Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Bot attacks and API vulnerabilities cost companies up to US$186bn

A new report from Imperva adds up the alarming global losses caused by insecure APIs and malicious bots.

user icon David Hollingworth
Thu, 19 Sep 2024
Bot attacks and API vulnerabilities cost companies up to US$186bn
expand image

Thales-owned cyber security firm Imperva has released a new report outlining the estimated losses to companies worldwide caused by vulnerable APIs and bot attacks.

According to the report – The Economic Impact of API and Bot Attacks – average global losses are likely to be US$94 billion to US$186 billion in total.

The research was conducted on Imperva’s behalf by the Marsh McLennan Cyber Risk Intelligence Center and was based on data from 161,000 cyber security incidents.

============
============

Larger organisations with revenues of more than US$1 billion are the ones most likely to be impacted by such attacks and vulnerabilities, with such entities two to three times more likely to be targeted.

This is due to the fact that larger companies tend to make greater use of APIs to link services and applications. Imperva’s Threat Research Team said that such companies use an average of 613 API endpoints – and that figure is growing year on year.

Breaking the figures down a bit, losses related to insecure APIs averaged US$35 billion to US$87 billion annually, and losses to bot-related attacks were between US$68 billion and US$116 billion.

Combining the two, bot-related API attacks cost businesses between US$8.9 billion and US$17.9 billion on average.

The Australian figures are no less alarming, adding up to losses of US$2 billion each year. Losses in the APJ region make up 17.7 per cent of global bot-related and API incidents, totalling losses of more than US$16.6 billion.

Nanhi Singh, general manager of application security at Imperva, said in a statement that it was “imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden”.

“The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks,” Singh said.

“Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models. At the same time, generative AI will also empower cyber criminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organisations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.”

You can read the full Economic Impact of API and Bot Attacks report here.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.