Facebook
Twitter
LinkedIn
API insecurity and automated abuse by bots responsible for up to 11.8% of cyber events and losses globally
Bot-related security incident count rose 88% in 2022 and 28% in 2023
Insecure APIs result in up to $12 billion more in losses than they did in 2021
@Thales Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the Economic Impact of API and Bot Attacks report. The analysis of more than 161,000 unique cybersecurity incidents and investigates the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. The report estimates that API insecurity and bot attacks result in up to $186[1] billion for businesses around the world.
The report is based on a study conducted by the Marsh McLennan Cyber Risk Intelligence Center which found that larger organizations were statistically more likely to have a higher percentage of security incidents that involved both insecure APIs and bot attacks. Enterprises with revenues of more than $1 billion were 2-3x more likely to experience automated API abuse by bots than small or mid-size businesses. The study suggests that large companies are particularly vulnerable to security risks associated with automated API abuse by bots because of complex and widespread API ecosystems that often contain exposed or insecure APIs.
Enterprises rely heavily on APIs to enable seamless communication between diverse applications and services. Data from Imperva Threat Research finds that the average enterprise managed 613 API endpoints in production last year. That number is growing rapidly as businesses face mounting pressure to deliver digital services with greater agility and efficiency.
Due to this increased reliance and their direct access to sensitive data, APIs have become attractive targets for bot operators. In 2023, automated threats accounted for 30% of all API attacks, according to data from Imperva Threat Research. Today, automated API abuse by bots costs organizations up to $17.9 billion of losses annually. As the number of APIs in production multiplies, cybercriminals will increasingly use automated bots to find and exploit API business logic, circumvent security measures, and exfiltrate sensitive data.
It's imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks.
Some of the key trends identified in the report include:
Increased API adoption and usage is growing the attack surface: The rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to $87 billion of losses annually, a $12 billion increase from 2021.
Bots negatively impact organizations' bottom line: The widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. Up to $116 billion of losses annually can be attributed to automated attacks by bots.
API and bot-related security incidents are becoming more frequent: In 2022, API-related security incidents rose by 40%, and bot-related security incidents spiked by 88%. These increases were fueled by a rise in digital transactions, the expanding use of APIs, and geopolitical tensions like the Russia-Ukraine conflict. In the following year 2023, as digital traffic began to stabilize and the pandemic-driven surge in internet activity subsided, the frequency of these incidents moderated. API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. The overall upward trend in attacks highlights the growing persistence and frequency of these threats.
Insecure APIs and bot attacks pose a significant threat to large enterprises: Companies with revenue of at least $100 billion are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats constitute up to 26% of all security incidents experienced by such businesses.
Countries around the globe are vulnerable to API and bot attacks: Brazil experienced the highest percentage of events related to insecure APIs or bot attacks, with the threats accounting for up to 32% of all observed security incidents. This was closely followed by France (up to 28%), Japan (up to 28%), and India (up to 26%). While the percentage of events attributed to API and bot-related security incidents was lower in the United States, 66% of all reported events related to vulnerable APIs or automated abuse by bots occurred within the country.
Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models, adds Singh. At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.
Additional Information:
Download a copy of the The Economic Impact of API and Bot Attacks report for additional insights on the business impact of API and bot-related security incidents.
See how Imperva Advanced Bot Protection and API Security can protect websites, applications, and APIs from automated attacks and without affecting the flo
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
02/05/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
15/04/2026
From immersive storytelling to laugh-out-loud comedies, podcasts are booming in ...
15/04/2026
Books have always moved with us, whether tucked in our bags or humming in our he...
15/04/2026
For many artists, independent venues are where music careers begin and fan communities take shape. Independent venue operators work hard every day to keep local...
15/04/2026
From gripping thrillers to poignant memoirs, the 21st century has had no shortage of unforgettable books. To celebrate the standout storytelling of our modern e...
15/04/2026
Vintage broadcast experts release second plug-in
Telsie T is the second plug-in to be released by SonicWorld, a German audio company who specialise in servi...
15/04/2026
Includes eight free UAD plug-ins
Universal Audio's latest bundle brings together a selection of their renowned plug-ins and virtual instruments, and is ...
15/04/2026
Maximum uptime for broadcasters: Rohde & Schwarz launches R&S BroadcastShield at...
15/04/2026
aconnic AG (ISIN: DE000A0LBKW6), Munich, announces the market launch of the ACCE...
15/04/2026
April 15 2026, 13:34 (PDT) EVO Entertainment to Bring Dolby Vision Atmos Across Its EVX Auditoriums
Integration would cover 17 screens across Texas, New Mex...
15/04/2026
Wednesday 15 April 2026
Introducing Smart Home from Sky, a simple way to stay c...
