Sony Pixel Power calrec Sony

Vulnerable APIs and Bot Attacks Costing Businesses up to $186 Billion Annually

18/09/2024

Facebook

Twitter

LinkedIn

API insecurity and automated abuse by bots responsible for up to 11.8% of cyber events and losses globally

Bot-related security incident count rose 88% in 2022 and 28% in 2023

Insecure APIs result in up to $12 billion more in losses than they did in 2021

@Thales Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the Economic Impact of API and Bot Attacks report. The analysis of more than 161,000 unique cybersecurity incidents and investigates the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. The report estimates that API insecurity and bot attacks result in up to $186[1] billion for businesses around the world.

The report is based on a study conducted by the Marsh McLennan Cyber Risk Intelligence Center which found that larger organizations were statistically more likely to have a higher percentage of security incidents that involved both insecure APIs and bot attacks. Enterprises with revenues of more than $1 billion were 2-3x more likely to experience automated API abuse by bots than small or mid-size businesses. The study suggests that large companies are particularly vulnerable to security risks associated with automated API abuse by bots because of complex and widespread API ecosystems that often contain exposed or insecure APIs.

Enterprises rely heavily on APIs to enable seamless communication between diverse applications and services. Data from Imperva Threat Research finds that the average enterprise managed 613 API endpoints in production last year. That number is growing rapidly as businesses face mounting pressure to deliver digital services with greater agility and efficiency.

Due to this increased reliance and their direct access to sensitive data, APIs have become attractive targets for bot operators. In 2023, automated threats accounted for 30% of all API attacks, according to data from Imperva Threat Research. Today, automated API abuse by bots costs organizations up to $17.9 billion of losses annually. As the number of APIs in production multiplies, cybercriminals will increasingly use automated bots to find and exploit API business logic, circumvent security measures, and exfiltrate sensitive data.



It's imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks.

Some of the key trends identified in the report include:

Increased API adoption and usage is growing the attack surface: The rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to $87 billion of losses annually, a $12 billion increase from 2021.



Bots negatively impact organizations' bottom line: The widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. Up to $116 billion of losses annually can be attributed to automated attacks by bots.



API and bot-related security incidents are becoming more frequent: In 2022, API-related security incidents rose by 40%, and bot-related security incidents spiked by 88%. These increases were fueled by a rise in digital transactions, the expanding use of APIs, and geopolitical tensions like the Russia-Ukraine conflict. In the following year 2023, as digital traffic began to stabilize and the pandemic-driven surge in internet activity subsided, the frequency of these incidents moderated. API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. The overall upward trend in attacks highlights the growing persistence and frequency of these threats.



Insecure APIs and bot attacks pose a significant threat to large enterprises: Companies with revenue of at least $100 billion are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats constitute up to 26% of all security incidents experienced by such businesses.



Countries around the globe are vulnerable to API and bot attacks: Brazil experienced the highest percentage of events related to insecure APIs or bot attacks, with the threats accounting for up to 32% of all observed security incidents. This was closely followed by France (up to 28%), Japan (up to 28%), and India (up to 26%). While the percentage of events attributed to API and bot-related security incidents was lower in the United States, 66% of all reported events related to vulnerable APIs or automated abuse by bots occurred within the country.

Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models, adds Singh. At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.



Additional Information:

Download a copy of the The Economic Impact of API and Bot Attacks report for additional insights on the business impact of API and bot-related security incidents.

See how Imperva Advanced Bot Protection and API Security can protect websites, applications, and APIs from automated attacks and without affecting the flo
LINK: https://www.thalesgroup.com/en/worldwide/defence-and-security/press_re...
See more stories from thales

Europe Stories

05/01/2027

Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be demoed at CES 2026

Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...

06/09/2026

Dolby and MagentaTV Bring Fans Closer to the FIFA World Cup 2026 in Germany with Dolby Vision and Dolby Atmos

June 9 2026, 23:00 (PDT) Dolby and MagentaTV Bring Fans Closer to the FIFA Worl...

04/08/2026

Dalet Announces Commercial Availability of Dalia, Bringing Media-Aware Agentic AI to Enterprise Productions

Dalet, a leading technology and service provider for media-rich organizations, t...

05/07/2026

Free Behringer Synth Editor

Browser-based and desktop apps available Digital Sunset Studios have been busy working on an interesting project: a free software tool that provides compute...

04/07/2026

Rhodes to launch the MK8/80AE

Celebrates company's 80th anniversary Rhodes have recently revealed that they will be producing a limited run of electric pianos in celebration of their...

