New research from Cequence Security highlights the growing cybercrime risks faced by businesses during the holiday shopping season, revealing that retail businesses could lose an average of £2.02 million ($2.58 million) per hour in December due to malicious bot traffic and fraud attempts.
The study, conducted by Cequence’s CQ Prime threat research team, draws on data from billions of real transactions and cyberattacks observed through Cequence’s Unified API Protection (UAP) platform. It underscores the rapidly expanding attack surface that cybercriminals exploit during key shopping periods such as Black Friday and Cyber Monday.
E-commerce saw massive growth in 2024, with the number of online transactions more than doubling from 5.1 billion in 2023 to 10.4 billion. Of these transactions, 34.62% were flagged as malicious—a significant increase of 138.57% from the previous year.
The financial impact is staggering, with the research estimating potential global losses of £533.67 million ($681.12 million) during the 11-day period from Black Friday to Cyber Monday. Over December, potential losses are projected to average £2.02 million per hour, totalling £1.4 billion ($1.79 billion) by the end of the month.
Cybercriminals are increasingly using sophisticated techniques to target businesses and consumers. These methods include credential stuffing, SMS pumping, and token farming, which have seen a 700% year-on-year increase. The rising sophistication of these attacks presents a major challenge for businesses, as the sheer volume of fraudulent activity during peak shopping periods overwhelms many traditional security measures.
One real-world example of a business successfully mitigating an attack involved a major e-commerce company that blocked a fraudulent SMS pumping attack. This attack, which was costing the company £2,350 ($3,000) every four hours, was successfully thwarted with Cequence’s advanced bot and API protection, preventing significant financial losses.
The research also found that Cequence managed to block 11.5 million malicious attempts during Black Friday, successfully handling a 125% surge in traffic while maintaining a seamless experience for legitimate customers.
As e-commerce continues to grow, so too do the cyber threats targeting it. The study shows that businesses are seeing a 72.6% increase in malicious traffic compared to 2023, emphasising the urgent need for stronger, more proactive security measures.
Randolph Barr, CISO at Cequence, commented: “Cybercriminals are increasingly targeting digital commerce with sophisticated tactics. As the scale and complexity of cyber threats continue to evolve, businesses must adopt robust API and bot management solutions to protect revenue, maintain customer trust, and stay competitive in an increasingly digital world.”
Cequence recommends that businesses enhance their incident readiness, improve security protocols, and deploy multi-layered security systems to better defend against the growing cybercrime threat. The company also advises businesses to stress-test their systems during high-traffic events like Black Friday to ensure they are prepared for any surge in attacks. To learn more, visit www.cequence.ai.
