Kasada’s 2024 State of Bot Mitigation Report: 98% of Organizations Attacked by Bots in the Past Year Lost Revenue

More than one third report losing over 5% of annual revenue to web scraping

NEW YORK & SYDNEY--()--Kasada, the pioneers transcending bot management by countering the human minds behind automated threats, today released its 2024 State of Bot Mitigation Report revealing that 98% of organizations attacked by bots in the past year lost revenue as a result. Web scraping (web crawling) is a major threat followed closely by account fraud, with more than one third of IT/IS specialists reporting their organizations experienced over 5% revenue loss as a result of each.

Kasada’s fourth annual report surveyed security and technology professionals at companies that are already using bot management, of which 67% are currently using CDN-based bot detection. 30% say their organization has spent $1,000,000 or more on mitigating bot attacks over the past year. Despite these expenditures, traditional bot mitigation solutions are falling short. Just 1 in 5 say that after initial deployment their bot mitigation solution(s) retained effectiveness for more than 12 months. So it’s not surprising that 79% say they are likely to switch bot mitigation providers based on their detection and efficacy.

“Financially-motivated adversaries are circumventing traditional bot defenses more quickly than many can adapt,” said Sam Crowther, founder and CEO of Kasada. “To add to injury, new technologies, like AI, are lowering the barrier to entry for attackers—increasing the number of automated threats that organizations are facing. Companies need a bot mitigation approach that is as dynamic as the adversary—quick to evolve, difficult to evade, and invisible for customers. Kasada provides exactly that.”

The report highlights the following trends:

Leaders are very worried about AI-fueled fraud and automated threats.

  • 87% of IT/IS specialists say their executive team is concerned about bot attacks and AI-driven fraud.
  • Many IT/IS specialists are concerned about AI fueling more complex and more frequent bot attacks. The following AI-driven security threat scenarios are the most concerning:
    • Generative AI enabling criminal attackers to pull off complex attacks with more ease.
    • Sophisticated bots’ developing the ability to easily bypass CAPTCHAs.
    • Increased frequency of advanced attacks that could cause a major disruption to their organization.

Most IT leaders are worried about CAPTCHA ineffectiveness, yet businesses continue to rely on them.

  • More than half (57%) of IT/IS specialists say sophisticated bots developing the ability to easily bypass CAPTCHAs is a major concern.
  • Nearly three quarters (73%) of IT/IS specialists say they believe the customer experience on websites would be improved by the elimination of CAPTCHAs.

Web scraping is amongst the most costly automated threats to businesses. Among IT/IS specialists who report that their company experienced a bot attack in the past 12 months:

  • 37% report their organization has lost more than 5% of revenue as a result of web scraping.
  • 34% report their organization has lost more than 5% of revenue due to account fraud.
  • 26% report their organization has lost more than 5% of revenue due to SMS pumping / toll fraud.

Resources:

  • Read the full report here.
  • Learn more about the survey implications on our blog.

Methodology
Kasada commissioned Atomik Research to conduct an online survey of 222 technology professionals throughout the United States. The sample consists of full-time specialists responsible for mitigating bots who work within Information Systems (IS)/Information Technology (IT) departments of organizations that employ 250 or more people. Fieldwork took place between June 13 and June 26 of 2024. The margin of error for the overall sample is +/- 6 percentage points with a confidence level of 95 percent.

Atomik Research, a part of 4media group, is an independent market research agency.

About Kasada
Kasada has developed a radical approach to defeating automated cyber threats based on its unmatched understanding of the human minds behind them. The Kasada platform overcomes the shortcomings of traditional bot management to provide immediate and enduring protection for web, mobile, and API channels. Its invisible, dynamic defenses provide a seamless user experience and eliminate the need for ineffective, annoying CAPTCHAs. Our team handles the bots so clients have freedom to focus on growing their businesses, not defending it. Kasada is based in New York and Sydney, with hubs in Melbourne, Boston, San Francisco, and London. For more information, please visit https://www.kasada.io and follow on X, LinkedIn, and Facebook.

Contacts

Neil Cohen
enquiries@kasada.io

Release Summary

Kasada’s fourth annual report surveyed security and technology professionals at companies that are already using bot management.

Contacts

Neil Cohen
enquiries@kasada.io