A new report has revealed that insecure application programming interfaces (APIs) and bot-related cyber attacks are responsible for billions of pounds in losses each year. The findings, published by cybersecurity firm Thales, highlight the growing scale of the threats, which have become more frequent and sophisticated over recent years.
The report, based on research conducted by the Marsh McLennan Cyber Risk Intelligence Center, analysed over 161,000 cybersecurity incidents. It found that organisations around the world have faced increasing attacks on their APIs – a technology used to allow different software systems to communicate – as well as a surge in bot-driven attacks, which are often used to automate abuse of these systems.
According to the study, global losses from API and bot attacks now reach as much as £1.5 trillion annually. A significant proportion of these losses stem from large companies, particularly those with complex API ecosystems, which are being disproportionately targeted.
API insecurity alone has seen a sharp increase in its economic toll, with losses rising by an estimated £9.5 billion since 2021. Large enterprises, which often have hundreds of APIs integrated into their operations, are particularly vulnerable due to the volume of sensitive data accessible through these systems.
The widespread use of APIs, according to experts, is making it easier for cybercriminals to exploit business logic vulnerabilities. In 2023, bots were responsible for 30% of all API-related attacks, adding to a growing list of automated threats. The availability of generative AI tools has further enabled low-skilled attackers to create more sophisticated bots, amplifying the risk to organisations.
Nanhi Singh, General Manager of Application Security at Thales’ subsidiary, Imperva, stressed the urgency of the situation: “It’s imperative that businesses address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden. The interconnected nature of these threats necessitates a holistic approach to cybersecurity.”
The report also highlighted a dramatic rise in bot-related incidents, with attacks increasing by 88% in 2022, followed by another 28% surge in 2023. This escalation is linked to the rise in digital transactions and geopolitical tensions, such as the ongoing Russia-Ukraine conflict. The resulting economic impact is significant, with bot attacks alone accounting for losses of up to £90 billion each year.
Large enterprises, particularly those with revenues exceeding £80 billion, were found to be the most susceptible, experiencing an average of 26% of their security incidents as a result of insecure APIs or bot-related attacks.
Regionally, Brazil recorded the highest percentage of API and bot-related security events, with up to 32% of its incidents linked to these threats. France, Japan, and India were close behind, each reporting incidents at around 28%, while the United States, despite lower percentages, saw two-thirds of all global events take place within its borders.
The report concludes that the growing reliance on APIs, coupled with the increasing sophistication of bots, is likely to result in even higher costs for businesses unless proactive measures are taken.
PLEASE VISIT
Cloud Protection & Licensing Solutions | Thales Group
