Facebook
Twitter
LinkedIn
API insecurity and automated abuse by bots responsible for up to 11.8% of cyber events and losses globally
Bot-related security incident count rose 88% in 2022 and 28% in 2023
Insecure APIs result in up to $12 billion more in losses than they did in 2021
@Thales Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the Economic Impact of API and Bot Attacks report. The analysis of more than 161,000 unique cybersecurity incidents and investigates the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. The report estimates that API insecurity and bot attacks result in up to $186[1] billion for businesses around the world.
The report is based on a study conducted by the Marsh McLennan Cyber Risk Intelligence Center which found that larger organizations were statistically more likely to have a higher percentage of security incidents that involved both insecure APIs and bot attacks. Enterprises with revenues of more than $1 billion were 2-3x more likely to experience automated API abuse by bots than small or mid-size businesses. The study suggests that large companies are particularly vulnerable to security risks associated with automated API abuse by bots because of complex and widespread API ecosystems that often contain exposed or insecure APIs.
Enterprises rely heavily on APIs to enable seamless communication between diverse applications and services. Data from Imperva Threat Research finds that the average enterprise managed 613 API endpoints in production last year. That number is growing rapidly as businesses face mounting pressure to deliver digital services with greater agility and efficiency.
Due to this increased reliance and their direct access to sensitive data, APIs have become attractive targets for bot operators. In 2023, automated threats accounted for 30% of all API attacks, according to data from Imperva Threat Research. Today, automated API abuse by bots costs organizations up to $17.9 billion of losses annually. As the number of APIs in production multiplies, cybercriminals will increasingly use automated bots to find and exploit API business logic, circumvent security measures, and exfiltrate sensitive data.
It's imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks.
Some of the key trends identified in the report include:
Increased API adoption and usage is growing the attack surface: The rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to $87 billion of losses annually, a $12 billion increase from 2021.
Bots negatively impact organizations' bottom line: The widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. Up to $116 billion of losses annually can be attributed to automated attacks by bots.
API and bot-related security incidents are becoming more frequent: In 2022, API-related security incidents rose by 40%, and bot-related security incidents spiked by 88%. These increases were fueled by a rise in digital transactions, the expanding use of APIs, and geopolitical tensions like the Russia-Ukraine conflict. In the following year 2023, as digital traffic began to stabilize and the pandemic-driven surge in internet activity subsided, the frequency of these incidents moderated. API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. The overall upward trend in attacks highlights the growing persistence and frequency of these threats.
Insecure APIs and bot attacks pose a significant threat to large enterprises: Companies with revenue of at least $100 billion are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats constitute up to 26% of all security incidents experienced by such businesses.
Countries around the globe are vulnerable to API and bot attacks: Brazil experienced the highest percentage of events related to insecure APIs or bot attacks, with the threats accounting for up to 32% of all observed security incidents. This was closely followed by France (up to 28%), Japan (up to 28%), and India (up to 26%). While the percentage of events attributed to API and bot-related security incidents was lower in the United States, 66% of all reported events related to vulnerable APIs or automated abuse by bots occurred within the country.
Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models, adds Singh. At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.
Additional Information:
Download a copy of the The Economic Impact of API and Bot Attacks report for additional insights on the business impact of API and bot-related security incidents.
See how Imperva Advanced Bot Protection and API Security can protect websites, applications, and APIs from automated attacks and without affecting the flo
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
02/05/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
01/04/2026
January 4 2026, 18:00 (PST) DOLBY AND DOUYIN EMPOWER THE NEXT GENERATON OF CREATORS WITH DOLBY VISION
Douyin Users Can Now Create And Share Videos With Stun...
02/03/2026
Rohde & Schwarz demonstrates FR1-FR3 carrier aggregation, advancing 6G readiness Rohde & Schwarz and Qualcomm Technologies, Inc. have reached another pivotal ...
02/03/2026
aconnic AG (ISIN: DE000A0LBKW6), Munich, and Arqit Quantum Inc. (Nasdaq: ARQQ, A...
02/03/2026
Luxembourg, February 26, 2026 - SES and Africa Mobile Network (AMN) have expande...
02/03/2026
Monday 2 March 2026
Saturday Night Live UK announces writing team
L-R: Jonno Johnson; Charlie Skelton; Celya AB; Omar Badawy; Gr inne Maguire; Laura Claxton; ...
27/02/2026
Since its inception, Gorillaz has been known for blending art with genre-bending...
27/02/2026
This week, Spotify introduced Audiobook Charts for the U.S. and U.K. The charts make it easy to discover your next favorite book by showing what's popular a...
27/02/2026
Rohde & Schwarz and Viasat to collaborate on NB-NTN IoT test plan for connectivi...
27/02/2026
In media technology, big features often steal the spotlight - AI integrations, cloud transformations, automation frameworks. But for the people who use these to...
27/02/2026
Digital Asset Management systems sit at the heart of most marcoms operations. They centralise content, organise it, and make it discoverable. Integrated with th...
