summary

A newly released report from Imperva Inc., a subsidiary of Thales, reveals that businesses are losing up to $186 billion annually due to a surge in API and bot attacks. The "Economic Impact of API and Bot Attacks" report, conducted in partnership with the Marsh McLennan Cyber Risk Intelligence Center, analyzed more than 161,000 cybersecurity incidents to assess the economic fallout of these attacks.

The study highlights that large organizations are particularly vulnerable, facing two to three times more automated API abuses than small or mid-sized businesses. This elevated risk stems from complex API ecosystems within larger enterprises, often containing insecure or exposed APIs, making them prime targets for attackers.

The report emphasizes that the sheer volume of APIs in use is a key factor. Last year, research from Imperva Threat Research showed that the average enterprise managed 613 API endpoints. With the continued digitalization of services, this number is set to rise, presenting a growing threat to organizational security.

In 2023, automated bots were responsible for 30% of all API attacks, costing organizations up to $17.9 billion annually. As API endpoints increase, so does the risk of automated threats exploiting API business logic to bypass security measures and steal sensitive data. The report warns that this issue will only intensify if companies fail to strengthen their security protocols.

The research also found that insecure APIs alone accounted for $87 billion in losses in 2023, a $12 billion jump from 2021. The swift adoption of APIs, often by inexperienced developers and teams without proper collaboration between development and security, has expanded the attack surface for cybercriminals.

On the other hand, bot attacks have become an equally pressing issue, contributing to $116 billion in annual losses. Thanks to easily accessible attack tools and the rise of generative AI, even less skilled attackers can launch sophisticated bot operations. This surge in attacks is challenging to detect and mitigate, further straining organizations' resources.

Cybersecurity incidents related to APIs and bots continue to grow in frequency. In 2022, API attacks increased by 40%, while bot-related incidents surged by 88%, driven by the rise of digital transactions and global geopolitical unrest. Although the pace of attacks slowed somewhat in 2023, the threat remains severe, particularly in regions such as Brazil, France, Japan, and India, which have seen a high prevalence of such incidents.

Nanhi Singh, General Manager of Application Security at Imperva, stated, "Businesses must act quickly to address the security risks from insecure APIs and bot attacks, or they will face substantial economic consequences. As these ecosystems expand and bots become more sophisticated, organizations must anticipate a significant rise in the financial impact of automated API abuse unless they take proactive measures."