Skip to main content

Bots produced this much Internet traffic in 2023

Bad bot traffic is increasing.

Automated bot traffic across the Internet is on the rise.

Nearly half (49.6%) of all global Internet traffic came from bots in 2023, according to the  2024 Imperva Bad Bot Report, a global analysis of online bot traffic from cybersecurity provider Thales.  This marks a 2% increase from the previous year and the highest level Imperva has reported since it began monitoring automated online traffic in 2013.

 For the fifth consecutive year, the proportion of web traffic associated with bad bots as tracked by Imperva, a Thales company, grew to 32% in 2023, up from 30.2% in 2022.

Meanwhile, global Internet traffic from human users decreased to 50.4%. According to the study, automated traffic is costing organizations billions of dollars annually due to attacks on websites, APIs, and applications.

Organizations must proactively address the threat of bad bots as attackers sharpen their focus on API-related abuses that can lead to account compromise or data exfiltration.”

Other key trends identified in the 2024 Imperva Bad Bot Report include:

  • Ireland (71%), Germany (67.5%), and Mexico (42.8%), saw the highest levels of bad bot traffic in 2023. The U.S. saw a slightly higher ratio of bad bot traffic at 35.4% in 2023 compared to 2022 (32.1%).
  • Rapid adoption of generative AI and large language models (LLMs) resulted in the volume of “simple bots” increasing to 39.6% in 2023, up from 33.4% in 2022. This technology uses web scraping bots and automated crawlers to feed training models, while enabling non-technical users to write automated scripts for their own use.
  • Account takeover (ATO) attacks increased 10% in 2023, compared to the same period in the prior year. Notably, 44% of all ATO attacks targeted application protocol interfaces (API) endpoints, compared to 35% in 2022. Of all login attempts across the Internet, 11% were associated with account takeover. 
  • Automated threats caused a significant 30% of API attacks in 2023. Among them, 17% were bad bots exploiting business logic vulnerabilities—a flaw within the API’s design and implementation that allows attackers to manipulate legitimate functionality and gain access to sensitive data or user accounts. Cybercriminals use automated bots to find and exploit APIs, which can act as a direct pathway to sensitive data.
  • For a second consecutive year, gaming (57.2%) saw the largest proportion of bad bot traffic, followed by retail (24.4%).

"Bots are one of the most pervasive and growing threats facing every industry," said Nanhi Singh, GM, application security at Imperva, a Thales company. "From simple web scraping to malicious account takeover, spam, and denial of service, bots negatively impact an organization’s bottom line by degrading online services and requiring more investment in infrastructure and customer support.

"Automated bots will soon surpass the proportion of internet traffic coming from humans, changing the way that organizations approach building and protecting their websites and applications," said Singh. 

[Read more: Fraud rises in 2023 for businesses, consumers alike]

This ad will auto-close in 10 seconds