A recent report from Thales, a leader in cybersecurity, titled “Economic Impact of API and Bot Attacks,” underscores the severe financial damages that insecure APIs and bot attacks inflict on businesses worldwide. According to data analyzed by the Marsh McLennan Cyber Risk Intelligence Center, over 161,000 cybersecurity incidents were studied, revealing an annual global financial loss estimated at a staggering $186 billion.
Large Organizations at Higher Risk
The report’s key findings indicate that larger organizations are significantly more vulnerable to these attacks, being two to three times more likely to be affected than smaller firms. This increased susceptibility is largely attributed to the complexity and expansiveness of their API ecosystems. On average, enterprises managed around 613 API endpoints in the past year, a figure that is expected to rise, thereby increasing the associated risks.
One alarming aspect of the reported losses, amounting to $17.9 billion annually, is directly linked to automated API abuse by bots. This emphasizes the urgent need for businesses to adopt more integrated and comprehensive security strategies to mitigate these financial impacts. The report also highlights a marked increase in API adoption and usage, which has broadened the attack surface for cybercriminals. Consequently, the economic toll from insecure APIs has surged to $87 billion annually, reflecting a $12 billion increase since 2021.
Escalating Sophistication of Bot Attacks
Additionally, the report emphasizes that bot attacks have become more sophisticated, fueled by the availability of attack tools and generative AI models. These advancements have contributed up to $116 billion in annual losses. The frequency of both API and bot-related incidents has notably risen, with a 40% increase in API-related incidents and an 88% spike in bot-related incidents in 2022. Although there was a moderate uptick in incidents in 2023, the consistent trend points to an ongoing challenge.
Large enterprises, particularly those with revenues exceeding $100 billion, are especially vulnerable, with such incidents making up to 26% of their security issues. Internationally, countries like Brazil, France, Japan, and India have seen significant impacts. However, the United States stands out, accounting for 66% of all reported events related to these security vulnerabilities.
Expert Insights and Ongoing Threats
Nanhi Singh, General Manager of Application Security at Thales’ subsidiary Imperva, stresses the interconnected threats posed by insecure APIs and bots. Singh warns that businesses globally must address these security risks or face substantial economic burdens. As reliance on APIs continues to grow, especially with the rise of generative AI applications and large language models, the threat landscape will evolve. Generative AI will empower cybercriminals to develop more sophisticated bots at a faster rate, making it imperative for proactive measures to anticipate and mitigate the rising economic impacts of automated API abuse by bots.
The Urgency for Robust Security Measures
A recent report from Thales, a prominent leader in cybersecurity, titled “Economic Impact of API and Bot Attacks,” highlights the staggering financial damage caused by insecure APIs and bot attacks on businesses globally. This comprehensive analysis sheds light on the significant vulnerabilities within the digital landscape that many organizations face daily. The report draws data from the Marsh McLennan Cyber Risk Intelligence Center, which meticulously studied over 161,000 cybersecurity incidents. The findings are alarming, revealing that these cybersecurity threats contribute to an estimated annual global financial loss of a whopping $186 billion. APIs, or Application Programming Interfaces, are essential for modern business operations, allowing different software systems to communicate. However, when these APIs are not secured properly, they become gateways for cybercriminals to exploit. Similarly, bot attacks—automated programs that mimic human activity—can overwhelm systems, leading to data breaches, operational disruptions, and financial losses. The report underscores the critical need for businesses to bolster their cybersecurity measures to mitigate these risks.