Businesses are leaving bot attacks unchallenged for almost four months
Netacea released its report into how businesses are dealing with bot attacks. It reveals one key area where businesses are failing to tackle bot attacks — bots are going undiscovered for an average of 16 weeks, up two weeks from last year’s findings.
The study surveyed 440 businesses across the travel, entertainment, ecommerce, financial services and telecoms sectors in the United States and the UK. It is a follow up to last year’s report, and finds that in almost every measure, businesses appear to be doing worse than last year in the fight against bots—though this may not necessarily mean they are losing the fight.
As well as the finding that bots attacks are going undiscovered for longer, the research also found:
- Bot owners are shifting their tactics, with 60% of businesses detecting attacks on APIs and 39% detecting attacks on mobile apps (up from 46% and 23% from 2021 respectively).
- Attacks from each of the main types of bots—sniper, account checker, scalper and scraper—have all increased by between 7-9 percentage points from 2021. 53% of businesses are now detecting attacks from account checker bots.
- Almost all businesses, around 97%, report that customer satisfaction has been affected by bot attacks.
- Retailers in the US are reporting fewer loyalty points being stolen by automated attacks, but the value of the average theft has more than doubled, suggesting a more targeted approach.
- The revenue impact of skewed web analytics, caused by bots being treated as genuine visitors, has increased from 4% to 5%, though fewer businesses report a substantial impact from this particular effect of bot attacks.
“On the face of it, this looks like a very poor result for businesses hoping to fight the effect of bot attacks. Our research has shown that bots have a substantial effect on business revenues, and so it’s in their interest for our results to move the other direction,” said Andy Still, CPO, Netacea.
“However, we think that the results can be interpreted another way. Businesses are taking time to wake up to the threat of bots, and we see at least part of this increase in bot attacks being down to a greater awareness. Businesses are getting better and recognising bot attacks, and so while it may look like things are getting worse, there is some cause for cheer.”
The report’s results on bot myths goes some way to confirm this theory, with incorrect assumptions about bots believed less than in previous years. Fewer businesses believe that all bot attacks come from Russia and China, that a Web Application Firewall will stop sophisticated bots, and that ReCAPTCHA is an effective tool against all bots. However, more than 50% of businesses still believe these myths, suggesting there is still some way to go.
“Businesses may be beginning to turn the tide against bot attacks, but if so it really is just the beginning,” said Matthew Gracey McMinn, Head of Threat Research, Netacea. “The most damning result of our research, that attacks go unreported for 16 weeks, shows the risk of complacency—bots can essentially run wild for months before the threat is tackled. Better understanding is vital, but just the first step.”