According to a new study by Thales, the rapid adoption of APIs and AI-powered bot attacks cost global companies up to $186 billion annually. Losses caused by insecure APIs have increased from $12 billion in 2021 to $35–87 billion today, while losses from bot attacks may reach up to $116 billion.
The rapid expansion of APIs, lack of expertise, and weak coordination between security and development teams create additional risks. Large companies with annual revenue of more than $100 billion are especially vulnerable to these threats.
This report on the economic impact of API and bot attacks is based on an analysis of 161,000 cybersecurity incidents conducted by Thales Imperva and the Cyber Risk Intelligence Center at Marsh McLennan.
The report notes that APIs are becoming a popular target because they can provide access to sensitive corporate and customer data. Attackers often use automated bots to detect vulnerable or misconfigured APIs.
Generative AI enables even inexperienced cybercriminals to launch sophisticated bot attacks by improving methods for bypassing security systems.
Companies with high revenue are most often targeted by attacks involving insecure APIs and bots. These threats account for 26% of all security incidents in such organizations, compared with the average rate of 12%.
The reason is that large companies usually manage complex API ecosystems that may contain vulnerable interfaces. On average, such enterprises use 613 API endpoints.
Dependence on APIs will continue to grow, especially with the development of generative AI and large language models. At the same time, cybercriminals will accelerate the creation of sophisticated bots.
As the number of APIs increases and bots become more advanced, the economic damage to companies will continue to grow unless preventive measures are taken.
The complexity and interconnection of these threats require companies to integrate security strategies against both bot attacks and API attacks.
The rapid expansion of APIs, lack of expertise, and weak coordination between security and development teams create additional risks. Large companies with annual revenue of more than $100 billion are especially vulnerable to these threats.
This report on the economic impact of API and bot attacks is based on an analysis of 161,000 cybersecurity incidents conducted by Thales Imperva and the Cyber Risk Intelligence Center at Marsh McLennan.
The report notes that APIs are becoming a popular target because they can provide access to sensitive corporate and customer data. Attackers often use automated bots to detect vulnerable or misconfigured APIs.
Generative AI enables even inexperienced cybercriminals to launch sophisticated bot attacks by improving methods for bypassing security systems.
Companies with high revenue are most often targeted by attacks involving insecure APIs and bots. These threats account for 26% of all security incidents in such organizations, compared with the average rate of 12%.
The reason is that large companies usually manage complex API ecosystems that may contain vulnerable interfaces. On average, such enterprises use 613 API endpoints.
Dependence on APIs will continue to grow, especially with the development of generative AI and large language models. At the same time, cybercriminals will accelerate the creation of sophisticated bots.
As the number of APIs increases and bots become more advanced, the economic damage to companies will continue to grow unless preventive measures are taken.
The complexity and interconnection of these threats require companies to integrate security strategies against both bot attacks and API attacks.