Bot Attacks: The Financial Impact of Attacks Beyond Mitigation Costs
2023-12-7 23:20:57 Author: securityboulevard.com(查看原文) 阅读量:2 收藏

Bot and online fraud attacks have significant impacts on bottom-line business costs, as well as customer satisfaction, brand reputation and other key factors for e-commerce enterprises. In recent years, we have seen bot attacks cripple online marketplaces, and rob consumers—and businesses—of their money.

From an internal cost perspective, employees can easily spend hours manually mitigating such attacks, resulting in a tremendous amount of frustration and burnout, while pulling focus from revenue-driving activities. In terms of the external impacts of bot attacks, loss of customer trust, declining customer satisfaction and reputational damages are top of mind.

But wasted time and customer churn are just the tip of the iceberg when it comes to bad bots and online fraud costs. There are more financial damages to consider.

Revenue Loss

While it is possible for the financial impact of a bot attack to be sudden, sharp, and obvious, bad bot traffic often hurts your revenue in more subtle ways, including website downtime and poor site performance.

For example, consider application layer DDoS attacks. While they are typically “low and slow,” they can still take down your company’s site, which can be quite costly. In calculating the cost of being offline for your organization, consider this: Divide the total online revenue by the number of minutes per year (525,600 minutes), and multiply that by the number of downtime minutes caused by an attack. For example, if your business generates $100 million in online revenue and faces two hours of downtime, that’s almost $23,000 in lost revenue.

It’s worth noting that bot attacks do not have to completely disable your site to alienate prospective customers (and their money); they just have to hinder site performance. We have all been there—trying to purchase something online or navigating a slow site is incredibly frustrating. So what do we tend to do in that case? Close out the webpage and give up! Do not underestimate how much seconds and milliseconds matter; even a one-second delay in page response can result in a 7% reduction in conversions. If we assume $100,000 in organizational revenue generation per day, that is $2.5 million lost per year.

And we can’t forget costly data breaches, which in recent years have made front-page news. Following their data breach in 2017, Equifax lost a total of $1.4 billion, and in 2019, Ashley Madison lost 80% of its website traffic due to a data breach.

Operational Expenses

Compounding matters, in addition to revenue loss, bot attacks and fraud can drive up operational costs, in the form of customer loyalty rewards abuse, inflated content delivery network (CDN) bills, and increased authentication costs, among others.

Indeed, loyalty and reward program fraud is a very lucrative business for hackers, making these types of programs vulnerable to attacks. Industry experts estimate that loyalty and reward point fraud results in around $1 billion lost every year.

CDN bills can also skyrocket in the aftermath of a bot attack. Nearly all major CDNs have a pricing model that charges per the gigabyte used. Bot traffic dramatically increases that outbound data transfer, increasing CDN bills by up to 70% for some businesses.

With regards to increased authentication costs, if any of your online services require extra authentication, it may be associated with extra fees. For example, with two-factor authentication (2FA), you may pay for an SMS text to be sent any time a user logs in.

If your login page is hit with a massive volume of malicious bot requests, it can generate an SMS bill of tens or hundreds of thousands of dollars fast.

Regulatory Penalties

As both attackers and the cybersecurity industry evolve, regulatory bodies are taking notice—and action. For example, the Biden administration announced a newly formed National Cybersecurity Strategy earlier this year, and the SEC released new rules and regulations on cyber risk management as well as incident reporting. In turn, C-suite and cybersecurity executives must bear these new regulations and standards in mind, or else risk pricey penalties.

Moreover, legislators in many countries and states have introduced regulations to protect consumer privacy and data security, like the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA). It doesn’t matter where your business is located; if you collect data from EU or California residents, bot-driven breaches, such as unmitigated ATO attacks, will expose you to hefty penalties. For example, a famous U.S.-based e-commerce enterprise announced in July 2021 that it had been fined more than $875 million due to alleged GDPR violations.

And let’s not discount the cost of public scrutiny; bot traffic can bring unwanted attention to your business—both socially and legally—that will impact your bottom line.

Looking Forward

The only fool-proof way to protect your business’s reputation and bottom line from the damage bots can wreak is with a dedicated bot protection solution. With several options on the market, here are questions to ask when evaluating a solution: How accurate is the detection? Be wary of any solution that trades detection accuracy for speed.

What is the end-user experience like? What’s good for consumers is good for your business, so avoid solutions that add latency or disrupt the UX.

Is it a force multiplier for your team? In other words, look for a solution that offers leverage via transparency, multiple integrations, easy implementation, and infrastructure compatibility.

The negative financial impacts of malicious bot traffic and online fraud attacks can range from immediate to delayed and be both severe and long-lasting. That’s why most enterprise leaders will tell you that finding the right bot protection will save you money in the long run, from averted costly attacks to employee hours saved from manual bot mitigation.


文章来源: https://securityboulevard.com/2023/12/bot-attacks-the-financial-impact-of-attacks-beyond-mitigation-costs/
如有侵权请联系:admin#unsafe.sh