Businesses losing the war against bad bots - report
Kasada has announced the findings of its 2021 State of Bot Mitigation Survey report.
Conducted by an independent research firm, this first of its kind survey covers the state of bot mitigation, exclusively from the perspective of organisations already using anti-bot solutions.
The report found that 64% of organisations lost more than 6% or more of their revenue due to bot attacks, and 32% lost 10% within the last year.
A quarter of respondents say that, on average, a single bot attack costs their organisation $500,000 or more, while 76% of companies say they are either playing a game of cat and mouse or feel like it is an impossible balancing act to keep up with evolving bot threats.
According to the report, 80% of companies agree that bots are becoming more sophisticated and complex for their security tools to detect, and 85% report their bot mitigation solution became ineffective within a year after initial deployment.
Bad Bots Now a C-Level Imperative
Most organisations (64%) lost 6% or more of their revenue due to bot attacks, and 32% report that their organisations lost 10% or more of revenue within the last 12 months. A quarter of respondents say that, on average, a single bot attack costs their organisation $500,000 or more, and 44% of respondents say it costs their organisation $250,000 or more.
Nearly half (45%) of companies surveyed say bot attacks result in more website downtime at their organisations. About a third say bot attacks result in brand or reputational damage, reduction in online conversions, and more frequent data leaks. Bot attacks resulted in an increase in operational or logistical bottlenecks.
Researchers found that 77% of companies spent $250,000 or more on mitigating bot attacks within the past 12 months, while 27% spent in-excess of $1 million, resulting in a loss of revenue and increased operational costs.
With 80% of executive teams asking about bot attacks within the past six months, bot attacks and their effects have become a C-Level concern. As a result, a majority of companies (63%) plan to increase their spending on bot prevention over the next 12 months.
Most Companies Aren't Prepared to Stop Sophisticated Bots
The research shows that most companies are not prepared to protect against the evolving bot landscape using the solutions they have in place. In fact, 80% of companies say that bots are becoming more sophisticated and difficult for their security tools to detect. Only 31% are very confident in their ability to detect new bots never seen before. Only 15% report that their solution retained effectiveness a year after initial deployment.
Respondents indicate that the most challenging types of bot attacks to stop are credential stuffing, account takeover, web scraping, denial of inventory, CAPTCHA defeat, application DDoS, fake account creation, carding and cracking.
In addition to CAPTCHA defeat being challenging to stop, 87% of companies say the customer experience would be improved by eliminating CAPTCHAs altogether, demonstrating the need for an alternative means of validating traffic is human.
Enormous Amount of Time and Resources Wasted
A resounding 66% of the total funds necessary to fight bot attacks are attributed to the ongoing management, maintenance, and post-event remediation of their bot mitigation solution - as opposed to the cost of the anti-bot solution itself.
According to the report, 65% of companies say it took more than a week to configure and optimise their bot solution before deployment. The vast majority (92%) of organisations say that the person responsible for bot mitigation rules and policies spends on average a total of 25 or more hours each month managing or maintaining them. In addition, 63% of companies report that it takes one week or more across roles to remediate a successful bot attack.
"While all organisations surveyed prioritise the need to defend against bad bots, most cannot fend them off due to ineffective bot mitigation solutions," says Kasada chief executive and founder, Sam Crowther.
"More has changed in the bot ecosystem over the past two years than the prior decade," he says. "Today's organisations need a different approach, one that is proactive and constantly adapting alongside attackers."