2021 State of Bot Mitigation Survey Shows Companies Are Losing the War Against Bad Bots


Kasada has announced the findings of its 2021 State of Bot Mitigation Survey report. Conducted by an independent research firm, the survey covers the state of bot mitigation exclusively from the perspective of organizations already using anti-bot solutions.

Key Findings

  • 64% of organizations lost more than 6% or more of their revenue due to bot attacks, and 32% lost 10% or more within the last year
  • A quarter of respondents say that on average a single bot attack costs their organization $500,000 or more
  • 76% of companies say they are either playing a game of cat and mouse or feel like it’s an impossible balancing act to keep up with evolving bot threats.
  • 80% of companies agree that bots are becoming more sophisticated and difficult for their security tools to detect
  • 85% report their bot mitigation solution became ineffective within a year after initial deployment

Bad Bots: Now a C-Level Imperative

A majority of organizations (64%) lost 6% or more of their revenue due to bot attacks, and 32% report that their organizations lost 10% or more of revenue within the last 12 months.

A quarter of respondents say that on average a single bot attack costs their organization $500,000 or more, and 44% of respondents say it costs their organization $250,000 or more.

Nearly half (45%) of companies surveyed say bot attacks result in more website downtime at their organizations, and about a third say bot attacks result in brand or reputational damage, reduction in online conversions, and more frequent data leaks. bot attacks resulted in an increase in operational or logistical bottlenecks.

Researchers found that 77% of companies spent $250,000 or more on mitigating bot attacks within the past 12 months, while 27% spent in-excess of $1 million, resulting in a loss of revenue and increased operational costs.

With 80% of executive teams asking about bot attacks within the past 6 months, bot attacks and their effects have become a C-Level concern. As a result, a majority of companies (63%) plan to increase their spending on bot prevention over the next 12 months.

Most Companies Aren’t Prepared to Stop Sophisticated Bots

The research shows that most companies are not prepared to protect against the evolving bot landscape using the solutions they have in place.

In fact, 80% of companies say that bots are becoming more sophisticated and difficult for their security tools to detect, and only 31% are very confident in their ability to detect new bots never seen before. Only 15% report that their solution retained effectiveness a year after initial deployment.

Respondents indicate that the most difficult types of bot attacks to stop are credential stuffing, account takeover, web scraping, denial of inventory, CAPTCHA defeat, application DDoS, fake account creation, carding and cracking.

In addition to CAPTCHA defeat being challenging to stop, 87% of companies say the customer experience would be improved by eliminating CAPTCHAs altogether, demonstrating the need for an alternative means of validating traffic is human.

Enormous Amount of Time and Resources Wasted

A resounding 66% of the total funds necessary to fight bot attacks are attributed to the ongoing management, maintenance, and post-event remediation of their bot mitigation solution – as opposed to the cost of the anti-bot solution itself.

According to the report, 65% of companies say it took more than a week to configure and optimize their bot solution prior to deployment. The vast majority (92%) of organizations say that the person responsible for bot mitigation rules and policies spends on average a total of 25 or more hours each month managing or maintaining them. In addition, 63% of companies report that it takes one week or more across roles to remediate a successful bot attack.

“While all organizations surveyed prioritize the need to defend against bad bots, most cannot fend them off due to ineffective bot mitigation solutions,” said Sam Crowther, CEO and founder, Kasada. “More has changed in the bot ecosystem over the past 2 years than the prior decade. Today’s organizations need a different approach, one that is proactive and constantly adapting alongside attackers.”


Kasada commissioned Atomik Research to conduct an online survey of 204 U.S. security and technology professionals responsible for mitigating bots. Sample participants work within IT departments of organizations that employ 250 or more people. All organizations surveyed currently have bot mitigation solutions in place. The survey was conducted in August 2021. Atomik Research, a part of 4media group, is an independent market research agency.

You can read the full report here.