The Silent Threat: How Bots Are Skewing Your Marketing Analytics
By Cyril Noel-Tagoe, Netacea’s Principal Security Researcher
When businesses think about the impact of bots, they might think about the cost of an attack, the effect on consumer reputation, or perhaps the wider security implications to their websites or apps. But the costs go beyond this: if you can’t distinguish between bots and real customers, making decisions based on customer behaviour becomes decidedly more complicated and costly.
56% of all web traffic is generated by bots, meaning businesses waste a great deal of money serving “customers” who do not exist. All marketeers make decisions based on data generated by these customer journeys, but if bots are included alongside real customers, this means the data is inherently flawed. Can marketers ever make good decisions based on bad data?
We commissioned an independent survey to understand not only the impact of bots on a business’ bottom line, but how it compares to ad fraud. The results showed that skewed website traffic analytics did indeed result in ill-informed marketing and merchandising decisions. But the size of the threat was surprisingly, equal to that of ad fraud—a more deliberate attack that enjoys a far higher profile.
Bots vs customers
The most obvious cost of a bot attack to a business is its direct effect.
Each bot that arrives on a site may not be much of a problem—assuming, of course, it is prevented from disrupting the site or buying up goods for resale. But the sheer number of bots means that there is a considerable cost in serving them. Even if a business prevents every attempt at fraud, whether it’s account takeovers or checking stolen card details, there is a cost in serving bots.
There are the infrastructure costs, which are potentially twice as high as they could be, if half of all traffic is automated. There could also be an effect on customer satisfaction if websites or apps are slowed down by the weight of automated traffic.
But the less obvious costs may actually be more damaging. To understand just how damaging, it’s worth comparing with a problem that causes many marketeers sleepless nights: ad fraud.
Marketing Technology News: MarTech Interview with Austin Harrison, CEO at Northbeam
Ad fraud vs skewed analytics
Ad fraud is a well-understood phenomenon that dominates marketing headlines, and may even threaten the future of online advertising. There are different types of ad fraud, but it refers to any attempt to disrupt the proper delivery of ads to real users and the intended audience. This could be fake ad networks that don’t deliver what they claim, or fake clicks on ads to make them look effective.
Any decision that a marketer makes about online advertising needs to take the possible effects of ad fraud into account.
Skewed analytics, on the other hand, is the result of bot activity on websites. Bots visit websites for a number of reasons—to scrape data from the site for malicious purposes, to crawl and index information for a search engine, to attempt to take over accounts or to buy items from the site to be resold elsewhere. Advanced bots will emulate human behaviour to avoid detection when they visit sites. However, their journey is not influenced by the same factors as genuine customers and therefore does not reflect the pattern of behaviour of a legitimate user; making the data collected at least tainted, at worst useless.
Our survey discovered that an equal number of businesses say that they can see the effects of skewed analytics, and the average loss to revenue is slightly more than ad fraud.
Among our respondents, ad fraud was a problem for 73% of businesses and cost an average of 4% loss in revenue. Skewed analytics was a problem for 68% of businesses and cost an average of 4.07% loss in revenue.
It turns out that these two problems, one widely understood and reported on, and one far less so, are almost identical in their effects on businesses
Marketing vs security
So how should businesses tackle this problem? It is perhaps surprising that security teams aren’t always best placed to detect bot threats such as these. In fact, marketing teams are often the first to detect a bot problem, as bots that look like customers can bypass security and remain undetected until analytics data is reviewed. If bots are burning through businesses online budgets, and causing wasted developments in marketing activity, it’s the marketing team that will be the first to notice.
The only way to fix this is if marketing teams work with security teams to fully understand the problem and implement a solution. Without this partnership, one team knows there is a problem but doesn’t have access to the solution, and the other isn’t even aware of the problem.
Bots are a big problem for businesses. In addition to account takeovers, card fraud, and the buying of limited consumer goods, businesses are seeing losses when running special promotions based on incorrect data, ordering new stock due to incorrect data, or even burning through a marketing budget thanks to bots. But just as this is not a security problem alone, it cannot be solved by the security team alone.
Marketing Technology News: Amplifying Your Audio and Podcast Advertising