Home PC News Report: 57% of all ecommerce cyberattacks are bot-driven

Report: 57% of all ecommerce cyberattacks are bot-driven

According to a 12-month analysis by Imperva Research Labs of cybersecurity risks impacting ecommerce, 57% of all attacks recorded on ecommerce websites were carried out by bots in 2021, compared to 33% for all other industries.

The report reveals that the ecommerce industry remains a prime target for cybercrime. As global supply chain challenges continue into the 2021 holiday shopping season, retailers could see further disruptions caused by cyberattacks.

Automated bot activity is a pervasive threat for ecommerce. In 2021, the volume of monthly bot attacks on retail sites increased 13% compared to 2020. Particularly noteworthy: The proportion of sophisticated bad bots on retail websites also grew in 2021. This breed of bot is the hardest to stop because they produce mouse movements and clicks that resemble human behavior. Sophisticated bots evade simple defenses and are responsible for account takeover, fraud, and denial of inventory that makes it harder for legitimate shoppers to get the goods they want.

Line graph indicating the risk and fall of bot attacks on retail websites per month, comparing 2019/20 to 2020/21. There was a steady increase from 2019/20, whereas 2020/2021 had an inconsistent rise and fall, with a downward trend beginning from July to August.

Web application attack patterns from Q4 2020 through the first half of 2021 were characterized by unique traffic spikes that coincided with periods of high shopper activity. Data leakage ranked as the leading attack type, targeting shoppers’ payment information or loyalty reward points. It accounts for nearly one-third of all retail web application attacks (31.3%) in 2021, a higher percentage compared to all other industries (26.9%).

In a finding that more directly affects consumers, 32.8% of all retail logins observed in 2021 were account takeover (ATO) attempts — higher than the 25.5% average across all other industries. Account takeovers are an acute risk for consumers with credit card or payment information stored on ecommerce sites.

A startling finding was that DDoS incidents on ecommerce sites spiked 200% in September 2021. While a moderate rise in DDoS incidents is not unusual for online retailers when holiday shopping begins, this year’s sharp increase is unique — presumably a result of the Meris botnet. If this trend persists, online retailers should expect higher levels of DDoS incidents throughout the holiday season, a threat for online retailers that cannot afford downtime.

Research for the 2021 Imperva State of Security Within eCommerce Report was conducted using anonymized retailer data collected by several Imperva products from September 2020 through September 2021.

Read the full report by Imperva.


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Most Popular

Recent Comments