Automated bots now comprise over half of all global internet traffic, reaching 51% in 2024, marking the first time in a decade that non-human activity has surpassed human-generated web traffic. This significant shift was revealed in the latest Imperva Bad Bot Report, a comprehensive analysis of automated bot traffic across the internet. The cybersecurity firm, a Thales company, highlighted the increasing sophistication and volume of bot activity, which continues to pose substantial challenges for organizations worldwide.
The 2024 figures represent a notable increase from 2023, when bots accounted for 49.6% of internet traffic, with human users making up 50.4%. Malicious bot activity, specifically, has also surged, rising to 37% of all internet traffic in 2024, up from 32% the previous year. This growth underscores the escalating threat landscape and the persistent efforts of cybercriminals to exploit automated processes.
A primary driver behind this surge is the rapid adoption and accessibility of Artificial Intelligence (AI) and Large Language Models (LLMs), which have simplified bot development. These technologies enable even less technically skilled individuals to create and deploy bots more easily, leading to a proliferation of automated traffic. Simple bad bots, in particular, saw a significant increase in 2024, growing from just under 40% to 45%.
The financial implications for businesses are substantial, with automated traffic costing organizations billions of dollars annually due to attacks on websites, APIs, and applications. Industries such as Travel, Retail, and Financial Services are among the most heavily targeted. For instance, the travel industry became the most attacked sector in 2024, with 48% of all web traffic to travel sites originating from bad bots.
Nanhi Singh, General Manager of Application Security at Imperva, emphasized the pervasive nature of this threat. "As more AI-enabled tools are introduced, bots will become omnipresent," Singh stated, stressing the critical need for robust security measures. Imperva recommends that organizations invest in effective bot management and API security tools to mitigate the growing risk from malicious, automated traffic and protect their digital assets.