As many as 98% of organisations attacked by bots in the past year reported revenue losses, according to a report by Kasada, a bot mitigation company. Kasada’s ‘2024 State of Bot Mitigation Report,’ which canvassed some 222 technology professionals across the US, also revealed that more than one-third of IT and IS specialists said their organisations lost over 5% of revenue due to web scraping and account fraud. The survey covered organisations with 250 or more employees and was conducted in June 2024, with a margin of error of +/- 6 percentage points at a 95% confidence level.
Despite having bot defence measures in place, 63% of organisations experienced at least one bot attack in the past year. The report notes that 67% of companies relied on CDN-based bot detection solutions, however, only 20% found their solutions remained effective for more than 12 months. As a result, 79% of organisations are likely to switch providers due to dissatisfaction with the current solutions’ performance.
Bots a major problem for major corporations
Kasada’s report also shows that 30% of companies spent $1m or more on mitigating bot attacks over the past year, while 24% said a single bot attack cost their organisation $500,000 or more.
Additionally, 56% of respondents spent at least $500,000 on bot mitigation in the same period. A significant portion, 63%, of the bot management budget is allocated to ongoing management and remediation of attacks, overshadowing the 37% dedicated to the bot management solution itself.
Although many organisations continue to use traditional bot detection methods such as CAPTCHAs, their effectiveness is increasingly questioned. The report indicates that 77% of companies rely on CAPTCHAs, yet 73% of IT and IS specialists believe removing them would improve the user experience. Moreover, 57% of respondents are concerned about sophisticated bots using AI to bypass CAPTCHA challenges.
The report reveals that 90% of IT and security professionals stated their executive teams are worried about bot attacks and AI-driven fraud. The use of artificial intelligence has accelerated the speed and complexity of attacks, making them more challenging to detect and counter.
Organisations face difficulties in detecting and stopping attacks such as account takeover, fake account creation, web scraping, Distributed Denial of Service (DDoS), and CAPTCHA defeats.
The findings of the 2024 State of Bot Mitigation Report highlight a shift in bot mitigation strategies, with companies recognising the need for more agile and robust solutions that can adapt to evolving threats.
Nearly six in ten companies experienced a bot attack within the past 12 months, according to the study, despite their existing defences. “Financially-motivated adversaries are circumventing traditional bot defenses more quickly than many can adapt,” said Kasada’s founder and CEO, Sam Crowther. “To add to injury, new technologies, like AI, are lowering the barrier to entry for attackers—increasing the number of automated threats that organisations are facing. Companies need a bot mitigation approach that is as dynamic as the adversary—quick to evolve, difficult to evade, and invisible for customers.”