27/02/2026
The AI Wild West comes to NAB 2026 and Blue Lucy is bringing the Sheriff
The AI Wild West is here, and media organisations are feeling the heat. On Booth W23...
27/02/2026
A deeply personal, uncompromising portrait of the legendary punk rock iconFriday...
27/02/2026
One of Ireland's favourite lifestyle shows Home of the Year, returns for its 12th series and will be proudly sponsored by SIRO. The brand-new series will ai...
27/02/2026
Our Farm: A GIY Story lands on RT One and RT Player from March 3
From walled garden to community farm, new six-part series captures the unfiltered realities...
27/02/2026
Note: English version included below the Irish language version.
Seachtain na Gaeilge 2026 ar RT
A Ghaeilge mo cheol th '
T feachtas athnuaite i n...
26/02/2026
Rohde & Schwarz awarded contract by Israel Airports Authority for QPS201 securit...
26/02/2026
Rohde & Schwarz highlights its unique CMX500 one-box tester tailored for NTN tes...
26/02/2026
Rohde & Schwarz high-efficiency transmitter powers next-gen broadcast services i...
26/02/2026
Rohde & Schwarz highlights its comprehensive embedded systems test solutions at ...
26/02/2026
Rohde & Schwarz to showcase spectrum security and network efficiency solutions a...
26/02/2026
Rohde & Schwarz and Broadcom showcase first Wi-Fi 8 RF signaling tests, paving w...
26/02/2026
Rohde & Schwarz advances AI-RAN testing using digital twins with NVIDIA Rohde & Schwarz, in collaboration with NVIDIA, continues to drive AI-RAN innovation fo...
26/02/2026
Rohde & Schwarz and LITEON demonstrate high throughput 5G femtocell testing with...
26/02/2026
The agreement ensures Europe's satellite-based augmentation continues enhanc...
26/02/2026
There were two big wins for RT KIDS shows at the 17th Kidscreen Awards in San Diego this week with Maddie Triggs and BeddyByes both taking home gongs.
The K...
26/02/2026
26 Feb 2026
VEON to Release FY25 Earnings Update on March 13, 2026 Dubai and New York, February 26, 2026 - VEON Ltd. (NASDAQ: VEON), a global digital operator ...
26/02/2026
What can I watch on UKTV and stream on U this week?
This week's highlights include new episodes of Will and Ralf Should Know Better, The Marlow Murder Club...
26/02/2026
Thursday 26 February 2026
Sky partners with STARZ on high-impact boxing drama F...
26/02/2026
Thursday 26 February 2026
An Open Letter to Our Fellow Leaders in Global Media
From:
Tim Davie, BBC Director-General
Jon Slade, CEO, Financial Times
Anna B...
26/02/2026
Wuppertal February 26, 2026
Teatro alla Scala Elevates Backstage Communication with Riedel's BoleroRiedel Communications today announced that Fondazione T...
26/02/2026
RT has confirmed that it has today received payment from the GAA for its 50% share of GAAGO.
RT confirmed in February 2025 that it had agreed in principle wi...
26/02/2026
RT Statement regarding the broadcast of Republic of Ireland vs Israel Nations League fixture
If the match goes ahead and that is a decision for the FAI as ...
25/02/2026
It's never been easier to customize your Spotify listening experience. Last year, we introduced more control over the way your playlist sounds, giving Premi...
25/02/2026
Hip-hop thrives on constant reinvention, with bold voices and fearless experimentation continually pushing the genre's boundaries. Every era brings new lead...
25/02/2026
In 2025, Magyar Telekom continued the consistent execution of its long-term stra...
25/02/2026
Joe Wilkinson and Joe Marler reunite for a tongue-in-cheek campaign exploring the hilarious extremes of modern loveWednesday 25 February 2026
Mix Tapes to Vide...
25/02/2026
Harmonic's XOS Advanced Media Processor Leverages AI-Powered Encoding to Deliver Exceptional Video Quality to Alcom Customers SAN JOSE, Calif. - Feb. 25, 2...
24/02/2026
Life needs music. So does the afterlife. That's why Spotify has partnered wi...
24/02/2026
Last weekend, S o Paulo buzzed with energy as Bad Bunny took the stage for two n...
24/02/2026
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({...
24/02/2026
Paul C. Brunson: Red Flag to be produced by FirstLookTV and launch in 2026
UKTV...
24/02/2026
This year, we're back at the Media Production and Technology Show (MPTS) in London. As always, we're looking forward to catching up with existing contac...
24/02/2026
We are pleased to announce that Pete Whiteway is joining the dB Technology Group as a Senior Systems Engineer. Pete brings over 20 years of experience in broadc...
24/02/2026
End-to-End Transparency in the Supply Chain You Can Touch
The team at LogiMAT 2025 - from left: Michael Dreimann, Andr Haff, Nicolas Lapp, Bernd Jaschinski-...
24/02/2026
Katharine Wolinska appointed to lead Partnerships
RT Commercial has announced ...
Facebook 
