17 December 2024

The research reveals that businesses could face average potential losses of £2.02 million per hour throughout December due to malicious bot traffic and fraud attempts.

Total e-commerce transactions doubled year-over-year (YoY) from 5.1 billion in 2023 to 10.4 billion in 2024, with 34.62% flagged as malicious — up 138.57% from the previous year. Cybercrime during the 11-day period from November 22 (Black Friday) to December 2, 2024 (Cyber Monday) resulted in £533.67 in potential losses worldwide, with projections for December 2024 averaging £2.02 million in losses per hour, totaling £1.4 billion. Sophisticated attack techniques, including credential stuffing, SMS pumping, and token farming, experienced a 700% YoY increase. A major e-commerce company mitigated an SMS pumping attack that cost £2,350 every four hours, successfully blocking fraudulent account creation and preventing further financial losses with Cequence’s advanced bot and API protection. Cequence managed a 125% traffic surge on Black Friday, blocking 11.5 million malicious attempts while maintaining seamless customer experiences.

With the growth of legitimate e-commerce transactions, businesses face an unprecedented challenge of defending against increasingly sophisticated and high-volume attacks. Cequence’s research found a 72.6% increase in mitigated malicious traffic from 2023 to 2024, highlighting the urgent need for proactive security measures.

“Cybercriminals are seizing on the rapid growth of digital commerce, using increasingly sophisticated tactics to target both businesses and consumers,” said Randolph Barr, CISO at Cequence. “This year’s findings are part of a broader trend: as e-commerce continues to evolve, so too does the scale and complexity of cyber threats. These findings highlight the critical need for businesses to adopt robust API and bot management solutions to protect revenue, maintain customer trust, and stay competitive in an increasingly digital world.”