Radware Reports 57% of E-Commerce Traffic from Automated Bots in 2025 E-Commerce Bot Threat Report

Radware's report reveals automated bots dominated e-commerce traffic, highlighting evolving cybersecurity threats for retailers.

Quiver AI Summary

Radware has published its "2025 E-commerce Bot Threat Report," revealing that automated bots made up 57% of e-commerce website traffic during the 2024 holiday season, surpassing human shoppers for the first time. The report indicates a significant evolution in bot technology, as sophisticated, AI-enhanced bad bots are increasingly capable of evading traditional security defenses, with 31% of total internet traffic attributed to malicious bots. Notably, mobile-targeted attacks rose dramatically by 160%, necessitating tailored security measures for mobile platforms. The report emphasizes the growing complexity of attacks that combine various techniques, highlighting an urgent need for integrated and advanced defense strategies among e-commerce providers to mitigate these risks. Radware plans to discuss these findings and protective strategies at the RSA 2025 Conference in San Francisco.

Potential Positives

Radware's report highlights a significant shift in e-commerce traffic, with automated bots surpassing human shoppers, demonstrating the growing importance of addressing sophisticated bot threats in the cybersecurity landscape.
The release of the “2025 E-commerce Bot Threat Report” positions Radware as a thought leader in the cybersecurity industry, providing valuable insights that can enhance their brand reputation and attract potential customers.
By showcasing their findings on advanced bot attacks and emphasizing the need for AI-powered detection solutions, Radware is likely to drive demand for their cybersecurity products and services, addressing critical vulnerabilities in the market.
Participation in the RSA 2025 Conference presents an opportunity for Radware to engage with industry leaders, showcase their innovations, and strengthen relationships with potential clients and partners.

Potential Negatives

The report highlights a critical shift in the e-commerce landscape with automated bots outpacing human traffic, suggesting a growing vulnerability for Radware's client base.
The increase in sophisticated bad bots and mobile-focused attacks indicates that traditional security measures may be inadequate, potentially undermining client trust in Radware's solutions.
Radware's acknowledgment of significant issues such as the need for advanced, multi-layered protections may signal to investors that existing security technologies may be lacking or require urgent upgrades.

FAQ

What is the main finding of the 2025 E-commerce Bot Threat Report?

The report reveals that automated bots accounted for 57% of e-commerce traffic during the 2024 holiday season, surpassing human shoppers.

How have bad bots changed according to the report?

Bad bots have evolved into sophisticated, AI-enhanced agents that can evade traditional security measures, posing greater risks for e-commerce providers.

What trends did the report highlight regarding mobile attacks?

Malicious bot traffic targeting mobile platforms surged by 160% between the 2023 and 2024 holiday seasons, indicating a shift in attacker focus.

How are attackers improving their methods?

Attackers are increasingly using distributed infrastructures and residential proxy networks to evade traditional blocking mechanisms, making mitigation more challenging.

Where can I learn more about Radware's security solutions?

You can find comprehensive information about Radware's application security solutions on their official website.

Disclaimer: This is an AI-generated summary of a press release distributed by GlobeNewswire. The model used to summarize this release may make mistakes. See the full release here.

$RDWR Hedge Fund Activity

We have seen 67 institutional investors add shares of $RDWR stock to their portfolio, and 51 decrease their positions in their most recent quarter.

Here are some of the largest recent moves:

COOPER CREEK PARTNERS MANAGEMENT LLC added 694,112 shares (+264.3%) to their portfolio in Q4 2024, for an estimated $15,638,343
MORGAN STANLEY removed 561,878 shares (-18.4%) from their portfolio in Q4 2024, for an estimated $12,659,111
LEGAL & GENERAL GROUP PLC added 287,913 shares (+14.8%) to their portfolio in Q4 2024, for an estimated $6,486,679
MIRAE ASSET GLOBAL ETFS HOLDINGS LTD. removed 269,055 shares (-14.5%) from their portfolio in Q4 2024, for an estimated $6,061,809
MAN GROUP PLC added 183,258 shares (+506.9%) to their portfolio in Q4 2024, for an estimated $4,128,802
CONNOR, CLARK & LUNN INVESTMENT MANAGEMENT LTD. added 140,135 shares (+23.8%) to their portfolio in Q4 2024, for an estimated $3,157,241
STATE STREET CORP removed 127,245 shares (-21.7%) from their portfolio in Q4 2024, for an estimated $2,866,829

To track hedge funds' stock portfolios, check out Quiver Quantitative's institutional holdings dashboard.

