Facebook
Twitter
LinkedIn
API insecurity and automated abuse by bots responsible for up to 11.8% of cyber events and losses globally
Bot-related security incident count rose 88% in 2022 and 28% in 2023
Insecure APIs result in up to $12 billion more in losses than they did in 2021
@Thales Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the Economic Impact of API and Bot Attacks report. The analysis of more than 161,000 unique cybersecurity incidents and investigates the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. The report estimates that API insecurity and bot attacks result in up to $186[1] billion for businesses around the world.
The report is based on a study conducted by the Marsh McLennan Cyber Risk Intelligence Center which found that larger organizations were statistically more likely to have a higher percentage of security incidents that involved both insecure APIs and bot attacks. Enterprises with revenues of more than $1 billion were 2-3x more likely to experience automated API abuse by bots than small or mid-size businesses. The study suggests that large companies are particularly vulnerable to security risks associated with automated API abuse by bots because of complex and widespread API ecosystems that often contain exposed or insecure APIs.
Enterprises rely heavily on APIs to enable seamless communication between diverse applications and services. Data from Imperva Threat Research finds that the average enterprise managed 613 API endpoints in production last year. That number is growing rapidly as businesses face mounting pressure to deliver digital services with greater agility and efficiency.
Due to this increased reliance and their direct access to sensitive data, APIs have become attractive targets for bot operators. In 2023, automated threats accounted for 30% of all API attacks, according to data from Imperva Threat Research. Today, automated API abuse by bots costs organizations up to $17.9 billion of losses annually. As the number of APIs in production multiplies, cybercriminals will increasingly use automated bots to find and exploit API business logic, circumvent security measures, and exfiltrate sensitive data.
It's imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks.
Some of the key trends identified in the report include:
Increased API adoption and usage is growing the attack surface: The rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to $87 billion of losses annually, a $12 billion increase from 2021.
Bots negatively impact organizations' bottom line: The widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. Up to $116 billion of losses annually can be attributed to automated attacks by bots.
API and bot-related security incidents are becoming more frequent: In 2022, API-related security incidents rose by 40%, and bot-related security incidents spiked by 88%. These increases were fueled by a rise in digital transactions, the expanding use of APIs, and geopolitical tensions like the Russia-Ukraine conflict. In the following year 2023, as digital traffic began to stabilize and the pandemic-driven surge in internet activity subsided, the frequency of these incidents moderated. API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. The overall upward trend in attacks highlights the growing persistence and frequency of these threats.
Insecure APIs and bot attacks pose a significant threat to large enterprises: Companies with revenue of at least $100 billion are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats constitute up to 26% of all security incidents experienced by such businesses.
Countries around the globe are vulnerable to API and bot attacks: Brazil experienced the highest percentage of events related to insecure APIs or bot attacks, with the threats accounting for up to 32% of all observed security incidents. This was closely followed by France (up to 28%), Japan (up to 28%), and India (up to 26%). While the percentage of events attributed to API and bot-related security incidents was lower in the United States, 66% of all reported events related to vulnerable APIs or automated abuse by bots occurred within the country.
Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models, adds Singh. At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.
Additional Information:
Download a copy of the The Economic Impact of API and Bot Attacks report for additional insights on the business impact of API and bot-related security incidents.
See how Imperva Advanced Bot Protection and API Security can protect websites, applications, and APIs from automated attacks and without affecting the flo
Europe Stories
23/12/2025
The year is winding down, the weather outside is frightful, and it's the perfect time to escape into a story that warms the heart. For listeners looking for...
23/12/2025
23 Dec 2025
VEON's Beeline Kazakhstan and Rakuten Symphony Collaborate to A...
22/12/2025
For a decade, popular German podcast Fest & Flauschig has hosted an annual Chris...
22/12/2025
Monday 22 December 2025
Sky extends PGA TOUR partnership until 2029, as Sky Spo...
22/12/2025
Siobh n McSweeney, Rory McIlroy, Elon Musk, Catherine Connolly, Jim Gavin, Ivan Yates and Traitor Paudie Moloney lead new characters for Callan Kicks the Year 2...
22/12/2025
Winner announced in the picturesque surroundings of Wicklow's Avondale Tower and Treetop Walk
Andrew Trimble wins the show in his first series as coach
Th...
22/12/2025
The 2025 winners have been announced today, Sunday 21 December, for Ireland's largest choral competition Choirs for Christmas hosted by RT lyric fm.
Ove...
21/12/2025
John Shortt named Young Sportsperson of the Year Kerry are the Team of the Year
...
19/12/2025
With Playout Release 2025.4, ToolsOnAir continues to push professional playout w...
19/12/2025
19 Dec 2025
VEON's Mobilink Microfinance Bank Launches Islamic Banking Oper...
19/12/2025
The six-part drama, set in a close-knit Welsh town fractured by an unspeakable c...
19/12/2025
Rohde & Schwarz drives the future of mobility at CES 2026 At the 2026 Consumer Electronics Show in Las Vegas, Rohde & Schwarz will present a powerful lineup o...
