Organizations are facing increasing financial losses, estimated between $94 billion to $186 billion annually, due to vulnerable APIs (Application Programming Interfaces) and automated bot attacks, according to The Economic Impact of API and Bot Attacks report by Imperva, a Thales company.

These threats contribute to nearly 12% of global cyber incidents and losses, demonstrating the escalating risks they pose to businesses worldwide. A comprehensive study by the Marsh McLennan Cyber Risk Intelligence Center analyzed over 161,000 cybersecurity incidents, finding that insecure APIs and bot abuse are becoming more interconnected, significantly increasing the potential for financial and reputational damage.

APIs have become essential for modern business operations, facilitating seamless communication between applications and services, from mobile apps to open banking systems. However, this widespread adoption has expanded the attack surface, with API-related incidents rising by 40% in 2022 and continuing to increase. Last year, the average enterprise managed over 600 API endpoints, leaving room for vulnerabilities, particularly in organizations where security practices are not fully integrated into API development. Insecure APIs are responsible for up to $87 billion in annual losses, fueled by the rapid digital transformation and the increasing reliance on APIs to drive business innovation.

Bot attacks have also emerged as a persistent and evolving threat, resulting in up to $116 billion in losses annually. Automated bots are often used for malicious activities like credential stuffing, web scraping, and distributed denial-of-service (DDoS) attacks. These attacks surged by 88% in 2022 and continued to rise in 2023. With bots now driving 30% of all API attacks, they have become a critical threat to API security, with automated API abuse alone costing businesses nearly $18 billion per year. The report highlights the need for stronger collaboration across business and IT teams, as well as integrated API security and bot management strategies to protect against these increasingly sophisticated threats.