Despite spending millions on bot mitigation, 64% of organizations lost revenue due to bot attacks
A Kasada survey covers the state of bot mitigation exclusively from the perspective of organizations already using anti-bot solutions.
The state of bot mitigation
- 64% of organizations lost more than 6% of their revenue due to bot attacks, and 32% lost 10% or more within the last year.
- A quarter of respondents say that on average a single bot attack costs their organization $500,000 or more.
- 76% of companies say they are either playing a game of cat and mouse or feel like it’s an impossible balancing act to keep up with evolving bot threats.
- 80% of companies agree that bots are becoming more sophisticated and difficult for their security tools to detect.
- 85% report their bot mitigation solution became ineffective within a year after initial deployment.
Bad bots: Now a C-Level imperative
64% of organizations lost 6% or more of their revenue due to bot attacks, and 32% report that their organizations lost 10% or more of revenue within the last 12 months. A quarter of respondents say that on average a single bot attack costs their organization $500,000 or more, and 44% of respondents say it costs their organization $250,000 or more.
45% of companies surveyed say bot attacks result in more website downtime at their organizations, and about a third say bot attacks result in brand or reputational damage, reduction in online conversions, and more frequent data leaks. bot attacks resulted in an increase in operational or logistical bottlenecks.
Researchers found that 77% of companies spent $250,000 or more on mitigating bot attacks within the past 12 months, while 27% spent in-excess of $1 million, resulting in a loss of revenue and increased operational costs.
With 80% of executive teams asking about bot attacks within the past 6 months, bot attacks and their effects have become a C-Level concern. As a result, 63% of companies plan to increase their spending on bot prevention over the next 12 months.
Most companies aren’t prepared to stop sophisticated bots
The research shows that most companies are not prepared to protect against the evolving bot landscape using the solutions they have in place. In fact, 80% of companies say that bots are becoming more sophisticated and difficult for their security tools to detect, and only 31% are very confident in their ability to detect new bots never seen before. Only 15% report that their solution retained effectiveness a year after initial deployment.
Respondents indicate that the most difficult types of bot attacks to stop are credential stuffing, account takeover, web scraping, denial of inventory, CAPTCHA defeat, application DDoS, fake account creation, carding and cracking.
In addition to CAPTCHA defeat being challenging to stop, 87% of companies say the customer experience would be improved by eliminating CAPTCHAs altogether, demonstrating the need for an alternative means of validating traffic is human.
Enormous amount of time and resources wasted on bot mitigation
A resounding 66% of the total funds necessary to fight bot attacks are attributed to the ongoing management, maintenance, and post-event remediation of their bot mitigation solution – as opposed to the cost of the anti-bot solution itself.
According to the report, 65% of companies say it took more than a week to configure and optimize their bot solution prior to deployment. 92% of organizations say that the person responsible for bot mitigation rules and policies spends on average a total of 25 or more hours each month managing or maintaining them. In addition, 63% of companies report that it takes one week or more across roles to remediate a successful bot attack.
“While all organizations surveyed prioritize the need to defend against bad bots, most cannot fend them off due to ineffective bot mitigation solutions,” said Sam Crowther, CEO, Kasada.
“More has changed in the bot ecosystem over the past 2 years than the prior decade. Today’s organizations need a different approach, one that is proactive and constantly adapting alongside attackers.”