The Current State of Bot Attacks

We recently carried out a survey of 200 UK enterprises across e-Commerce, financial services, entertainment and travel. Amongst our objectives, we wanted to discover the state of bot attacks in the surveyed industries. We now know that many businesses use some sort of bot mitigation, and the few that don’t are in the process of doing so.

In part 2 of our blog series, we find out which bot attacks represent the greatest risk to businesses.

Organizations not only know that bots are out there and attacking their websites, but in general they know what attacks to look for. Only 1% did not link bot activity to a specific threat.

And while there were slight differences in what was seen as the greatest risk, all bots were perceived to be a threat by 70% of businesses; with card fraud coming out on top and scraping regarded as having the lowest risk.

Overall, businesses have a good idea of what to expect from a bot attack, and most have a solution in place to help deal with the issue.

76% attacked by bots in the last two years

Most businesses say that they have experienced a bot attack in the last two years and only 24% say they have not. Although this seems encouraging, we still know that bots are common everywhere and it’s pretty much impossible to avoid them.

If a business with a website tells us it has never had a problem with bots, there’s a good chance that they did have a problem and simply didn’t know about it.

How often are businesses evaluating their bot management strategy?

Our respondents stated that they are constantly evaluating their bot management strategy, with over two thirds doing so in the last six months. We found that these businesses are taking the threat of bots seriously enough to consider and reconsider their approach when it comes to new threats.

Around 10% of cybersecurity budgets are put towards bot mitigation, and nearly 100% of those we asked were looking to increase this budget in the future

Overall, businesses are confident in their bot mitigation approach, however this could mean that overconfidence is a problem. The first sign of this is when we asked where the responsibility lies for tackling bots.

Where the responsibility lies

Only one in ten businesses say that bot mitigation is the responsibility of a single department or person. A lack of clear ownership could be the root of bot attacks going unnoticed for long periods of time. For those businesses where responsibility is spread out amongst various departments, we wonder if it is because they lack the resources to have a security department own the issue of bot management?

On average, a business has 3.7 departments involved with managing bot activity targeting its services, while a quarter of those surveyed state that the management of bots is shared across five different departments.

This issue points to a potential gap in responsibility when it comes to bots. A lack of clear ownership could be the root of the problem. Bots can attack many different businesses, and all will have their own unique challenges to meet. If bot mitigation does not have a single owner, this will lead to a loss of visibility and responsibility.

It’s critical that businesses understand the problem of sophisticated bots, how bots operate and the wider ecosystem to protect themselves and their customers. Read the complete report for an in-depth analysis of the current state of bot management in business or talk to the Netacea team today about your bot management strategy.