
Facebook
Twitter
LinkedIn
API insecurity and automated abuse by bots responsible for up to 11.8% of cyber events and losses globally
Bot-related security incident count rose 88% in 2022 and 28% in 2023
Insecure APIs result in up to $12 billion more in losses than they did in 2021
@Thales Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the Economic Impact of API and Bot Attacks report. The analysis of more than 161,000 unique cybersecurity incidents and investigates the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. The report estimates that API insecurity and bot attacks result in up to $186[1] billion for businesses around the world.
The report is based on a study conducted by the Marsh McLennan Cyber Risk Intelligence Center which found that larger organizations were statistically more likely to have a higher percentage of security incidents that involved both insecure APIs and bot attacks. Enterprises with revenues of more than $1 billion were 2-3x more likely to experience automated API abuse by bots than small or mid-size businesses. The study suggests that large companies are particularly vulnerable to security risks associated with automated API abuse by bots because of complex and widespread API ecosystems that often contain exposed or insecure APIs.
Enterprises rely heavily on APIs to enable seamless communication between diverse applications and services. Data from Imperva Threat Research finds that the average enterprise managed 613 API endpoints in production last year. That number is growing rapidly as businesses face mounting pressure to deliver digital services with greater agility and efficiency.
Due to this increased reliance and their direct access to sensitive data, APIs have become attractive targets for bot operators. In 2023, automated threats accounted for 30% of all API attacks, according to data from Imperva Threat Research. Today, automated API abuse by bots costs organizations up to $17.9 billion of losses annually. As the number of APIs in production multiplies, cybercriminals will increasingly use automated bots to find and exploit API business logic, circumvent security measures, and exfiltrate sensitive data.
It's imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks.
Some of the key trends identified in the report include:
Increased API adoption and usage is growing the attack surface: The rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to $87 billion of losses annually, a $12 billion increase from 2021.
Bots negatively impact organizations' bottom line: The widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. Up to $116 billion of losses annually can be attributed to automated attacks by bots.
API and bot-related security incidents are becoming more frequent: In 2022, API-related security incidents rose by 40%, and bot-related security incidents spiked by 88%. These increases were fueled by a rise in digital transactions, the expanding use of APIs, and geopolitical tensions like the Russia-Ukraine conflict. In the following year 2023, as digital traffic began to stabilize and the pandemic-driven surge in internet activity subsided, the frequency of these incidents moderated. API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. The overall upward trend in attacks highlights the growing persistence and frequency of these threats.
Insecure APIs and bot attacks pose a significant threat to large enterprises: Companies with revenue of at least $100 billion are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats constitute up to 26% of all security incidents experienced by such businesses.
Countries around the globe are vulnerable to API and bot attacks: Brazil experienced the highest percentage of events related to insecure APIs or bot attacks, with the threats accounting for up to 32% of all observed security incidents. This was closely followed by France (up to 28%), Japan (up to 28%), and India (up to 26%). While the percentage of events attributed to API and bot-related security incidents was lower in the United States, 66% of all reported events related to vulnerable APIs or automated abuse by bots occurred within the country.
Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models, adds Singh. At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.
Additional Information:
Download a copy of the The Economic Impact of API and Bot Attacks report for additional insights on the business impact of API and bot-related security incidents.
See how Imperva Advanced Bot Protection and API Security can protect websites, applications, and APIs from automated attacks and without affecting the flo
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
07/10/2026
Dalet, a leading technology and service provider for media-rich organizations, today announced the latest Long-Term Supported (LTS) release of Dalet Flex. Build...
06/09/2026
June 9 2026, 23:00 (PDT) Dolby and MagentaTV Bring Fans Closer to the FIFA Worl...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
12/07/2026
Offers six-channels and built-in effects
Korg's latest release introduces a new analogue mixer that's been designed to act as a hub for live electro...
11/07/2026
Promises a vividness and depth rarely found in software
Switzerland-based Handcrafted Audio's latest creation is an interesting hybrid instrument that...
10/07/2026
Discounted rates available through 27 August 2026
The Audio Engineering Society (AES) have announced that Early Bird registration is now open for the AES Sh...
10/07/2026
New in-ear monitors to launch in August 2026
Sony have announced the upcoming launch of a new pair of in-ear monitors that promise to deliver a secure, stab...
10/07/2026
New RT documentary explores Irish-led efforts to build bridges in divided Cyprus
More than a Game: From D1 to Pyla airs Monday 13 July
More Than a Game: Fro...
09/07/2026
Latest analogue-emulation plug-ins revealed
Universal Audio have just added two new analogue-emulation plug-ins to their DSP-powered UAD line-up. Developed ...
09/07/2026
Limited-edition mic celebrates rock icon
Neumann have partnered with the Bon Scott Estate to create a limited-edition version of the U 47 FET that honours b...
09/07/2026
Handles organisation, updates, troubleshooting & more
Created by pro-audio software developer Julian Worden, Plugin Station from Julian Michael Technologies...
09/07/2026
Introduces new $1 million advance programme
LANDR have just announced the next phase of their Fair Trade AI programme, a pioneering opt-in music-licensing p...
