For years there have been surveys reporting on the state of bad bots to demonstrate the increasing sophistication and financial impact malicious bots have on businesses.

The result of these studies? Bad bots are bad for business. But we already knew that, didn’t we?

We felt it was time to conduct a different type of survey. One that covered the state of bot mitigation exclusively from the perspective of organizations using anti-bot solutions.

2021 State of Bot Mitigation Survey Methodology

To do this, we hired an independent research firm to survey information technology decision makers from more than 200 organizations that said they or their team is responsible for managing and/or mitigating bots. All survey respondents confirmed their organization’s use of a dedicated anti-bot solution.

All of the respondents work at companies of more than 250 employees, although the majority work at companies with 1,000 or more, and almost a quarter of which have 5,000 or more. Their job functions include Fraud/Risk Management, Cybersecurity, IT/IT Operations, or Engineering.

A broad range of industries are represented in the survey, including: Technology/ Internet, Financial/ Banking, Insurance, Manufacturing, Communication, Media/ Entertainment, Retail/ eCommerce, Real Estate, Hospitality, Travel, Gaming/ Casino, Legal Services, Energy/ Oil & Gas.

7 Key Survey Findings & Takeaways

1. The Financial Impact of Bad Bots Remains Large

Survey Finding: 64% of organizations lost more than 6% or more of their revenue due to bot attacks, and 32% lost 10% or more within the last year. A quarter of respondents say that on average a single bot attack costs their organization $500,000 or more, and 44% say a single bot attack costs their organization $250,000 or more.

Takeaway: Even when anti-bot systems are deployed, bad bots continue to have a significant financial impact on businesses. This means there’s an opportunity for these solutions to be much more effective than they actually are, especially when some organizations incur costs in excess of half a million dollars from just one bot attack.

2. A Disconnect Exists Between the Advancements of Threat Actors and Defenders

Survey Finding: Most (80%) companies say that bots are becoming more sophisticated and difficult for their security tools to detect, and less than one-third (31%) are very confident in their ability to detect new zero-day bots, or new bots never seen before, with their current anti-bot solution.

Takeaway: The bot economy and landscape have changed more in the past two years than the past decade due to a tremendous amount of innovation between the DevTools, tactics, and collaboration among bot operators. Bot operators are applying learnings across industries to create customized tools, techniques, and services that more easily and affordably scale sophisticated malicious automation to launch new attacks.

3. Long-Lasting Efficacy Is a Challenge

Survey Finding: Only 15% report their bot mitigation or bot management solution retained effectiveness a year after initial deployment. Specifically, this represents how many companies said their solution worked as well after 12 months as it did on Day 1 of configuration and deployment.

Takeaway: Adversaries work tirelessly to undermine the efficacy of anti-bot solutions. Configurations and policies get stale, accidentally forgotten about, and outdated in the face of constant retooling and reverse engineering.

4. Factor In Total Cost of Ownership

Survey Finding: The majority (77%) of companies spent $250,000 or more on mitigating bot attacks within the last year, and almost two-thirds (63%) expect their company’s spending on bot mitigation and prevention to increase over the next 12 months. A resounding 66% of the total funds necessary to fight bot attacks are attributed to the ongoing management, maintenance, and post-event remediation of their bot mitigation solution – as opposed to the cost of the anti-bot solution itself.

Takeaway: A surprising amount of money is required to configure, optimize, manage and maintain bot mitigation and bot management solutions. In addition, the companies are spending nearly as much money remediating successful bot attacks as they do managing and maintaining their solution.

5. Enormous Amount of Time & Resources Wasted

Survey Finding: 65% of organizations say it took more than a week to configure and optimize their bot solution prior to deployment. 92% say that the person responsible for bot mitigation rules and policies spends on average a total of 25 or more hours each month managing or maintaining them. 63% report that it takes one week or more across roles to remediate a successful bot attack.

Takeaway: Despite having deployed bot mitigation, the majority of companies are spending enormous amounts of time remediating successful bot attacks. Bot mitigation solutions should strive to make it easier for defenders to accurately and effectively stop automated attacks. An anti-bot solution should be quick and easy to deploy, configure, manage, and require little to no maintenance.

6. Negative Downstream Consequences

Survey Finding: According to information technology decision makers surveyed, bot attacks result in more website downtime, an increase in infrastructure costs, and more frequent data leaks. This explains why the majority of respondents (87%) see effective bot mitigation as a competitive advantage for their organization.

Takeaway: It’s more important than ever to get a handle on bot attacks so they don’t disrupt your business and profitability in the highly dynamic and competitive environment most online businesses are in.

7. A Frictionless Customer Experience is Paramount

Survey Finding: More than a third (35%) say bot attacks result in a reduction in online conversions. 87% of companies say the customer experience would be improved by eliminating CAPTCHAs altogether, demonstrating the need for an alternative means of validating traffic is human.

Takeaway: People hate CAPTCHAs. Why do companies keep using them and placing the burden on the user to prove they are human? We eliminate the need for CAPTCHAs for a seamless – and secure – user experience.

A Modern Approach to Bot Mitigation

These survey findings aren’t surprising to us. This is something we’ve witnessed firsthand, as 85% of our customers contacted us after using another anti-bot provider.

Kasada has taken a modern approach to bot mitigation by learning from how bot operators have evolved their tactics. In addition to an incredibly simple and low total cost of ownership (TCO) approach that requires no rules to configure and little to no maintenance, the modern principles of our architecture are as follows:

  • Apply a zero trust philosophy towards bot detection: Identify the presence of automation and assume all requests are guilty; accurately detect new bots never seen before without having to first let them into your infrastructure to analyze them; fortify automation detection using data analytics from billions of bot interactions
  • Fight back and frustrate the adversary: Make automated attacks too expensive to conduct; achieve long-term efficacy by deterring retooling and reverse engineering by changing the playing field
  • Adapt to threats with invisible defenses: Keep defenses invisible to the user, providing a seamless customer experience, including eliminating the need for ineffective CAPTCHAs.

Download our 2021 State of Bot Mitigation report to see the results compiled from this survey.

Want to learn more?

  • Kasada’s Reflections on the Q3 2024 Forrester Wave™ – Bot Management Evaluation

    Kasada named a Strong Performer. Here are some of our own reflections having taken part in this evaluation.

  • Exposing the Credential Stuffing Ecosystem

    Through our infiltration of the credential stuffing ecosystem, we reveal how various individuals collaborate to execute attacks and expose vulnerabilities for profit.

Beat the bots without bothering your customers — see how.