Facebook
Twitter
LinkedIn
API insecurity and automated abuse by bots responsible for up to 11.8% of cyber events and losses globally
Bot-related security incident count rose 88% in 2022 and 28% in 2023
Insecure APIs result in up to $12 billion more in losses than they did in 2021
@Thales Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the Economic Impact of API and Bot Attacks report. The analysis of more than 161,000 unique cybersecurity incidents and investigates the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. The report estimates that API insecurity and bot attacks result in up to $186[1] billion for businesses around the world.
The report is based on a study conducted by the Marsh McLennan Cyber Risk Intelligence Center which found that larger organizations were statistically more likely to have a higher percentage of security incidents that involved both insecure APIs and bot attacks. Enterprises with revenues of more than $1 billion were 2-3x more likely to experience automated API abuse by bots than small or mid-size businesses. The study suggests that large companies are particularly vulnerable to security risks associated with automated API abuse by bots because of complex and widespread API ecosystems that often contain exposed or insecure APIs.
Enterprises rely heavily on APIs to enable seamless communication between diverse applications and services. Data from Imperva Threat Research finds that the average enterprise managed 613 API endpoints in production last year. That number is growing rapidly as businesses face mounting pressure to deliver digital services with greater agility and efficiency.
Due to this increased reliance and their direct access to sensitive data, APIs have become attractive targets for bot operators. In 2023, automated threats accounted for 30% of all API attacks, according to data from Imperva Threat Research. Today, automated API abuse by bots costs organizations up to $17.9 billion of losses annually. As the number of APIs in production multiplies, cybercriminals will increasingly use automated bots to find and exploit API business logic, circumvent security measures, and exfiltrate sensitive data.
It's imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks.
Some of the key trends identified in the report include:
Increased API adoption and usage is growing the attack surface: The rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to $87 billion of losses annually, a $12 billion increase from 2021.
Bots negatively impact organizations' bottom line: The widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. Up to $116 billion of losses annually can be attributed to automated attacks by bots.
API and bot-related security incidents are becoming more frequent: In 2022, API-related security incidents rose by 40%, and bot-related security incidents spiked by 88%. These increases were fueled by a rise in digital transactions, the expanding use of APIs, and geopolitical tensions like the Russia-Ukraine conflict. In the following year 2023, as digital traffic began to stabilize and the pandemic-driven surge in internet activity subsided, the frequency of these incidents moderated. API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. The overall upward trend in attacks highlights the growing persistence and frequency of these threats.
Insecure APIs and bot attacks pose a significant threat to large enterprises: Companies with revenue of at least $100 billion are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats constitute up to 26% of all security incidents experienced by such businesses.
Countries around the globe are vulnerable to API and bot attacks: Brazil experienced the highest percentage of events related to insecure APIs or bot attacks, with the threats accounting for up to 32% of all observed security incidents. This was closely followed by France (up to 28%), Japan (up to 28%), and India (up to 26%). While the percentage of events attributed to API and bot-related security incidents was lower in the United States, 66% of all reported events related to vulnerable APIs or automated abuse by bots occurred within the country.
Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models, adds Singh. At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.
Additional Information:
Download a copy of the The Economic Impact of API and Bot Attacks report for additional insights on the business impact of API and bot-related security incidents.
See how Imperva Advanced Bot Protection and API Security can protect websites, applications, and APIs from automated attacks and without affecting the flo
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
01/04/2026
January 4 2026, 18:00 (PST) DOLBY AND DOUYIN EMPOWER THE NEXT GENERATON OF CREATORS WITH DOLBY VISION
Douyin Users Can Now Create And Share Videos With Stun...
24/01/2026
RT and Virgin Media Television kick off comprehensive free-to-air coverage of t...
23/01/2026
Staines-upon-Thames, UK, 29 July, 2025 - Yospace, the global leader in Dynamic A...
23/01/2026
Spotify's annual Best New Artist celebration honors the rising stars whose talent, creativity, and dedication have propelled them to the music industry'...
23/01/2026
Paramount is transforming its operations by unifying the media supply chains of their top brands into a scalable global pipeline.
This transformation enhances ...
23/01/2026
Every delay costs. When a subtitle fails QC, even the smallest issue can mean missed deadlines, extra vendor costs, or frustrated teams. The new Accurate.Video ...
23/01/2026
Friday 23 January 2026
Sky appoints Lisa Clark as Commissioning Executive for SNL UK
Lisa Clark headshot
PNG (468KB)
Lisa Clark joins Sky as Commissioning E...
23/01/2026
RT is delighted to announce that the RT and F s ireann / Screen Ireland supported short film Retirement Plan has been nominated for Best Animated Short at th...
22/01/2026
Last November, Ed Sheeran returned to his musical roots for an intimate, one-nig...
22/01/2026
Every delay costs. When a subtitle fails QC, even the smallest issue can mean missed deadlines, extra vendor costs, or frustrated teams. The new Accurate.Video ...
22/01/2026
Rohde & Schwarz, Qualcomm, and Motorola demonstrate successful 5G Broadcast comp...
