Facebook
Twitter
LinkedIn
API insecurity and automated abuse by bots responsible for up to 11.8% of cyber events and losses globally
Bot-related security incident count rose 88% in 2022 and 28% in 2023
Insecure APIs result in up to $12 billion more in losses than they did in 2021
@Thales Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the Economic Impact of API and Bot Attacks report. The analysis of more than 161,000 unique cybersecurity incidents and investigates the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. The report estimates that API insecurity and bot attacks result in up to $186[1] billion for businesses around the world.
The report is based on a study conducted by the Marsh McLennan Cyber Risk Intelligence Center which found that larger organizations were statistically more likely to have a higher percentage of security incidents that involved both insecure APIs and bot attacks. Enterprises with revenues of more than $1 billion were 2-3x more likely to experience automated API abuse by bots than small or mid-size businesses. The study suggests that large companies are particularly vulnerable to security risks associated with automated API abuse by bots because of complex and widespread API ecosystems that often contain exposed or insecure APIs.
Enterprises rely heavily on APIs to enable seamless communication between diverse applications and services. Data from Imperva Threat Research finds that the average enterprise managed 613 API endpoints in production last year. That number is growing rapidly as businesses face mounting pressure to deliver digital services with greater agility and efficiency.
Due to this increased reliance and their direct access to sensitive data, APIs have become attractive targets for bot operators. In 2023, automated threats accounted for 30% of all API attacks, according to data from Imperva Threat Research. Today, automated API abuse by bots costs organizations up to $17.9 billion of losses annually. As the number of APIs in production multiplies, cybercriminals will increasingly use automated bots to find and exploit API business logic, circumvent security measures, and exfiltrate sensitive data.
It's imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks.
Some of the key trends identified in the report include:
Increased API adoption and usage is growing the attack surface: The rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to $87 billion of losses annually, a $12 billion increase from 2021.
Bots negatively impact organizations' bottom line: The widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. Up to $116 billion of losses annually can be attributed to automated attacks by bots.
API and bot-related security incidents are becoming more frequent: In 2022, API-related security incidents rose by 40%, and bot-related security incidents spiked by 88%. These increases were fueled by a rise in digital transactions, the expanding use of APIs, and geopolitical tensions like the Russia-Ukraine conflict. In the following year 2023, as digital traffic began to stabilize and the pandemic-driven surge in internet activity subsided, the frequency of these incidents moderated. API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. The overall upward trend in attacks highlights the growing persistence and frequency of these threats.
Insecure APIs and bot attacks pose a significant threat to large enterprises: Companies with revenue of at least $100 billion are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats constitute up to 26% of all security incidents experienced by such businesses.
Countries around the globe are vulnerable to API and bot attacks: Brazil experienced the highest percentage of events related to insecure APIs or bot attacks, with the threats accounting for up to 32% of all observed security incidents. This was closely followed by France (up to 28%), Japan (up to 28%), and India (up to 26%). While the percentage of events attributed to API and bot-related security incidents was lower in the United States, 66% of all reported events related to vulnerable APIs or automated abuse by bots occurred within the country.
Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models, adds Singh. At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.
Additional Information:
Download a copy of the The Economic Impact of API and Bot Attacks report for additional insights on the business impact of API and bot-related security incidents.
See how Imperva Advanced Bot Protection and API Security can protect websites, applications, and APIs from automated attacks and without affecting the flo
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
02/05/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
01/04/2026
January 4 2026, 18:00 (PST) DOLBY AND DOUYIN EMPOWER THE NEXT GENERATON OF CREATORS WITH DOLBY VISION
Douyin Users Can Now Create And Share Videos With Stun...
12/03/2026
In Latin America, women are shaping music and defining its future. To kick off t...
12/03/2026
En Am rica Latina, las mujeres est n moldeando la m sica y definiendo su futuro....
12/03/2026
Let's turn back the clock 20 years: The music landscape was a world away fro...
12/03/2026
Bad Bunny is no stranger to Spotify's Billions Club. In fact, he has a whopp...
12/03/2026
Spotify was at the London Book Fair this week, joining conversations across the publishing industry about how people can make reading part of their daily lives....
12/03/2026
Mastering tool improves mono compatibility
Tokyo Dawn Labs' Ohlhorst Digital range is a series of mastering-focused plug-ins developed by Jan Ohlhorst, ...
12/03/2026
Wave FX processor integrated into four products
Lewitt have teamed up with Elgato to create a new processor for the company's Wave Next product range, i...
12/03/2026
Free tool for annotating audio files
Mix Notes is a new, free iOS App that provides users with a simple way to annotate their audio files. It's been cre...
12/03/2026
Side-chain ducking tool gets an upgrade
Devious Machines' popular side-chaining and envelope-shaping tool has just been kitted out with an improved enve...
12/03/2026
Ceremony to take place on 16 April 2026
The MPG (Music Producers Guild) have revealed the full shortlist for this year's MPG Awards, which will be takin...
12/03/2026
Emulates three classic dbx 160 variants
The latest arrival to Overloud's Gem Series plug-in range faithfully recreates not one, but three versions of th...
