“The State of Fake Traffic 2024,” a report from security tech company CHEQ, shows just how big the problem is getting. According to its research, 17.9% of all observed traffic in 2023 was automated or invalid, a 58% increase from the 11.3% identified as such by CHEQ in the previous year. (Others that count all automated traffic put the volume of non-human traffic even higher — upwards of 50%.)

The CHEQ report issued a warning, saying that “in 2024, cybercriminals and fraudsters are no longer confined to simple bots and click farms; they now wield highly sophisticated bots capable of mimicking human behavior, evading detection, and perpetrating a wide range of malicious activities. They scrape data without permission, inflate engagement metrics, commit fraud, and compromise the security and integrity of countless websites, mobile apps, and APIs.”

Others also are sounding alarms, saying that the growing amount of this fake traffic represents an increasing risk for CISOs and their organizations, not only due to the threats presented directly by that traffic but also due to the distractions that it poses to the security team’s resources.