Full Release

MAHWAH, N.J., April 23, 2025 (GLOBE NEWSWIRE) -- Radware ^® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today released its “2025 E-commerce Bot Threat Report.” The report found that automated bots—good and bad bots—accounted for 57% of e-commerce website traffic during the 2024 holiday season. It marks the first time that automated, non-DDoS generating bots drove more traffic than human shoppers, signaling a critical shift in the cybersecurity landscape for e-commerce providers and online retailers.

“Bad bots are no longer just based on simple scripts—they’re sophisticated, AI-enhanced agents capable of outsmarting traditional defenses,” said Ron Meyran, vice president of cyber threat intelligence at Radware. “E-commerce providers and online retailers that rely on conventional security measures will find themselves increasingly exposed, not just during the holidays but year-round.”

The report highlights major bot attack trends and real-world attack data observed during the 2024 online holiday shopping season. In addition, it offers insights into the distributed, multi-vector attacks e-commerce providers and retailers can expect to battle this year.

Key findings and insights

AI-generated bots with human-like behavior gain dominance: According to the report, bad bots made up 31% of total internet traffic during the last holiday season. Nearly 60% of the malicious traffic employed advanced behavioral techniques to evade traditional, signature-based detection. Combating these bots requires accurate AI-powered detection of attack patterns, including rotating IPs and identities, distributed attacks, CAPTCHA farm services, and other advanced anomalies, without causing false positives.
Mobile-focused attacks surge: Malicious bot traffic directed at mobile platforms rose 160% between the 2023 and 2024 holiday shopping seasons, representing a fundamental shift in attacker focus. Security strategies need to be shored up and tailored for vulnerable mobile platforms and attackers using more sophisticated techniques, including mobile emulators, mobile-specific proxies, and headless browsers with mobile user-agent strings.
Attacks leveraging distributed infrastructures and residential proxy networks increase: The proportion of holiday attack traffic originating from and blending in with ISP networks increased 32% between 2023 and 2024. Attackers are leveraging wider network and residential proxy services to evade rate-limiting, geo-based, and IP-based blocking mechanisms, creating even greater mitigation challenges for security teams working without advanced, multi-layered protections.
Coordinated multi-vector attack campaigns escalate: To maximize their success, attackers are targeting applications by combining bot attacks with web application vulnerability exploits, business logic attacks, and API-focused attacks. Protecting already burdened security systems requires an integrated application security strategy that uses the latest threat intelligence and cross-correlates security threats across security modules.

Radware will be addressing the new report and advanced protection strategies during the RSA 2025 Conference at the Moscone Center in San Francisco (booth #S-1227). The event takes place April 28–May 1, 2025.

Radware’s complete bot report can be downloaded here .

About Radware
Radware ^® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.

Radware encourages you to join our community and follow us on: Facebook , LinkedIn , Radware Blog , X , and YouTube .

©2025 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/ . All other trademarks and names are property of their respective owners.

THIS PRESS RELEASE AND 2025 E-COMMERCE BOT THREAT REPORT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.

Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that e-commerce providers and online retailers that rely on conventional security measures will find themselves increasingly exposed, not just during the holidays but year-round, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, tensions between China and Taiwan, financial and credit market fluctuations (including elevated interest rates), impacts from tariffs or other trade restrictions, inflation, and the potential for regional or global recessions; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cybersecurity and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, or if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; our use of AI technologies that present regulatory, litigation, and reputational risks; risks related to the fact that our products must interoperate with operating systems, software applications and hardware that are developed by others; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns; our net losses in the past and the possibility that we may incur losses in the future; a slowdown in the growth of the cybersecurity and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; complications with the design or implementation of our new enterprise resource planning (“ERP”) system; our reliance on information technology systems; our ESG disclosures and initiatives; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com .