19/12/2025
RT is proud to return to the RDS to support the 2026 Stripe Young Scientist & T...
18/12/2025
Canada's largest indoor arena has transformed its live production capabilities with a full ST 2110 infrastructure and Calrec's compact Argo S console. S...
18/12/2025
Long-term agreement includes the SES SCORE platform and hybrid distribution worldwide to deliver more than 5,000 hours of golf tournaments annually featuring th...
18/12/2025
18 Dec 2025
VEON Upgraded to Nasdaq Global Select Market, Enhancing Investor Visibility Dubai, December 18, 2025 - VEON Ltd. (Nasdaq: VEON), a global digital o...
18/12/2025
Thursday 18 December 2025
Sky Sports remains the exclusive home of the Masters ...
18/12/2025
Using the additive process of 3D printing, layer after layer gets printed until an object is as close to the final shape needed as possible. Historically, machi...
18/12/2025
In 2025, RT proudly supported 185 arts and cultural events across the island of Ireland, reflecting significant growth since the scheme was re-launched in 2014...
18/12/2025
RT Sports Awards 2025 live on RT One and RT Player at 8:05pm on Saturday 20 December
On Saturday 20 December live on RT One and RT Player at the earlier t...
18/12/2025
RT lyric fm presents a very special Winter Solstice edition of Ambient Orbit, l...
18/12/2025
At 7.45pm on 1st January 1926, the precursor to RT , then 2RN, delivered the fledgling new Irish state's first public radio transmission. From those first c...
18/12/2025
December 18 2025, 05:30 (PST) The Movie Experience SLO Becomes First U.S. Exhib...
17/12/2025
Investigative journalists across the Western Balkans and T rkiye continue to con...
17/12/2025
The right playlist is essential on New Year's Eve, building the energy as you get ready and keeping it high as you count down to midnight. This year, Spotif...
17/12/2025
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({...
17/12/2025
Wuppertal December 17, 2025
Riedel Builds Global Communication and Commentary ...
17/12/2025
December 17 2025, 17:00 (PST) Dolby and LG Unveil a New Era of Home Audio With ...
17/12/2025
Wednesday 17 December 2025
Heated Rivalry will be coming to Sky and streaming service NOW on 10 JanuaryTurn on cookies to view this content. Go to Privacy opti...
17/12/2025
RT has announced that Kathy Fox has been appointed Commissioning Editor with re...
17/12/2025
With the new season of Dancing with the Stars shimmering in the not-too-distant future this New Year, the celebrity and dancer pairings of the twelve couples ha...
16/12/2025
Hawkins has landed on Spotify, just in time for Stranger Things Season 5, Volume...
16/12/2025
Wherever you are, your favorite music and audio content should go seamlessly with you. That's why Spotify has partnered with NAVER Corp, Korea's leading...
16/12/2025
2025 Wrapped arrived bigger and bolder than ever. This year's experience is designed to be ultra personal and shareable, with new features like Wrapped Part...
16/12/2025
16 Dec 2025
VEON Announces Release Date for Full Year and Fourth Quarter 2025 R...
16/12/2025
16 Dec 2025
VEON's Kyivstar Invests in Renewable Energy in Ukraine with Acq...
16/12/2025
Harmonic's XOS Advanced Media Processor Improves Streaming Video Quality and Boosts Viewer Engagement SAN JOSE, Calif. - Dec. 16, 2025 - Harmonic (NASDAQ: ...
16/12/2025
RT Sport Awards 2025 live on RT One and RT Player at 8:05pm on Saturday 20 December.
On Saturday 20 December live on RT One and RT Player at the earlier t...
16/12/2025
Singer -songwriter Brian Kennedy has been announced as the final celebrity dance...
15/12/2025
Cape Town, November 13, 2025 - SES and International artist and humanitarian, Fo...
15/12/2025
Luxembourg, December 15, 2025 - SES, a leading space solutions company, and Abra Group launched fast and reliable multi-orbit inflight connectivity service on t...
15/12/2025
15 Dec 2025
VEON's Beeline Kazakhstan Delivers First Starlink Direct to Cel...
15/12/2025
Andrew Mountbatten-Windsor finds himself the topic of year's cracker jokes
Oasis, David Harbour, Celebrity Traitors and Angela Rayner all feature in this y...
15/12/2025
Comscore Expands Cross-Platform Campaign Measurement to Include Audio and Social New capabilities strengthen cross-platform campaign reporting suite; CCR rebran...
15/12/2025
RT .ie has reached one billion page views this year and is on track to finish 2025 2% ahead of last year. Average time spent on the site is up 3% on 2024, with ...
12/12/2025
Last month, Spotify announced a new collaboration with the ATP Tour, the global governing body of men's professional tennis, aimed at bringing the next gene...
12/12/2025
Friday 12 December 2025
Ted is back! Seth MacFarlane's live-action comedic ...
12/12/2025
Uachtar n na h ireann, Catherine Connolly visited RT Raidi na Gaeltachta's...
12/12/2025
Ireland AM host Eric Roberts has been revealed as the sixth contestant taking to...
Facebook 
