Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

According to a 12-month analysis by Imperva Research Labs of cybersecurity risks impacting ecommerce, 57% of all attacks recorded on ecommerce websites were carried out by bots in 2021, compared to 33% for all other industries.

The report reveals that the ecommerce industry remains a prime target for cybercrime. As global supply chain challenges continue into the 2021 holiday shopping season, retailers could see further disruptions caused by cyberattacks.

Automated bot activity is a pervasive threat for ecommerce. In 2021, the volume of monthly bot attacks on retail sites increased 13% compared to 2020. Particularly noteworthy: The proportion of sophisticated bad bots on retail websites also grew in 2021. This breed of bot is the hardest to stop because they produce mouse movements and clicks that resemble human behavior. Sophisticated bots evade simple defenses and are responsible for account takeover, fraud, and denial of inventory that makes it harder for legitimate shoppers to get the goods they want.

Line graph indicating the risk and fall of bot attacks on retail websites per month, comparing 2019/20 to 2020/21. There was a steady increase from 2019/20, whereas 2020/2021 had an inconsistent rise and fall, with a downward trend beginning from July to August.


Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.


Register Now

Web application attack patterns from Q4 2020 through the first half of 2021 were characterized by unique traffic spikes that coincided with periods of high shopper activity. Data leakage ranked as the leading attack type, targeting shoppers’ payment information or loyalty reward points. It accounts for nearly one-third of all retail web application attacks (31.3%) in 2021, a higher percentage compared to all other industries (26.9%).

In a finding that more directly affects consumers, 32.8% of all retail logins observed in 2021 were account takeover (ATO) attempts — higher than the 25.5% average across all other industries. Account takeovers are an acute risk for consumers with credit card or payment information stored on ecommerce sites.

A startling finding was that DDoS incidents on ecommerce sites spiked 200% in September 2021. While a moderate rise in DDoS incidents is not unusual for online retailers when holiday shopping begins, this year’s sharp increase is unique — presumably a result of the Meris botnet. If this trend persists, online retailers should expect higher levels of DDoS incidents throughout the holiday season, a threat for online retailers that cannot afford downtime.

Research for the 2021 Imperva State of Security Within eCommerce Report was conducted using anonymized retailer data collected by several Imperva products from September 2020 through September 2021.

Read the full report by Imperva.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.