Press Release

The Indusface ‘Annual State of Application Security Report’ reveals that over 5.14 billion cyberattacks targeted on Indian websites and applications in 2023

The calendar year (January 1 – December 31, 2023) witnessed an alarming 6.8 billion attacks globally and 4.2 million cyberattacks per website

Indusface, a TCGF II (Tata Capital) funded, rapidly growing Application Security SaaS company, today released its Annual State of Application Security Report 2023.


The insights reveal that Indusface’s AppTrana network successfully blocked 6.8 billion attacks globally, with 5.14 billion of those targeting Indian enterprises, SMEs, and government organizations. Cyberattacks exhibited an average quarterly spike of 63% from Q1 to Q4 in 2023, underscoring the urgency for robust cybersecurity measures.

The report sheds light on the vulnerability of various industries, particularly the healthcare sector, where 100% of sites faced bot attacks, and the banking, finance, and insurance industries, with 90% experiencing similar attacks. With a 10X increase in attacks, SaaS companies in India have rapidly emerged as key targets for cybercriminals due to the high-value customer data they store. The retail and e-commerce industries were mostly targets of carding attacks. Other industries analyzed, include IT services and consulting, manufacturing, telecommunications, marketing, and advertising.

In 2023, 8 out of 10 sites faced targeted bot attacks, witnessing a 46% increase each quarter, totaling over 467 million bot attacks. Major cyberattack origins, apart from India, included the United States, the United Kingdom, Russia, Germany, and Singapore.

Distributed Denial of Service (DDoS) attacks recorded a significant 46% increase each quarter, reaching 4.25+ billion in 2023. Four out of 10 sites experienced a DDoS attack. A notable rise in botnet-driven low-rate HTTP DDoS attacks was also observed in 2023. The worrying aspect is that over 39% of enterprises were not confident about having the ability to prevent large-scale DDoS attacks.

Speaking about this, Ashish Tandon, CEO of Indusface, said, “2023 was probably the year where bad bots really took off. That was one attack vector that saw high double-digit increases in Q-o-Q. I would hazard a guess and attribute it to bad actors leveraging LLMs to deploy more bots at scale. Along with card cracking or credential stuffing, we also saw bot-driven, low-rate DDoS attacks being used more frequently. Coming to mitigation, we have seen reasonable success where AI models are alerting our managed services team of possible anomalies and the team is able to quickly take mitigation measures. I foresee this to be the theme in 2024, where a combination of AI + humans will be crucial to thwart complex, multi-layered attacks.”

Additional Insights:

1. Top 3 vulnerability categories in 2023:
a. Malicious Content Found (Software and Data Integrity Failures)
b. Server-Side Request Forgery Detected
c. Cross-Site Scripting (XSS)
2. Top zero-day vulnerability categories in 2023:
a. Cross-Site Scripting
b. SQL Injection
c. Command Injection
3. Of the total attacks, 60% were thwarted using application-specific virtual patches. This emphasizes the pivotal role played by managed services in fortifying application security.
4. The report identified 29,000 critical and high vulnerabilities, with 32% of them remaining open for a concerning 180+ days.
5. Over 300+ CISOs, CTOs, and other security leaders were also surveyed as a part of the study to understand their pain points related to application security concerns and challenges faced due to DDoS, Bot, and API attacks. According to them:
a.The biggest problem their business faces due to DDoS and bot attacks is disruption of services, followed by financial loss and reputation damage.
b.Only 22% of surveyed individuals expressed confidence in their WAF/WAAP solutions to detect and protect their businesses from various bot attacks.
6. As per the survey, API-specific injection attacks and broken authentication attacks are concerning most organizations globally.

About Indusface:

Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 5000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.

Indusface, funded by Tata Capital Growth Fund II, is the only vendor to receive a 100% customer recommendation rating three years in a row and is a global customer choice in the Gartner Peer Insights™ Web Application and API Protection (WAAP) Report 2023. Indusface is also a “Great Place to Work” 2022 Winner in the Mid-Size category in India and is PCI, ISO27001, SOC 2, GDPR certified and has been the recipient of many prestigious start-up awards. For more information, visit www.indusface.com or follow us on LinkedIn, X, Facebook, Instagram and YouTube.