The typical business in the US and UK loses over 4% of their online revenue every year due to malicious bot attacks, according to a new report from Netacea.
The firm’s Death by a Billion Bots report was compiled from a survey of 440 businesses with an average online revenue of $1.9bn across the travel, entertainment, e-commerce, financial services and telecoms sectors in the US and the UK.
It found that the average firm loses $85.6m annually to bot attacks, up from $33.3m per business in 2020. Netacea argued that this is far greater than the average ransom payment or GDPR fine.
Most (53%) attacks came from Russia or China, with nearly half (48%) of respondents also seeing attacks from endpoints in Vietnam, although the source of these threats may be actors in other countries.
The majority (65%) were targeted at mobile devices, followed by websites (63%) and APIs (40%).
The threat appears to be getting worse: 99% of companies that detected an automated attack said they had seen an increase in attack volumes, with 13% claiming the increase was “significant.”
Attacks are varied. The most common, observed by half (49%) of respondents, were from sniper bots, which monitor time-based activity and submit information at the very last moment, such as on online auction sites. These can be particularly damaging to dynamic pricing environments in financial services, Netacea claimed.
Also common were account checker attacks (45%), scraper bots (33%), gift card crackers (30%) and scalper bots (29%).
Unfortunately, these attacks are often allowed to persist for months before they are spotted. Netacea calculated the average “dwell time” at four months, with almost all (97%) respondents saying it took over a month to respond to malicious automated attacks.
Such attacks can have a major impact not only on the bottom line but also reputation, with 88% claiming bots have impacted customers satisfaction.
“The cumulative effect of these attacks is wiping tens of millions of dollars in value from online businesses, not to mention the effect on their reputations and operations, yet this activity is low key enough to remain undetected for months,” warned Netacea co-founder, Andy Still.
“With the fastest growth seen in countries where there is little chance of law enforcement, businesses can only expect these attacks to increase in number.”