The majority (66%) of UK websites are unable to block simple bot attacks, exposing their businesses to fraud, account compromise and much more, according to DataDome.
The security vendor tested over 2400 of the largest sites in the country with its BotTester tool, across a range of industries including banking, ticketing, e-commerce and gambling.
It found that just 8% successfully blocked all bot requests, with over 69% allowing all nine bot types through. Nearly a quarter (23%) detected at least some of the bots, DataDome claimed.
The worst performing sectors were e-commerce and classified ads, which allowed over 70% of the bad bot traffic through and failed all nine bot tests. At the other end of the spectrum, gambling sites were the best defended, with 29% blocking all bot varieties generated by the BotTester tool.
Read more on malicious bot traffic: Bad Bots Swarm the Internet in Record Numbers in 2021
The most successful bad bots created by BotTester were fake Chrome bots, which bypassed 90% of tested sites’ defenses.
Head of research at DataDome, Antoine Vastel, argued that UK firms are simply not prepared for the potentially significant financial and reputational damage that bad bots can cause.
“From ticket scalping and inventory hoarding, to account fraud, bad bots wreak chaos on consumers and businesses alike,” he added.
“Businesses which do not deal adeptly with bad bots risk significant reputational damage, as well as exposing their customers to unnecessary risk. They must act now to protect themselves against this growing threat.”
Malicious bots comprise around 30% of all internet traffic today, a share that continues to tick up, according to Imperva.
They cost global organizations billions of dollars annually, with more advanced bots now accounting for a majority of malicious traffic. These are harder to spot as they are designed to mimic real human behavior.