Facebook
Twitter
LinkedIn
API insecurity and automated abuse by bots responsible for up to 11.8% of cyber events and losses globally
Bot-related security incident count rose 88% in 2022 and 28% in 2023
Insecure APIs result in up to $12 billion more in losses than they did in 2021
@Thales Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the Economic Impact of API and Bot Attacks report. The analysis of more than 161,000 unique cybersecurity incidents and investigates the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. The report estimates that API insecurity and bot attacks result in up to $186[1] billion for businesses around the world.
The report is based on a study conducted by the Marsh McLennan Cyber Risk Intelligence Center which found that larger organizations were statistically more likely to have a higher percentage of security incidents that involved both insecure APIs and bot attacks. Enterprises with revenues of more than $1 billion were 2-3x more likely to experience automated API abuse by bots than small or mid-size businesses. The study suggests that large companies are particularly vulnerable to security risks associated with automated API abuse by bots because of complex and widespread API ecosystems that often contain exposed or insecure APIs.
Enterprises rely heavily on APIs to enable seamless communication between diverse applications and services. Data from Imperva Threat Research finds that the average enterprise managed 613 API endpoints in production last year. That number is growing rapidly as businesses face mounting pressure to deliver digital services with greater agility and efficiency.
Due to this increased reliance and their direct access to sensitive data, APIs have become attractive targets for bot operators. In 2023, automated threats accounted for 30% of all API attacks, according to data from Imperva Threat Research. Today, automated API abuse by bots costs organizations up to $17.9 billion of losses annually. As the number of APIs in production multiplies, cybercriminals will increasingly use automated bots to find and exploit API business logic, circumvent security measures, and exfiltrate sensitive data.
It's imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks.
Some of the key trends identified in the report include:
Increased API adoption and usage is growing the attack surface: The rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to $87 billion of losses annually, a $12 billion increase from 2021.
Bots negatively impact organizations' bottom line: The widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. Up to $116 billion of losses annually can be attributed to automated attacks by bots.
API and bot-related security incidents are becoming more frequent: In 2022, API-related security incidents rose by 40%, and bot-related security incidents spiked by 88%. These increases were fueled by a rise in digital transactions, the expanding use of APIs, and geopolitical tensions like the Russia-Ukraine conflict. In the following year 2023, as digital traffic began to stabilize and the pandemic-driven surge in internet activity subsided, the frequency of these incidents moderated. API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. The overall upward trend in attacks highlights the growing persistence and frequency of these threats.
Insecure APIs and bot attacks pose a significant threat to large enterprises: Companies with revenue of at least $100 billion are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats constitute up to 26% of all security incidents experienced by such businesses.
Countries around the globe are vulnerable to API and bot attacks: Brazil experienced the highest percentage of events related to insecure APIs or bot attacks, with the threats accounting for up to 32% of all observed security incidents. This was closely followed by France (up to 28%), Japan (up to 28%), and India (up to 26%). While the percentage of events attributed to API and bot-related security incidents was lower in the United States, 66% of all reported events related to vulnerable APIs or automated abuse by bots occurred within the country.
Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models, adds Singh. At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.
Additional Information:
Download a copy of the The Economic Impact of API and Bot Attacks report for additional insights on the business impact of API and bot-related security incidents.
See how Imperva Advanced Bot Protection and API Security can protect websites, applications, and APIs from automated attacks and without affecting the flo
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
01/04/2026
January 4 2026, 18:00 (PST) DOLBY AND DOUYIN EMPOWER THE NEXT GENERATON OF CREATORS WITH DOLBY VISION
Douyin Users Can Now Create And Share Videos With Stun...
10/01/2026
This year, podcasts are making their Golden Globes debut with a new category honoring the medium's leading shows and creators. To mark the occasion, Spotify...
09/01/2026
RT Player has 157 million streams, up 10% year-on-year
An increase on 2024, RT...
09/01/2026
RT 2FM has today announced the highly anticipated list of 2FM Rising Artists for 2026, kicking off 2FM Rising week for the eighth year on The Tracy Clifford Sh...
09/01/2026
RT to Host the 2026 RTS Ireland Awards
Thursday, 16 April 2026 | Dublin Royal Convention Centre
The RTS Ireland Television Awards 2026 | Gradaim RTS 2026 | R...
08/01/2026
An evidence-based analysis on disinformation and information manipulation in Sudan's ongoing conflict is published today. (January 8th 2026).
Thomson Found...
08/01/2026
In 2025 we launched the Spotify Partner Program to give creators more ways to tu...
08/01/2026
On Wednesday in Los Angeles, Spotify welcomed creators and press to a brunch cel...
08/01/2026
TSA awards Rohde & Schwarz contract for advanced airport screening ahead of Socc...
08/01/2026
The review looks back at DPA's miniature microphone development over the years. It compares the evolving technologies from the original mics through CORE an...
