A recent study by Thales on the Economic Impact of API and Bot Attacks has highlighted the significant financial losses faced by global organizations due to the rise in API adoption and the use of AI-powered bots.
Description
Global organizations are currently experiencing substantial financial losses due to insecure APIs, costing between $35-87 billion annually [2], a significant increase from $12 billion in 2021. Bot attacks are responsible for up to $116 billion in losses each year. The combined average losses from bot and API threats are estimated to be between $94-186 billion. Factors such as rapid API adoption, a lack of in-house expertise [1], and poor communication between security and development teams are exacerbating the issue [1]. Threat actors are exploiting exposed, insecure [1] [2] [3] [4] [5] [6] [7], and misconfigured APIs using automated bots, with APIs being attractive targets due to their direct access to sensitive enterprise and customer data [1]. The availability of attack tools and generative AI models has enhanced bot evasion techniques [2] [5] [6] [7], leading to up to $116 billion in losses annually from automated bot attacks [5] [7]. API-related security incidents rose by 40% in 2022 and by 9% in 2023, while bot-related security incidents spiked by 88% in 2022 and by 28% in 2023. Large enterprises with revenue of at least $100 billion are most likely to suffer from insecure APIs or bot attacks [3] [5] [6] [7], with these threats constituting up to 26% of all security incidents [3] [5] [6] [7]. Companies with revenues over $1 billion are more vulnerable to security incidents involving automated API abuse by bots [2]. API ecosystems of companies with revenues over $100 billion are particularly at risk [2], with API and bot-related security threats making up a significant portion of reported incidents [2]. Cybercriminals are exploiting weaknesses in insecure APIs to steal sensitive data [2], with APIs becoming prime targets for attacks [2]. The rapid adoption of APIs [2], coupled with inexperience among API developers and lack of collaboration between security and development teams [2] [6], has led to significant financial losses due to insecure APIs [2]. Bot-driven threats are on the rise [2], making up 30% of all API attacks in 2023 and costing businesses billions annually [2]. Bot attacks are fueled by the availability of attack tools and genAI models [2], which enhance evasion techniques and lower the barrier of entry for attackers [2]. Security incidents involving APIs and bot-related attacks have surged in recent years [2], driven by increased digital transactions and geopolitical tensions [2]. Brazil [3] [5] [6] [7], France [3] [5] [6] [7], Japan [3] [5] [6] [7], and India are among the countries most vulnerable to API and bot attacks [5] [6] [7], with Brazil experiencing the highest percentage of events related to insecure APIs or bot attacks [3]. The United States also reported a significant number of events related to vulnerable APIs or automated bot abuse [5] [7].
Conclusion
The rise in API and bot attacks is causing significant financial losses for global organizations, highlighting the urgent need for improved security measures and collaboration between security and development teams. Mitigating the risks associated with insecure APIs and bot attacks will be crucial in safeguarding sensitive data and preventing further financial losses in the future.
References
[1] https://www.infosecurity-magazine.com/news/insecure-apis-bot-attacks-cost/
[2] https://www.digit.fyi/api-and-bot-attacks-cost-businesses-141-billion-a-year/
[3] https://markets.ft.com/data/announce/detail?dockey=600-202409180900BIZWIREUSPRX__20240918BW198180-1
[4] https://siliconangle.com/2024/09/18/api-bot-attacks-cost-businesses-186m-annually-new-report-finds/
[5] https://www.thalesgroup.com/en/worldwide/defence-and-security/press_release/vulnerable-apis-and-bot-attacks-costing-businesses-186
[6] https://vmblog.com/archive/2024/09/18/vulnerable-apis-and-bot-attacks-costing-businesses-up-to-186-billion-annually.aspx
[7] https://www.businesswire.com/news/home/20240918198180/en/Vulnerable-APIs-and-Bot-Attacks-Costing-Businesses-up-to-186-Billion-Annually
