Thales released research on 19th Sept titled ”Economic Impact of API and Bot Attacks.” The analysis of over 161,000 different cybersecurity incidents reveals the growing global expenses associated with automated bot misuse and vulnerable or unsecure APIs—two security concerns that are becoming increasingly related. According to the report, bot attacks and API vulnerabilities cost companies worldwide up to $186 billion in lost revenue.
Imperva, a corporate unit of Thales, and the Marsh McLennan Cyber Risk Intelligence Center claimed that the cost of unsecured APIs has risen from $12 billion in 2021 to $35–87 billion in the present, with bot attacks being responsible for up to $116 billion of that total. The cumulative average damage from bot and API threats is estimated to be between $94 and $186 billion.
Businesses with annual revenue above $1 billion have been found to be two to three times more likely than small or mid-sized enterprises to encounter automated API misuse by bots. The security risks associated with automated API abuse by bots have been shown to primarily affect large firms due to their extensive and enormous API ecosystems, many of which have exposed or unsecured APIs. The issue is made worse by the sheer volume of APIs that businesses use; according to statistics from Imperva Threat Research, the typical business managed 613 API endpoints in production last year. Additionally, the number is rising rapidly as companies are under more and more pressure to provide digital services quickly and effectively.
“It’s imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden,” says Nanhi Singh, General Manager of Application Security at Imperva. “The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks.”
He also says, “Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models. At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.”
