Imperva, a Thales company specializing in cybersecurity, the 2024 Imperva Bad Bot Report reveals a troubling rise in automated internet traffic, with nearly half (49.6%) of all online activities in 2023 being driven by bots. This marks a 2% increase from the previous year, reaching the highest level since the company began tracking this phenomenon in 2013.

The report, which provides a global analysis of bot-generated traffic, indicates a significant escalation in malicious bot activities, with bad bot traffic accounting for 32% of web interactions in 2023, up from 30.2% the previous year. These bots pose severe risks, including data breaches, account takeovers, and extensive data theft.

Singapore notably experienced a decrease in bad bot traffic to 35.2% in 2023 from 43.1% in 2022, still remaining above the global average. In contrast, the Asia Pacific (APAC) region saw a reduction in bad bot activity, down to 26.6% from 27.9% in 2022 and 34.8% in 2021, marking a 23.5% decrease over three years. Despite these reductions, over 40% of internet traffic in Singapore and APAC is still dominated by bots, highlighting the ongoing challenges faced by businesses in managing these threats.

“With attackers increasingly exploiting API vulnerabilities and lapses in business logic guardrails, this proactive stance is essential to prevent data breaches, account takeovers, and large-scale data theft. From simple web scraping to malicious account takeover, spam, and denial of service, bots negatively impact an organisation’s bottom line by degrading online services and requiring more investment in infrastructure and customer support. Organisations must proactively confront the menace of bad bots as attackers sharpen their focus on API-related abuses that can lead to compromised accounts and data exfiltration.”

Reinhart Hansen, Director of Technology at Imperva’s Office of the CTO

Key findings from the report also showcased notable trends, including:

• Ireland, Germany, and Mexico reported the highest levels of bad bot traffic in 2023, with figures soaring to 71%, 67.5%, and 42.8% respectively.
• The rapid adoption of generative AI has fueled an increase in simpler forms of bots, which rose globally to 39.6% in 2023. Industries such as retail, telecommunications, and healthcare in Singapore saw substantial bot traffic, linked primarily to web scraping and automated crawling.
• Account takeover (ATO) attacks continue to rise, with a 10% increase in 2023. Financial Services, Travel, and Business Services were the most affected sectors, emphasizing the need for strengthened API security measures.

George Lee, Senior Vice President for Asia Pacific and Japan at Imperva, said: “Organisations face substantial financial losses every year due to automated traffic, a concern that cuts across all industries. Automated bots are on track to outnumber human-generated internet traffic, and with the proliferation of AI-powered tools, their presence is becoming increasingly pervasive. It’s imperative for enterprises to prioritise investment in bot management and API security solutions to effectively combat the threat posed by malicious automated traffic.”

As automated bots become increasingly prevalent and sophisticated, their impact stretches across all industries, threatening both operational security and financial stability. Businesses and individuals are urged to prioritize cybersecurity to combat the ever-evolving threats posed by these automated adversaries.