04/07/2026

Detective Conan: Fallen Angel of the Highway Opens in Dolby Cinemas Across Japan, Presented in Dolby Atmos and Dolby ...

April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...

03/07/2026

VSL reveal Synchron Brass (muted)

New bundle & three Single Packs Continuing to expand their already sizeable orchestral collection, VSL's latest release introduces three new Single Pack...

03/07/2026

London Symphony Orchestra upgrade LSO St Luke's

Venue installs new ATC-equipped control room LSO St Luke's, a unique music venue that also serves as the home of the London Symphony Orchestra, have rec...

03/07/2026

2023

1 February 2023 SHARE Facebook Twitter Linkedin Email Munich, Germany, 1st February 2023: Cinegy GmbH, the premier provider of software technology for digit...

02/07/2026

The Crow Hill Company introduce Brackish Pads

Stammering, stuttering, strangulated tones The Crow Hill Company's latest creation promises to be the most original sound set they've produced to d...

02/07/2026

Steinberg SpectraLayers 13 now available

A new era in unmixing and spectral editing The latest version of Steinberg's spectral audio-editing software has just arrived, building on the strength...

02/07/2026

Sine Machine from Melatonin

Aims to simplify additive synthesis Sine Machine is the debut launch from Melatonin, a Vienna-based developer who have spent the past six years creating wha...

02/07/2026

iZotope acquired by Boris FX

Products to remain fully active & supported Following the news of Native Instruments joining the inMusic brand line-up, Academy and Emmy Award-winning visua...

02/07/2026

GearExpo UK 2026

What you missed! Last weekend, Saturday 27 June 2026, saw the debut of Sound On Sounds new GearExpo UK event, the largest dedicated pro-audio event to take ...

02/07/2026

Tea with Judi Dench returns to Sky Arts with legendary guest, Sir Ian McKellen

Thursday 2 July 2026 Tea with Judi Dench returns to Sky Arts with legendary guest, Sir Ian McKellen Sky today confirms Tea with Judi Dench will return this su...

01/07/2026

Tracktion unleash Waveform 14 DAW

New AI Assistant, Multi-channel Audio, ARA2 improvements & more Tracktion's DAW software has just received its latest major update, gaining a selection ...

01/07/2026

The Crow Hill Company release Brackish Pads

Stammering, stuttering, strangulated tones The Crow Hill Company's latest creation promises to be the most original sound set they've produced to d...

01/07/2026

Sweetwater & Andertons launch Darkglass Anagram Limited Edition Guitar Essentials

Exclusive run of limited-edition modelling pedals Sweetwater and Andertons M...

01/07/2026

DiGiCo Quantum338 on Tyler Childers' Snipe Hunt Tour

LEXINGTON, Kentucky - July 2026 -Tyler Childers' seventh and latest studio record, Snipe Hunter, is an adventurously sprawling collection of tunes that span...

01/07/2026

** MEDIA ALERT ** BLEACH Comes to Life in Los Angeles with First-of-Its-Kind Artist Gallery Experience During Anime Expo Week

** MEDIA ALERT ** BLEACH Comes to Life in Los Angeles with First-of-Its-Kind...

01/07/2026

UKTV appoints Matt Berry as General Manager to lead brand and marketing strategy

UKTV has today announced the appointment of Matt Berry to the newly created role of General Manager - Marketing, effective 1 July. Matt will take on this senio...

01/07/2026

Fussy asks Britain one simple question: Are you a Tosser?

Sky Zero Footprint Fund-backed TV campaign featuring Deborah Meaden challenges consumers to rethink everyday bathroom wasteWednesday 1 July 2026 Fussy asks Bri...

01/07/2026

New Sky research reveals postcode lottery leaving girls behind in sport

Constituency-level analysis reveals where girls miss out most on sport - and where targeted action could unlock more than £640 million in economic and health be...

01/07/2026

Riedel and SKAARHOJ Expand Collaboration With SimplyLive Integration

Wuppertal July 1, 2026 Riedel and SKAARHOJ Expand Collaboration With SimplyLive IntegrationRiedel Communications today announced an expanded collaboration wit...

01/07/2026

Apple Creator Studio gets smarter, faster, and more connected - UPDATE - Posted on 30 June 2026

Apple today introduced power-packed updates to Apple Creator Studio, a groundbre...

01/07/2026

Nectar360 becomes first UK Retail Media Network to achieve IAB Europe Certification following independent ABC audit

Nectar360, the Retail Media, Loyalty and Insights business of the Sainsburys Gro...

