A new report reveals that in 2022, 47.4% of all internet traffic came from bots, a 5.1% increase over the previous year. The same report showed that human traffic, at 52.6%, decreased to its lowest level in eight years.

This week, Imperva released its 10th annual Bad Bot Report, a global analysis of automated bot traffic across the internet. The annual report provides security and business leaders with information about the evolution of bot technology and automated traffic. This year’s report also documents milestones in the evolution of bad bot technology.

For the fourth consecutive year, the volume of bad bot traffic — malicious automated software applications capable of high-speed abuse, misuse and attacks — grew to 30.2%, a 2.5% increase over 2021.

Other report highlights include

  • In 2022, the proportion of bad bots classified as “advanced” accounted for 51.2% of all bad bot traffic. In comparison, the level of bad bot sophistication in 2021 was 25.9%.
  • Account takeover (ATO) attacks increased 155% in 2022 and 15% of all login attempts in the past 12 months — across all industries — were classified as account takeover.
  • In 2022, 17% of all attacks on APIs came from bad bots abusing business logic. In addition, 35% of account takeover attacks in 2022 specifically targeted an API.
  • Travel (24.7%), retail (21%) and financial services (12.7%) experienced the highest volume of bot attacks. Gaming (58.7%) and telecommunications (47.7%) had the highest proportion of bad bot traffic on their websites and applications.
  • Of the 13 countries analyzed in the report, seven had bad bot traffic levels that exceeded the global average of 30.2%. Germany (68.6%), Ireland (45.1%) and Singapore (43.1%) ranked in the top three, while the U.S. also exceeded the average at 32.1%.
  • One-in-five bad bots used Mobile Safari as their browser of choice in 2022, up from 16.1% in 2021.