A new report released by software-as-a-service bot protection startup DataDome SAS today has found that about two in three U.S. websites are unprotected against simple bot attacks.

The finding came from DataDome’s U.S. Bot Security report, which tested over 9,500 of the largest U.S.-based websites across a range of industries, including banking, ticketing, e-commerce and gambling. Highlighting an urgent need for improved bot protection measures, the report details not only the significant risk websites face but also that traditional CAPTCHAs are no longer effective in preventing automated attacks.

Bots come in different flavors, but bad bots, those used for malicious purposes, now make up over 30% of all internet traffic and are used by cybercriminals to target online businesses with fraud and other attacks. DataDome notes that bots disrupt digital business operations, putting data security and the customer experience at risk, with consequences including financial losses and reputational damage.

Of the U.S. sites tested, 68% were unprotected against simple bot attacks, while only 10% successfully blocked all bot requests. Almost 22% of sites detected and blocked some bots, but not all, and 68% let through all nine different types of bots.

By sector, e-commerce websites were the most susceptible to simple bot attacks, with some 72% failing, followed by 65% of classified ad websites. Conversely, gambling websites were way more secure, with 31% blocking all the test bots. By company size, three-quarters of companies with 50 or fewer employees had completely unprotected sites, versus under 60% for companies with more than 10,000 employees.

One interesting standout in the report is that CAPTCHAs are no longer effective against malicious bots. Of the 2,587 sites equipped with only a CAPTCHA tool, less than 5% detected and blocked all bots. With 77% of sites using only CAPTCHAs, the CAPTCHA tools failed to stop even a single bot.

For sites with specialized bot detection and a CAPTCHA tool, the figures get slightly better, with almost 15% blocking all bad bots, 30% blocking some and the remaining 55% failing to block any.

“Bots are becoming more sophisticated by the day, and U.S. businesses are clearly not prepared for the financial and reputational damage these silent assassins can cause,” Antoine Vastel, head of research at DataDome. “From ticket scalping and inventory hoarding to account fraud, bad bots wreak chaos on consumers and businesses alike. Businesses which do not deal adeptly with bad bots risk significant reputational damage, as well as exposing their customers to unnecessary risk. They must act now to protect themselves against this growing threat.”

Image: DALL-E 3