15/04/2026
Wednesday 15 April 2026
The Burbs confirmed to return to Sky and NOW for a second season
Mystery-comedy series, The Burbs, will continue its exclusive resid...
15/04/2026
With new broadcast standards evolving all over the world and OTT streaming striving for the pole position in media consumption, both next-gen video and audio co...
15/04/2026
Harmonic's XOS Media Processor Delivers Exceptional Video Quality to More th...
15/04/2026
Five Decades of Box Office Intelligence: Comscore Celebrates 50 Years of Movie M...
15/04/2026
Two Cities Television and Keeper Pictures to produce six-part series in association with Screen Ireland for RT and ITV Studios
RT has commissioned Two Citie...
15/04/2026
RT 100
RT unveils The Signal' a specially commissioned 60-second film
...
14/04/2026
ToolsOnAir and Omnistream Bring Mobile SRT Contribution into Professional 24/7 P...
14/04/2026
Captures a trio of renowned polysynths
The latest software to join AIR Music Tech's extensive catalogue captures the sound of three sought-after polysyn...
14/04/2026
Free offering includes 10 powerful plug-ins
United Plugins have announced the launch of a new bundle that brings together 10 of their pro-audio plug-ins, an...
14/04/2026
Julian Coryell joins virtual session player line-up
Announced at NAMM 2026, Celemony's Tonalic kits DAW users out with real performances by world-class ...
14/04/2026
X-Rite Pantone Color Academy Grand Opening in Shanghai
On March 27, 2026, X-Rite Pantone, the global authority in color standards and color science, held the...
14/04/2026
14 Apr 2026
VEON and JazzWorld Receive Competition Commission of Pakistan Appro...
14/04/2026
Tuesday 14 April 2026
Nicola Coughlan and Aimee Lou Wood to host next two episo...
14/04/2026
Lead writer and executive producer Jack Lothian joins alongside lead director Je...
14/04/2026
Wuppertal April 14, 2026
Thomas Riedel Acquires Premium Manufacturer ARRIStrategic Alignment With the Riedel Group for Innovation and Growth
Thomas Riedel, f...
14/04/2026
New Service Simplifies Integration of AI Applications with Exceptional Reliabili...
14/04/2026
Luxembourg, April 14, 2026 - SES, a leading space solutions company, today annou...
13/04/2026
ToolsOnAir Composition Builder 2026 Boilerplate
More Details: The Composition Builder 2026 application for macOS enables TV stations and Live Event broadcast...
13/04/2026
ToolsOnAr just:live pro 2026 Boilerplate
More Details: just:live pro 2026 is a Multi-Channel Live Production Playout solution for video and static or real-ti...
13/04/2026
ToolsOnAr just:play pro 2026 Boilerplate
More Details: just:play pro 2026 is a Multi-Channel automated 24/7 Master Control playout solution with SD, HD and U...
13/04/2026
ToolsOnAr live:cut 2026 Boilerplate
More Details: live:cut is an option to just:in mac pro 2025 and enables multicamera production workflows for up to 16 cam...
13/04/2026
ToolsOnAir Just In Mac Lite NDI 2026 Boilerplate
More Details: The Just In Mac Lite NDI application is a streamlined media capture solution designed specific...
13/04/2026
ToolsOnAir Just In Mac Lite 2026 Boilerplate
More Details: The Just In Mac Lite application is a streamlined media capture solution designed specifically for...
13/04/2026
ToolsOnAir just:in mac pro 2026 Boilerplate
More Details: just:in mac pro is a macOS-based client-server multichannel capture solution to record SDI, HDMI, N...
13/04/2026
Intuitive EQ plug-in gets an upgrade
Following its official launch back in February 2026, Musik Hack's intuitive EQ plug-in has been treated to its firs...
13/04/2026
Flagship soft synth collection expanded
The latest version of UVI's flagship vintage-inspired soft synth collection has just arrived, expanding the suit...
13/04/2026
Free version of innovative string library arrives
Released in October 2025, Lux Orchestral Strings was said to be Sonuscore's most ambitious library to ...
13/04/2026
The Girls' Research Camp is part of the Technology - Future in Bavaria edu...
13/04/2026
Rohde & Schwarz transforms submarine communications for real time underwater dom...
13/04/2026
Rohde & Schwarz enables Pulsar signal simulation to support next-generation navi...
13/04/2026
The search for Ireland's newest country music star is live on Friday 17 Apri...
13/04/2026
Monday 13 April 2026
Global environmental action NGO WRAP brings recycling to l...
13/04/2026
J nger Audio has joined the EBU ADM Implementers Group (ADM-IG) as a founding me...
Facebook 
