Ecommerce businesses could face average potential losses of £2m per hour throughout December due to malicious bot traffic and fraud attempts, according to figures from US-based API security and bot management provider, Cequence.

Its CQ Prime threat research, published this week, draws on billions of real transactions and attack data from its Unified API Protection platform, and highlights the expanding attack surface that cyber criminals exploit during peak shopping periods, including Black Friday and Cyber Monday.

With the growth of legitimate e-commerce transactions, businesses face an unprecedented challenge of defending against increasingly sophisticated and high-volume attacks. Cequence’s research found a 73% increase in mitigated malicious traffic from 2023 to 2024, highlighting the need for proactive security measures.

“Cyber criminals are seizing on the rapid growth of digital commerce, using increasingly sophisticated tactics to target both businesses and consumers,” said Randolph Barr, CISO at Cequence. “This year’s findings are part of a broader trend: as e-commerce continues to evolve, so too does the scale and complexity of cyber threats. These findings highlight the critical need for businesses to adopt robust API and bot management solutions to protect revenue, maintain customer trust, and stay competitive in an increasingly digital world.”

---