09/07/2026
Four new titles now available
Spitfire Audio have just introduced four new titles in their Originals range, bringing the total count of libraries in the low...
09/07/2026
Years in the making, this intimate documentary draws on rare access to Leah Crouchers family to tell the story behind one of Britains most high-profile missing ...
09/07/2026
Thursday 9 July 2026
Enjoy Gigafast speeds and Ultimate TV pack for less
The latest deals have dropped from Sky TV and Sky Broadband, the award-winning provid...
09/07/2026
Hands up who would like to dress up as a giant crisp packet?
The call that went out across the agency as our anti-litter campaign, Wish you weren't here fo...
08/07/2026
Latest analogue-emulation plug-ins revealed
Universal Audio have just added two new analogue-emulation plug-ins to their DSP-powered UAD line-up. Developed ...
08/07/2026
Turn any audio loop into a playable kit
Pitch Innovations have recently introduced an interesting new tool that's capable of creating playable kits from...
08/07/2026
Adds new keyboard-split function
MonkeyC have recently launched an update that overhauls their powerful software sampler. Described as the sampler that mad...
08/07/2026
Four new delay algorithms & dual-engine functionality
Strymon have just announced that the much-anticipated MX version of their hugely popular delay pedal i...
08/07/2026
Rohde & Schwarz and China Mobile Research Institute jointly demonstrate generati...
08/07/2026
Wuppertal July 8, 2026
Hong Kong Jockey Club Expands Intercom Infrastructure W...
08/07/2026
Film follows the courageous fight for justice by survivors of Ireland's Magdalene Laundries & Mother and Baby Homes
TESTIMONY airs Wednesday 22 July at 9...
07/07/2026
Applications are now open for the Validation Booster, a six-month acceleration programme supporting journalists, media organisations, content creators, media in...
07/07/2026
New mixer aimed squarely at instrument-level sources
Heritage Audio have clearly been busy recently, as alongside their all-new Tubestrip, they've also ...
07/07/2026
New channel strip combines popular hardware designs
The latest arrival to the Heritage Audio line-up brings together a selection of their praised hardware d...
07/07/2026
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({ content_source:......
07/07/2026
UKTV commission with BritBox and Sony Pictures Television and inspired by Deborah Cadbury's book, Chocolate Wars
The six-part series is produced by Fable P...
07/07/2026
Tuesday 7 July 2026
Record audiences tune into the ICC Women's T20 World Cup 2026 on Sky Sports
The ICC Women's T20 World Cup 2026 was the most watche...
07/07/2026
Tuesday 7 July 2026
Official trailer released for Fightland, a revenge drama fr...
07/07/2026
Wuppertal July 7, 2026
Riedel and ARRI Bring Cinematic Live Production to the Eurovision Song ContestRiedel Communications and ARRI played a key role in one o...
07/07/2026
To Whom It Concerns RT today confirmed that Patrick Kielty is to extend his contract as host of The Late Late Show.
Last season, the world's longest-runn...
06/07/2026
Bundle gains 100 new synths & more
Synth Anthology 5 the largest and most feature-packed edition of UVI's hardware synth emulation bundle, bringing toge...
06/07/2026
Available now via free firmware update
MOTU have just announced that three of their popular audio interfaces now boast official Milan Certification. The 16A...
06/07/2026
Rohde & Schwarz completes Hunter Preliminary Design Review for the Integrated Co...
06/07/2026
The R&S IMAGER from Rohde & Schwarz uses millimeter wave imaging to inspect the ...
06/07/2026
Monday 6 July 2026
Sky Kids unveils new slate for 2026 including Paris Hilton...
06/07/2026
Monday 6 July 2026
Sky agrees to acquire ITV Media & Entertainment, creating a ...
06/07/2026
Fresh from his World Cup heroics with Cabo Verde, Roberto Pico' Lopes will join the RT panel for Argentina v Egypt tomorrow and for the England v Norway q...
06/07/2026
A death can be unsuspicious, but it has to be explained
What happened to Ke...
05/07/2026
Browser-based and desktop apps available
Digital Sunset Studios have been busy working on an interesting project: a free software tool that provides compute...
04/07/2026
Celebrates company's 80th anniversary
Rhodes have recently revealed that they will be producing a limited run of electric pianos in celebration of their...
04/07/2026
** MEDIA ALERT **
BLEACH: THOUSAND-YEAR BLOOD WAR THE CALAMITY Continues I...
04/07/2026
** MEDIA ALERT **
VIZ Media Unveils New Anime Slate at Anime Expo 2026 with ...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
03/07/2026
New bundle & three Single Packs
Continuing to expand their already sizeable orchestral collection, VSL's latest release introduces three new Single Pack...
03/07/2026
Venue installs new ATC-equipped control room
LSO St Luke's, a unique music venue that also serves as the home of the London Symphony Orchestra, have rec...
03/07/2026
1 February 2023
SHARE Facebook Twitter Linkedin Email
Munich, Germany, 1st February 2023: Cinegy GmbH, the premier provider of software technology for digit...
03/07/2026
** MEDIA ALERT **
VIZ Media Celebrates Anime Expo 2026 with BLACK TORCH Worl...