01/07/2026

FIFA World Cup delivers strong audiences across all RT platforms

9.2 million streams on RT Player between 11 and 28 June Reach of 2.9 million viewers during Group stages of FIFA World Cup on RT 2 23 million video views acr...

30/06/2026

Entries open for Thomson's Young Journalist Award 2026

Could your journalism reach an international stage? Entries are now open for the Thomson Foundation's Young Journalist Award 2026, one of the most prestigi...

30/06/2026

UJAM release Retrocraft multi-effects

Brings together saturation & lo-fi effects Following on from the release of their Voxcraft vocal-processing plug-in, UJAM have announced the launch of Retro...

30/06/2026

Zensphere v2 from Rapid Flow

New IR reverb engine, Juno-inspired chorus & more The latest version of Rapid Flow's hardware-emulation synth plug-in expands on its predecessor with a ...

30/06/2026

Shy Audio release Shy 90s Smack

Excels at heavy-handed VCA compression For their latest release, Shy Audio have recreated the crunchy' sound of a rackmount compressor that found its w...

30/06/2026

Apple raise Mac & iPad prices

Component scarcity drives cost increases Shortly after Apple's CEO Tim Cook acknowledged that cost increases would soon be inevitable , the company hav...

30/06/2026

The First Hitachi Cash Recycling Devices in the EU Were Deployed at Bank Pekao S.A.

Hitachi and Bank Pekao S.A. have completed the installation of the first Hitachi...

30/06/2026

Clear-Com Upgrades Communication Systems for Jeopardy! and Wheel of Fortune

eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({ content_source:......

29/06/2026

Evolve Dark Matter from Excite Audio

Four-layer instrument aimed at dark electronic music Excite Audio's latest software instrument has been designed with dark drum and bass, atmospheric te...

29/06/2026

Tracktion unleashes Waveform 14 DAW

New AI Assistant, Multi-channel Audio, ARA2 improvements & more Tracktion's DAW software has just received its latest major update, gaining a selection ...

29/06/2026

Focusrite publish 2026 Sustainability Report

Details environmental policies & results The Focusrite Group have just announced that following a long audit process, they have published their 2026 sustain...

29/06/2026

Arvato Systems Achieves AWS Cloud Operations Competency

Arvato Systems Achieves AWS Cloud Operations Competency The team behind the AWS Cloud Operations Competency (from left to right: Philipp Hellmich, Johanna Bod...

29/06/2026

Ger Gilroy to join RT to present a Daily Sports Podcast

RT today announced that Ger Gilroy will join the RT Podcasts team to present a daily sports podcast. Launching later this year, the new show will set the spor...

29/06/2026

OUTsurance announced as sponsors of Oliver Callan on RT Radio 1

RT Commercial announced OUTsurance as sponsor of the Oliver Callan show on RT Radio 1 from Wednesday 1 July. Oliver Callan doubles the fun, delivering two ...

28/06/2026

Softube unveil lower cost Console 1 Compact

Half-size model joins Console 1 line-up Shortly after the release of their new Flow Studio controller, Softube have announced the launch of another new surf...

28/06/2026

EVE Audio introduce EVE Origin

New EXO Series DSP control software announced EVE Audio's EXO Series monitor range has just gained a new software element that provides remote access to...

27/06/2026

UJAM release Retrocraft

Brings together saturation & lo-fi effects Following on from the release of their Voxcraft vocal-processing plug-in, UJAM have announced the launch of Retro...

26/06/2026

David Kuckhermann brings calabash to Celemony Tonalic

Virtual session musician plug-in gains new percussion options Celemony's latest update for their virtual session musician platform complements the exist...

26/06/2026

Softube unveil the Console 1 Compact

Half-size model joins Console 1 line-up Shortly after the release of their new Flow Studio controller, Softube have announced the launch of another new surf...

26/06/2026

ELT Group and Rohde & Schwarz sign a cooperation agreement to explore commercial opportunities in electromagnetic warfare and defense

ELT Group and Rohde & Schwarz sign a cooperation agreement to explore commercial...

26/06/2026

Prison Wives of TikTok is Locked In for U and U&W

Flicker Productions to produce five-part docu-reality series following women who have fallen for men in prison and have become TikTok sensations, with brands an...

26/06/2026

Automating post-production workflows with Baselight, Daylight, Nara & FilmLight API. New York. 8 July 2026

Catch up on the latest developments across Baselight and Daylight v7, Nara and F...