Thales, a leader in cybersecurity, has released a compelling report titled “Economic Impact of API and Bot Attacks”, shedding light on the considerable financial damages that insecure APIs and bot attacks impose on businesses worldwide.
According to FinTech Finance, the report, informed by an analysis of over 161,000 cybersecurity incidents, puts the annual global loss at an alarming $186bn. This analysis was spearheaded by the Marsh McLennan Cyber Risk Intelligence Center, highlighting a particular vulnerability in larger organizations which are 2-3 times more susceptible to such incidents compared to smaller firms.
Key findings underscore the significant economic burden large companies face due to the complexity and expansiveness of their API ecosystems which are often left exposed or insecure. On average, enterprises managed around 613 API endpoints in the previous year, a number that is expected to rise, amplifying the risks associated with these technologies.
The report attributes up to $17.9bn of annual losses directly to automated API abuse by bots, emphasizing the urgency for a more integrated and comprehensive security strategy to curb these figures.
The study also notes a marked increase in API adoption and usage which has broadened the attack surface for cybercriminals. The economic toll from insecure APIs has surged to $87bn annually—a $12bn increase since 2021. Furthermore, bot attacks have been refined by the availability of attack tools and generative AI models, contributing to up to $116bn in annual losses.
A concerning rise in API and bot-related security incidents was observed, with a 40% increase in API-related incidents and an 88% spike in bot-related incidents in 2022. Although there was a moderate increase in 2023, the consistent uptrend indicates an enduring challenge. Large enterprises, particularly those with revenue exceeding $100bn, face the highest risk, with such incidents comprising up to 26% of their security issues.
Internationally, countries like Brazil, France, Japan, and India have seen significant impacts, with the U.S. accounting for 66% of all reported events related to these security vulnerabilities.
Nanhi Singh, General Manager of Application Security at Imperva, a Thales company, stressed the interconnected threats posed by insecure APIs and bots, stating, “It’s imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden.” Singh further added, “Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models.
“At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.”
Copyright © 2024 RegTech Analyst
Copyright © 2018 RegTech Analyst