12/03/2026
New granular soft synth announced
Said to be their most advanced software synthesizer to date, Baby Audio's latest release has been built on a new granu...
12/03/2026
Latest version now live!
Edit 11 March 2026 - Bitwig Studio 6 is now live, and available for all to download!
The latest version of Bitwig's DAW softwa...
12/03/2026
Latest free eBook now available!
Designed for recording engineers, audio-technology students and technically minded musicians, our latest free eBook deliver...
12/03/2026
Rohde & Schwarz Cybersecurity expands SITLine network encryptor portfolio - more...
12/03/2026
Rohde & Schwarz to showcase future-proof EMC testing solutions at EMV 2026 Rohde & Schwarz will participate in EMV 2026, Europe's premier trade fair and c...
12/03/2026
Modern media operations demand a platform that unites automation, orchestration, and human oversight without compromise. In this post, we explore the six key te...
12/03/2026
A deep dive into the platform
Architecture The Blue Lucy platform follows a distributed microservices architecture, meaning the overall operational capability...
12/03/2026
Orchestration platform enables broadcasters to deploy multiple AI models safely with full auditability, rights protection, and regulatory oversight.
LONDON, En...
12/03/2026
Wuppertal March 12, 2026
Riedel Expands Managed Technology Division in the Ame...
12/03/2026
Advanced Media Server Delivers Double the Channel Density at Half the Cost per C...
12/03/2026
The Late Late Show Show St Patrick's Day special
Dancing with the Stars f...
11/03/2026
First Medium-Earth Orbit (MEO) deployment of the emergency.lu platform for refugees and their host communities' use provides dependable broadband for humani...
11/03/2026
Wednesday 11 March 2026
Sky and CANAL launch new partnership to develop English-language drama
Sky and CANAL are today announcing a strategic co commissioni...
11/03/2026
NTCA, Cartesian Release New Report on the Business Case for USF
March 11, 2026
Network Economics
News
NTCA - March 11, 2026 - As the FCC and Congr...
11/03/2026
TELL US YOUR (SHORT) STORIES
The 2026 RT Short Story Competition is now open for entries
Recognising and rewarding the best new Irish fiction writing for...
11/03/2026
RT 's The Traitors Ireland is among the nominees for the 2026 Celtic Media Festival Torc Awards for Excellence, announced today....
09/03/2026
Contains all six dual-ensemble libraries
VSL's Duality Strings series offers an intriguing alternative to your average string library, capturing two str...
09/03/2026
Outstanding Contribution To UK Music
Photo: Samuel Bradley
Ahead of their upcoming MPG Awards, the Music Producers Guild (MPG) have revealed the latest win...
09/03/2026
Two new high-quality DI boxes announced
Boasting some impressive technical specifications and versatile routing options, Strymon's latest active DI boxe...
09/03/2026
Latest MPE-capable Soundbox library released
The follow-up release for Sonora Cinematic's Pure Nylon has arrived, and becomes the latest addition to the...
09/03/2026
Popular wireless mic head design revived
Sennheiser have revealed that the MD 9235, a cardioid mic head designed to pair up with their handheld wireless sys...
09/03/2026
Captures two sought-after Dumble combo amps
The latest TONEX release captures a pair of sought-after Dumble amplifiers from IK Multimedia's private amp ...
09/03/2026
Flexible all-analogue insert matrix joins line-up
HUM Audio Devices don't tend to do things by halves - even the quickest of glances at the likes of the...
09/03/2026
Captures three sought-after pianos
Rhodes latest software release brings together a collection of three virtual pianos: a concert grand, an acoustic upright...
09/03/2026
Flagship compressor gets an upgrade
Techivation's flagship compressor plug-in has just been treated to a ground-up rebuild that kits it out with some po...
09/03/2026
Profiler OS 14.0 enters open beta
Kemper's amp-modelling systems already have a great reputation, but the latest update to their systems' underlying...
09/03/2026
Procedural stems smasher & recomposition engine
Blinksonic have recently launched a new Reaktor-based tool which they say takes a radical departure from yo...
09/03/2026
13 - 15 March 2026 at University of Warwick Conference Centre
The Institute of Professional Sound (IPS) have announced that The IPS Training Weekend 2026 wi...
09/03/2026
Rohde & Schwarz and NETGEAR collaborate for next generation Wi-Fi 8 access point...
09/03/2026
UKTV has agreed a new partnership deal with Samsung that makes UKTV's free linear channels available to internet-only Samsung TV viewers in the UK for the f...
09/03/2026
Monday 9 March 2026
Sky reveals first look trailer and sets premiere date for S...
09/03/2026
Monday 9 March 2026
Sky Appoints Damian Saunders as Managing Director of Sky Business
Sky has today announced the appointment of Damian Saunders as Managing D...
09/03/2026
Bill O'Reilly Announces New Weekly Podcast We'll Do It LIVE! We'll Do It LIVE!' A Bold, Fresh Presentation from Bill O'Reilly
New York...
Facebook 
