For years, there have been surveys reporting on the state of bad bots to demonstrate the increasing sophistication and financial impact malicious bots have on businesses. The result of these studies? Bad bots are bad for business. But we already knew that, didn’t we?
We conduct a different type of survey. One that covers the state of bot mitigation exclusively from the perspective of organizations already using anti-bot solutions to protect them. To report on how those leveraging bot mitigation are faring at keeping automated threats and online fraud at bay.
2024 State of Bot Mitigation Survey Methodology
As in prior years, we hired an independent research firm to survey information technology decision makers from more than 200 organizations that said they or their team is responsible for managing and/or mitigating bots.
All of the respondents work at companies of more than 250 employees, although the majority work at companies with 1,000 or more, and almost a quarter of which have 5,000 or more. Their job functions include Fraud/Risk Management, Cybersecurity, IT/IT Operations, or Engineering.
A broad range of industries are represented in the survey, including: Technology / Internet, Financial / Banking, Insurance, Manufacturing, Communication, Media/ Entertainment, Retail / eCommerce, Real Estate, Hospitality, Travel, Energy / Oil & Gas.
All survey respondents confirmed their organization’s use of a dedicated anti-bot solution. This year, 67% of companies surveyed relied on traditional CDN-based bot management for all or part of their bot defense. Many organizations deployed more than a single solution, inclusive of CAPTCHA (reCAPTCHA, hCAPTCHA, funCAPTCHA, etc.).
5 Key Survey Findings & Takeaways
1. The Financial Impact of Bad Bots Remains Large
Survey Finding: 98% of companies who experienced bot attacks lost revenue as a result. 24% of respondents say that on average a single bot attack costs their organization $500,000 or more, and 49% say a single bot attack costs their organization $250,000 or more. One third report that Account fraud, SMS fraud, and web scraping each cost 5% or more of revenues.
Takeaway: Even when anti-bot systems are deployed, bad bots continue to have a significant financial impact on businesses. There’s an opportunity for anti-bot systems to be far more effective than they actually are.
2. AI Fuels a New Generation of Application Attacks
Survey Finding: Businesses are concerned with a whole new generation of AI-driven threats. 57% of companies are already concerned about GenAI enabling criminals to pull-off complex attacks with more ease and with increased frequency. 54% worry about data breach due to a successful LLM (Large Language Model) prompt injection attack.
Takeaway: The accessibility and use of GenAI by the attacker will continue to speed-up their attack cycle. New digital experiences incorporating GenAI prompts opens-up a new range of security threats subject to abuse and fraud, many of which are exploited using bots to achieve the necessary scale.
3. The Demise of CAPTCHA for Security is Inevitable
Survey Finding: While 77% of organizations use a CAPTCHA, 73% simultaneously believe the user experience would be improved if these were gone. Over half (57%) are worried about increasingly sophisticated bots using AI to bypass CAPTCHAs – making an already difficult problem worse.
Takeaway: Companies keep using CAPTCHAs and placing the burden on the user to prove they are human. It adds friction to the digital experience, impacts online conversion rates, and presents a security risk. In addition, research shows bots are actually better than people at solving CAPTCHAs.
4. There’s Hidden Costs in Total Cost of Ownership
Survey Finding: The majority (82%) of companies spent $250,000 or more mitigating bot attacks within the last year, and 30% of companies spent $1M or more. Organizations are still allocating a majority of their bot management budget (63%) to ongoing management and remediation vs. the cost of their bot management solution itself (37%).
Takeaway: A surprising amount of money is required to configure, optimize, manage and maintain bot mitigation and bot management solutions. Total cost of ownership must be considered especially when the solution requires complex configurations and ongoing management.
5. A Willingness to Switch Providers Based on Detection / Efficacy
Survey finding: Only 20% of respondents believe their bot mitigation solution retained its effectiveness for a year or more after initial deployment; and 48% for 6 or less months. For the first time, we surveyed buyers’ willingness to switch solutions based on detection and efficacy. 79% were likely to switch to a more effective bot mitigation provider.
Takeaway: Traditional bot mitigation services lose efficacy surprisingly fast. This is due to the proliferation of solver services and the hands-on management required to tune the solution against new threats. Most surveyed are ready to make a switch to a more effective solution.
Staying Ahead of Automated Threats
Staying ahead of automated threats is a never-ending game as bots continue to evolve their methods. Traditional solutions are struggling to keep-up, as evidenced by the survey results. Kasada understands the people behind automated threats, resulting in a radical approach that makes our protection quick to evolve, difficult to evade, and invisible to customers.
We take accountability for stopping bots, with an approach that requires zero management on your behalf and integrates easily with the CDN of your choice. We continue to learn from analyzing trillions of bot interactions, infiltrating botting communities, and reverse engineering their methods. All the while, we’ve never impacted a single user experience by serving a CAPTCHA.
There’s a reason more than 85% of our customers contacted us after using another anti-bot provider. Download the full 2024 State of Bot Mitigation report to see the full survey results and then talk to a specialist about how we can demonstrate superior detection and efficacy.