We tested over 14,000 worldwide websites for DataDome’s newest Global Bot Security Report, and the results are in. 65% of domains are completely unprotected against the most basic bot attacks, highlighting just how vulnerable businesses are to online threats. This number is somewhat improved from our findings last year, which showed 68% of businesses were unprotected, but still indicates significant risk and vulnerability across the world.

With over half of online traffic being bots, if your business isn’t protected, your data, revenue, and reputation are at risk. The bots sent by our BotTester tool—used to gather the data for the report—are very simple curl, fake Googlebot, and fake Chrome bots. These are the kinds of basic bots fraudsters might send to scrape your website content, perform a DDoS attack, or enable ad fraud. This year, we also tested an advanced bot on cart and login pages—and less than 5% of the domains we tested were able to stop this advanced bot.

In the report, DataDome Advanced Threat Research’s findings show the differences in protection levels:

• Across seven world regions. North America and Europe are the least protected regions.
• Across 18 industries. E-commerce websites are among the least protected domains we tested.
• By company size and monthly website traffic. Larger companies and more visited websites are better protected—but not by that much.
• By existing bot detection systems. Bot protection providers should be able to identify all of the basic bots we sent, but all of them failed to do this.

Only 8.44% of the 14,000+ businesses we tested are fully protected against simple bots (you can take our free BotTester to see if you’re one of them). View the full 2024 Global Bot Security Report to discover key findings and expert recommendations to enhance your bot and online fraud protection.