The Bot Management Review 2022

In 2021, we published our first “Cost of Bots” report. 2021 was a time of flux, of lockdowns, furloughs, and home working. A lot of predictions were made as to how this would change cybersecurity.

A year on from our cost of bots report, we wanted to know what has changed. Has remote working led to a new wave of bot attacks? Is there a better understanding of how these attacks work? Are businesses fighting back, or losing the war?

In our Bot Management Review 2022, we surveyed 440 businesses across the travel, entertainment, ecommerce, financial services and telecoms sectors in the United States and the UK. Our 2022 report finds that in almost every measure, businesses appear to be doing worse than last year in the fight against bots—though this may not necessarily mean they are losing the fight.

As well as the finding that bots attacks are going undiscovered for longer, the research also found:

• Bot owners are shifting their tactics, with 60% of businesses detecting attacks on APIs and 39% detecting attacks on mobile apps (up from 46% and 23% from 2021 respectively).
• Attacks from each of the main types of bots—sniper, account checker, scalper and scraper—have all increased by between 7-9 percentage points from 2021. 53% of businesses are now detecting attacks from account checker bots.*
• Almost all businesses, around 97%, report that customer satisfaction has been affected by bot attacks.
• Retailers in the US are reporting fewer loyalty points being stolen by automated attacks, but the value of the average theft has more than doubled, suggesting a more targeted approach.
• The revenue impact of skewed web analytics, caused by bots being treated as genuine visitors, has increased from 4% to 5%, though fewer businesses report a substantial impact from this particular effect of bot attacks.