Facebook
Twitter
LinkedIn
API insecurity and automated abuse by bots responsible for up to 11.8% of cyber events and losses globally
Bot-related security incident count rose 88% in 2022 and 28% in 2023
Insecure APIs result in up to $12 billion more in losses than they did in 2021
@Thales Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the Economic Impact of API and Bot Attacks report. The analysis of more than 161,000 unique cybersecurity incidents and investigates the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. The report estimates that API insecurity and bot attacks result in up to $186[1] billion for businesses around the world.
The report is based on a study conducted by the Marsh McLennan Cyber Risk Intelligence Center which found that larger organizations were statistically more likely to have a higher percentage of security incidents that involved both insecure APIs and bot attacks. Enterprises with revenues of more than $1 billion were 2-3x more likely to experience automated API abuse by bots than small or mid-size businesses. The study suggests that large companies are particularly vulnerable to security risks associated with automated API abuse by bots because of complex and widespread API ecosystems that often contain exposed or insecure APIs.
Enterprises rely heavily on APIs to enable seamless communication between diverse applications and services. Data from Imperva Threat Research finds that the average enterprise managed 613 API endpoints in production last year. That number is growing rapidly as businesses face mounting pressure to deliver digital services with greater agility and efficiency.
Due to this increased reliance and their direct access to sensitive data, APIs have become attractive targets for bot operators. In 2023, automated threats accounted for 30% of all API attacks, according to data from Imperva Threat Research. Today, automated API abuse by bots costs organizations up to $17.9 billion of losses annually. As the number of APIs in production multiplies, cybercriminals will increasingly use automated bots to find and exploit API business logic, circumvent security measures, and exfiltrate sensitive data.
It's imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks.
Some of the key trends identified in the report include:
Increased API adoption and usage is growing the attack surface: The rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to $87 billion of losses annually, a $12 billion increase from 2021.
Bots negatively impact organizations' bottom line: The widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. Up to $116 billion of losses annually can be attributed to automated attacks by bots.
API and bot-related security incidents are becoming more frequent: In 2022, API-related security incidents rose by 40%, and bot-related security incidents spiked by 88%. These increases were fueled by a rise in digital transactions, the expanding use of APIs, and geopolitical tensions like the Russia-Ukraine conflict. In the following year 2023, as digital traffic began to stabilize and the pandemic-driven surge in internet activity subsided, the frequency of these incidents moderated. API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. The overall upward trend in attacks highlights the growing persistence and frequency of these threats.
Insecure APIs and bot attacks pose a significant threat to large enterprises: Companies with revenue of at least $100 billion are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats constitute up to 26% of all security incidents experienced by such businesses.
Countries around the globe are vulnerable to API and bot attacks: Brazil experienced the highest percentage of events related to insecure APIs or bot attacks, with the threats accounting for up to 32% of all observed security incidents. This was closely followed by France (up to 28%), Japan (up to 28%), and India (up to 26%). While the percentage of events attributed to API and bot-related security incidents was lower in the United States, 66% of all reported events related to vulnerable APIs or automated abuse by bots occurred within the country.
Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models, adds Singh. At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.
Additional Information:
Download a copy of the The Economic Impact of API and Bot Attacks report for additional insights on the business impact of API and bot-related security incidents.
See how Imperva Advanced Bot Protection and API Security can protect websites, applications, and APIs from automated attacks and without affecting the flo
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
06/09/2026
June 9 2026, 23:00 (PDT) Dolby and MagentaTV Bring Fans Closer to the FIFA Worl...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
14/06/2026
Library captures 1960s R&B/pop drum sound
Following on from their recent wave of plug-in effects, Iconic Instruments have just launched an all-new virtual d...
13/06/2026
Latest expansion pack includes 252 presets
Devious Machines have recently introduced another expansion for their powerful multi-effects plug-in, Infiltrator...
13/06/2026
Create custom DAW/plug-in controllers using prompts
MetaGrid have recently introduced an all-new AI Builder function to their touchscreen-based control surf...
12/06/2026
Simple Steps to Better Acoustics - Taming The Small Room
Most of us mix in spare rooms and small spaces, where the acoustics fight us at every turn. At Gear...
12/06/2026
Latest addition expands vintage-inspired effects palette
Meris' Ottobit pedal range draws its inspiration from vintage gaming consoles, and the latest a...
12/06/2026
Soundbox-based chamber strings series expanded
Sonora Cinematic have just announced the launch of the second instalment in their Soundbox-based chamber stri...
12/06/2026
With John Daro, DI Colourist at Warner Bros. Water Tower Color Tuesday 23 June, 10am-1pm or 3-6pm
Restar Corporation
Tokyo
Register here
John Daro is the ...
12/06/2026
Meet The Grumpy Onion Ireland's newest online sensation, all he wants is to ...
12/06/2026
RT stays Up All Night with brand new daily 2026 FIFA World Cup Vodcast
Adding to the fun around 2026 FIFA World Cup tournament, RT has launched a brand new d...
11/06/2026
As podcast formats evolve in the streaming era, podcasting needs updated, transp...