08/01/2026
Comscore Launches Audio Targeting and Measurement Capabilities with The Trade De...
08/01/2026
Tonight, on RT Prime Time at 9:35pm on RT One and RT Player
Tonight, Prime T...
08/01/2026
The Late Late Show celebrates the very best of traditional Irish music with its first-ever full special dedicated entirely to the tradition
Lisa Canny | Kevin...
08/01/2026
It will be murder on the dancefloor when Dancing with the Stars returns this S...
07/01/2026
Spotify is launching a week-long celebration spotlighting creators at the center...
07/01/2026
We know people use Spotify not just to listen, but to share the songs, podcasts, and audiobooks they love with their friends and family. When we launched Messag...
07/01/2026
This week, all eyes are on the podcast industry as the Golden Globes recognizes ...
07/01/2026
Podcasts are stepping onto a new stage this week as the Golden Globes recognize the medium for the first time. To mark this milestone moment, we're hosting ...
06/01/2026
Spotify is launching a week-long celebration spotlighting creators at the center...
06/01/2026
Lorde. A$AP Rocky. JENNIE. Baby Keem. KATSEYE. That's just a taste of who�...
06/01/2026
Channel 4 and UKTV are giving viewers even more reasons to stream, with UKTV's U service set to feature thousands of hours of free, unmissable and bingeable...
06/01/2026
Tuesday 6 January 2026
An update on our Sky Mobile prices
Devesh Raj, Chief Operating Officer, Sky
Today, we've announced some changes to the prices of ...
06/01/2026
Comscore Launches Daily Program-Level Reporting with Deduplicated Insights on Sh...
06/01/2026
Comscore Completes Recapitalization Transaction with Preferred Stockholders Foll...
05/01/2026
Bad Bunny's DeB TiRAR M S FOToS defined the sound of 2025 for listeners eve...
05/01/2026
As the clock struck midnight and 2026 was born, so was an exciting range of new ...
05/01/2026
These Sacred Vows starring Tom Vaughan-Lawlor, Justine Mitchell and Jason O'...
05/01/2026
DANDANCING WITH THE STARS RETURNS TO SHAKE UP SUNDAY NIGHTS
Reigning Rose of Tr...
02/01/2026
Any Given Day: Cork University Hospital premieres Wednesday 7 January on RT One and RT Player at 9:35pm
RT will debut a powerful new six-part documentary se...
02/01/2026
Friday 2 January 2026
All episodes of Heated Rivalry will be landing on Sky and...
02/01/2026
Sequins, chat shows, live sporting action, ground-breaking docuseries and brand-new Irish drama to kick off 2026
New Year, New Content Coming Soon across RT
...
01/01/2026
The Quantum 852 is situated in the 6,500-seat Seoul-based place of worship, a church which is home to a 1,000-person choir and a 50-piece orchestra. There are f...
01/01/2026
Formed in 2002, OneRepublic have enjoyed huge international success, with over 18 billion streams on Spotify alone. Their current tour, Escape to Europe, contin...
01/01/2026
We had been using the club's previous console for the last ten years, so we researched manufacturer information very carefully, says venue audio manager Mr...
30/12/2025
Your live countdown to 2026 with Inhaler, David Gray, Lyra, Garron Noone, Sharon...
29/12/2025
From crisper Lossless audio and immersive music videos in beta to new Audiobooks+ plans, custom transitions between tracks, and in-app Messages, we keep levelin...
24/12/2025
RT has unveiled an exclusive first look at the new Dancing with the Stars promo...
23/12/2025
The year is winding down, the weather outside is frightful, and it's the perfect time to escape into a story that warms the heart. For listeners looking for...
23/12/2025
23 Dec 2025
VEON's Beeline Kazakhstan and Rakuten Symphony Collaborate to A...
22/12/2025
For a decade, popular German podcast Fest & Flauschig has hosted an annual Chris...
22/12/2025
Monday 22 December 2025
Sky extends PGA TOUR partnership until 2029, as Sky Spo...
22/12/2025
Siobh n McSweeney, Rory McIlroy, Elon Musk, Catherine Connolly, Jim Gavin, Ivan Yates and Traitor Paudie Moloney lead new characters for Callan Kicks the Year 2...
22/12/2025
Winner announced in the picturesque surroundings of Wicklow's Avondale Tower and Treetop Walk
Andrew Trimble wins the show in his first series as coach
Th...
22/12/2025
The 2025 winners have been announced today, Sunday 21 December, for Ireland's largest choral competition Choirs for Christmas hosted by RT lyric fm.
Ove...
21/12/2025
John Shortt named Young Sportsperson of the Year Kerry are the Team of the Year
...
19/12/2025
With Playout Release 2025.4, ToolsOnAir continues to push professional playout w...
Facebook 
