Most UK Websites Are Defenseless Against Simple Bot Attacks

DataDome study points to urgent need for improved bot protection in the UK.

Today, DataDome, a leading provider of AI-powered online fraud and bot mitigation, unveils insights from its UK Bot Security Report, which found that a staggering two thirds (66%) of UK websites are unprotected against simple bot attacks, highlighting how vulnerable UK businesses are to automated online threats.

Bad bots are plaguing the internet, and today make up over 30% of all internet traffic, which cybercriminals use to target online businesses with fraud and other attacks. Bots disrupt digital business operations, putting data security and the customer experience at risk, with severe consequences including financial losses and reputational damage.

To understand more about how UK businesses defend themselves against malicious bots, DataDome tested over 2,400 of the largest UK-based websites across a range of industries, from banking and ticketing to e-commerce and gambling. The findings shed light on the prevailing state of bot protection across industries and business sizes, variations in the performance of different bot detection systems, and the effectiveness of traditional CAPTCHAs as a defense mechanism.

Most notably, a significant majority of UK-based digital businesses are not adequately protected against simple bot attacks. 

66% of UK websites tested are unprotected against simple bot attacks. 

• Only 7.9% successfully blocked all bot requests. 
• 22.8% detected and blocked at least some of the bots.
• A staggering 69.4% let through all nine different combinations of bots tested. 

E-commerce and classified ads websites are particularly exposed.

• Over 70% of websites in these categories failed all nine bot tests. 
• E-commerce sites are amongst the most vulnerable: 70% failed all bot tests. 
• Gambling sites are the best defended, with 29% blocking all the BotTester bots. 

CAPTCHA proves ineffective.

• Of the 515 websites equipped with only a CAPTCHA tool, less than 4% detected and blocked all bots.
•  In 75% of the websites, the CAPTCHA tools failed to stop even a single bot.

The most “successful” bots (from an attacker’s POV) are fake Chrome bots.

• 90% of DataDome’s fake Chrome bots were undetected.
• 87% of simple Curl command bots went undetected.
• 75% of fake Googlebots were undetected.

Antoine Vastel, Head of Research at DataDome, comments: “Bots are becoming more sophisticated by the day, and UK businesses are clearly not prepared for the financial and reputational damage these silent assassins can cause. From ticket scalping and inventory hoarding, to account fraud, bad bots wreak chaos on consumers and businesses alike.  Businesses that do not deal adeptly with bad bots risk significant reputational damage, as well as exposing their customers to unnecessary risk. They must act now to protect themselves against this growing threat.” 

The DataDome BotTester tool is available to access here: datadome.co/bot-tester.

Today’s announcement comes on the heels of DataDome’s channel partner program expansion, as well as closing $42M in Series C funding to advance the fight against bad bot developers and online fraud. DataDome has received widespread recognition in the past year for its market-leading detection and mitigation capabilities. It is Great Place to Work certified, and was ranked the 21st cybersecurity company on the 2022 Inc. 5000 list. DataDome is also a G2 leader in Bot Detection & Mitigation, and has won numerous industry awards.

Follow DataDome on YouTube and LinkedIn for regular updates on threat research, customer case studies, and to ensure your bot protection is ready to tackle the most sophisticated attacks.