11/06/2026
As Spotify's global RADAR program enters its sixth year in Italy, a new class of artists is stepping into the spotlight. Today, we're announcing the six...
11/06/2026
Pride Month is a time for celebration, reflection, and amplifying the diverse stories and perspectives from the LGBTQIA+ community that enrich our world. To hel...
11/06/2026
First in new line of muted string libraries
VSL have just announced the launch of two new string libraries that represent the first two instalments in a new...
11/06/2026
New colour option for 61-key Launchkey MK4
At Superbooth 2025, Novation introduced the Launchkey Mini 37 White and Launchkey 49 White, bringing an additiona...
11/06/2026
Larger, but still compact!
Arturia's popular compact MIDI controller keyboard is now available in a, well, slightly less compact version! The new MiniLa...
11/06/2026
Eurosatory 2026: Rohde & Schwarz shapes the new-generation battlefield Rohde & Schwarz unveils next generation SIGINT/EW and CUAS solutions on uncrewed system...
11/06/2026
Rohde & Schwarz unveils NEMACS - Directional, ultra secure connectivity for the ...
11/06/2026
Thursday 11 June 2026
Daisy May Cooper rallies the nation ahead of ICC Women's T20 World CupTurn on cookies to view this content. Go to Privacy options and...
11/06/2026
Summer solstice shows from C il House and Late Date from 9pm on Saturday 20 Jun...
10/06/2026
Get Hands-On with Interfaces & Mic Preamp Brands
If youre after a new interface or preamp, then GearExpo UK is the place to be! Well have a whole host of au...
10/06/2026
November 13-14 2026, The Midway, San Francisco
Following their recent rebranding, MONO Music Conference (formerly Music Expo) have officially announced thei...
10/06/2026
Debut instrument free for limited time
deFORM is the debut release from newly founded developer ebbandflow, and it's being offered as a free download fo...
10/06/2026
Rohde & Schwarz and TRUMPF advance laser-based drone defense with THORIS LCS Rohde & Schwarz is showcasing THORIS at ILA 2026: A sovereign, end to end counter...
10/06/2026
MAHLE and Rohde & Schwarz develop application for sensor testing of modern drive...
10/06/2026
10 Jun 2026
VEON's Banglalink Brings Every World Cup 2026 Match to Football...
10/06/2026
Wednesday 10 June 2026
How to watch every ICC Women's T20 World Cup 2026 match live on Sky Sports
Where is the ICC Women's T20 World Cup 2026 availabl...
10/06/2026
Wednesday 10 June 2026
P RLA brings first-ever Beautifully Clean Oral Care'...
10/06/2026
Wednesday 10 June 2026
Sky reveals pulse-pounding first teaser trailer for upco...
10/06/2026
Wuppertal June 10, 2026
Riedel Artist at the Heart of the 14th World Live Neurovascular ConferenceAt the 14th World Live Neurovascular Conference (WLNC) in Li...
09/06/2026
Last month, Spotify hosted PURE FLOWERS LIVE, a special event celebrating the re...
09/06/2026
Last month, RADAR U.K. artist Skye Newman took the stage in East London for a sp...
09/06/2026
Company to cease operating on 30 June 2026
Australian loudspeaker and amplifier manufacturer Wayne Jones Audio have announced that after much consideration,...
09/06/2026
Increases low-end weight and character
The latest plug-in release from Sheffield-based fedDSP aims to offer an all-in-one solution for users in search of mo...
09/06/2026
Introduces AI Studio Assistant, Moises Studio integration & more
Fender Studio have just announced the launch of a significant update that brings an array o...
09/06/2026
The BBC has found its Hercule Poirot.
After Deadline revealed last month that t...
09/06/2026
Filming to take place in Holmfirth
9th June 2026, London: U&GOLD is heading bac...
09/06/2026
X-Rite Pantone Launches Offset360 to Modernize Color Control Across Existing Pre...
09/06/2026
09 Jun 2026
VEON Appoints Serkan Ozturk as Chief of Staff & Strategy Officer Dubai and New York, June 9, 2026 - VEON Ltd. (NASDAQ: VEON), a global digital oper...
09/06/2026
Tuesday 9 June 2026
Katie Price: Nothing to Hide, a candid and unfiltered accou...
09/06/2026
Enni Continues to Rely on Arvato Systems - And Will Be Using AEP.EnerS4 Billing Solution
Arvato Systems to implement transformation project for SAP S/4HANA Ut...
09/06/2026
These special programmes will highlight RT 's connection with the Irish diaspora
This year, RT is marking 100 years of public broadcasting in Ireland with...
08/06/2026
At Spotify, our commitment to the LGBTQIA community is year-round. Through GLOW, our global music program, we celebrate and amplify the contributions of queer ...
08/06/2026
Get Hands-on With Keyboard & Synth Brands
GearExpo UK wouldn't be complete without some synth action, and we've got some of the industry's most ...
08/06/2026
50 popular in-ear monitoring system profiles added
The latest update for IK Multimedia's headphone-correction system has just arrived, and introduces ca...
Facebook 