22/01/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
21/01/2026
Wednesday 21 January 2026
Backing Britain on the global stage: Sky becomes an o...
21/01/2026
Fox Corporation Executives to Discuss Second Quarter Fiscal 2026 Financial Resul...
21/01/2026
Baselight v7 brings colourists and post-houses smarter mattes, faster workflows and deeper control
FilmLight, known for its detailed colour toolset and longsta...
21/01/2026
RT News is pleased to announce the appointment of Jackie Fox as its new Washington Correspondent. Jackie is a multimedia journalist with RT News and has repor...
19/01/2026
Monday 19 January 2026
Sky News reinvents News at Ten for the modern audience with The Wrap
Sky News today announces The Wrap, a bold evolution of its 10pm ou...
19/01/2026
DPA Microphones is striking a new chord in piano miking with the debut of its DPK2015 Piano Stereo Kit, an out-of-the-box, plug-and-play miking solution that ta...
19/01/2026
DPA Microphones will present its 4099 CORE Instrument Microphone and redesigned...
19/01/2026
Trianel relies on Arvato Systems for future-proof data center operations
Moving to the cloud: Arvato Systems implements extensive IT migration project
Migrat...
19/01/2026
Celebrating 21 Years of the RT Choice Music Prize
RT Choice Music Prize
In association with IMRO and IRMA
Irish Album of the Year 2025 - Shortlist Announce...
18/01/2026
January 18 2026, 21:30 (PST) Dolby Cinema Arrives in Bengaluru: Dolby Laborator...
16/01/2026
The start of a new year brings fresh possibilities. Whether you're diving in with big goals or simply setting new intentions, audiobooks can bring inspirati...
16/01/2026
In 2025 we launched the Spotify Partner Program to give creators more ways to tu...
15/01/2026
The SGL Carbon site in Bonn has a long tradition of training. For many years, young talent has been successfully trained here, regularly achieving excellent exa...
15/01/2026
The JEC Composites Innovation Awards annually honor the most innovative and ambi...
15/01/2026
X-energy Reactor Company, LLC ( X-energy ) and SGL Carbon LLC ( SGL ) have signed a 10-year framework agreement to provide graphite for the deployment of X-ener...
15/01/2026
RT is tonight announcing that Mari Hurley has decided to leave her role as RT 's Chief Financial Officer to take up a new position outside RT . Mari will r...
15/01/2026
15 Jan 2026
VEON's Kyivstar Reaches 3.0 million Customers with Starlink Dir...
15/01/2026
Views to free streaming service U grew by 15%, average monthly active users by 23% and registrations by 18%
UKTV's channels achieved record viewing share, ...
15/01/2026
Thursday 15 January 2026
Sky Sports to show Final Stage of inaugural FIFA Women's Champions Cup
Sky and FIFA have agreed an exclusive new partnership whi...
15/01/2026
Thursday 15 January 2026
The official trailer for the second season of Seth Mac...
15/01/2026
Wuppertal January 15, 2026
Riedel RefCam Takes Center Court in German Basketba...
15/01/2026
Arvato Systems Named Launch Partner for AWS European Sovereign Cloud
As a launch partner for the AWS European Sovereign Cloud, Arvato Systems enables customer...
14/01/2026
Staines-upon-Thames, UK, 13th January, 2026 - ITV, one of the UK's leading broadcasters, has selected Yospace, the global leader in Dynamic Ad Insertion (DA...
14/01/2026
Steiger Media's adoption of Calrec's compact Argo M console not only makes its innovative new hybrid truck faster, more efficient, and agile, but also e...
14/01/2026
Press Release: The Boston Globe Names Cartesian a Top Place to Work in 2025
January 14, 2026
News
Cartesian - January 14, 2026 - EINPresswire.com - Sp...
14/01/2026
Comscore and Marcus Theatres Announce Five-Year Extension for Cinema ACE and Ent...
14/01/2026
Comscore and Santikos Entertainment Announce Five-Year Circuit Wide Commitment t...
14/01/2026
Wednesday 14 January 2026
Sky News announces Cathy Newman to lead flagship new political programme
Sky News today announces that award-winning journalist and ...
14/01/2026
The first stamp of An Post's 2026 Stamp Programme, marking 100 Years of Broadcasting, was unveiled at the GPO by Patrick O'Donovan TD, Minister for Cult...
14/01/2026
It's official! Beverley Callard has landed in Carrigstown. The beloved actor, known for her unforgettable roles and iconic screen presence, is joining the c...
13/01/2026
Independent media in Brazil and Colombia is facing an urgent crisis of traditional business models alongside a deteriorating security environment, according to ...
13/01/2026
Some days you want your music to reflect a specific feeling, memory, or vibe that goes beyond a single artist or genre. You want to do more than listen. You wan...
13/01/2026
Luxembourg, December 17, 2025 - SES S.A. ( SES or the Company ), a leading spa...
13/01/2026
Written and executive produced by Steve Lightfoot and Angela LaManna, produced b...
Facebook 
