The Thales report, titled "Economic Impact of API and Bot Attacks," reveals that insecure APIs and bot-related attacks cost businesses in the Asia Pacific and Japan (APJ) region up to $16.6 billion annually.
According to the report, API insecurity and automated bot abuse are responsible for approximately 11.8% of all cyber events and losses worldwide, totalling an estimated $186 billion. The incidents involving bots surged by 88% in 2022 and continued to rise by 28% in 2023.
Nanhi Singh, general manager of Application Security at Imperva stated: “It’s imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden.” He emphasised the need for a comprehensive security strategy that integrates protections against both types of threats.
Larger organisations, particularly those generating over $1 billion in revenue, are more likely to experience incidents involving both insecure APIs and bot attacks, with the risks amplified by complex API ecosystems. The average enterprise managed 613 API endpoints last year, a number expected to grow as digital services become increasingly essential.
The report identifies several key trends contributing to the financial impact of these attacks:
Increased API adoption: The rapid development and deployment of APIs, coupled with a lack of security training among developers, have resulted in insecure APIs leading to losses of up to $4.6 billion in APJ.
Bot attacks: Automated attacks account for 30% of all API threats, costing businesses in APJ approximately $12.8 billion annually. The rise of generative AI tools has made it easier for even novice attackers to execute sophisticated bot attacks.
Frequency of incidents: The frequency of API-related security incidents rose by 40% in 2022, and while the growth rate moderated in 2023, it still represented a 9% increase. Bot-related incidents jumped by 28% as digital activity rebounded post-pandemic.
The report also highlights that countries in the APJ region are particularly vulnerable, with Japan, India, and Australia among those experiencing significant rates of API and bot-related incidents.
Singh warned, “As API ecosystems expand and bots become more advanced, organisations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.” The findings underscore the urgent need for enhanced security measures to protect against these evolving threats.