The Battle Against Bots: Why CMOs Are On The Frontlines
As digital marketing becomes more central to business operations, CMOs are finding themselves increasingly responsible for defending against bots and fake users.
Bad bots have emerged as a formidable challenge for businesses across industries. As cybersecurity spending is set to hit $215 billion this year, a 14% increase over last year’s levels, companies are grappling with a new reality: not all bots are created equal, and the intent behind these automated entities matters deeply.
Understanding The Threat: Beyond The Surface
At first glance, it might seem simple to categorise all bot traffic as detrimental, but such an approach is as flawed as treating every patient in an emergency room the same. Just like the reasons a patient shows up in the ER dictate the urgency and nature of their treatment, the intent behind a bot attack should dictate the level of concern and the strategies deployed in response.
Bot attacks vary widely in their objectives—some aim for financial gain, others for data theft, and still others for disruption or espionage.
While all malicious bots pose some level of threat, the degree of risk and the required response can differ significantly. For example, credential-stuffing bots, which use stolen usernames and passwords to gain unauthorised access, require different countermeasures than bots conducting account takeovers, where attackers gain full control of breached accounts. Therefore, a nuanced approach—akin to a form of cybersecurity triage—is critical.
Why CMOs Are Now On The Frontlines
Traditionally, the battle against bots has been seen as the domain of the Chief Information Security Officer (CISO), but that is rapidly changing. As digital marketing becomes more central to business operations, Chief Marketing Officers (CMOs) are finding themselves increasingly responsible for defending against bots and fake users.
Bots are not just a security issue; they are a strategic threat to business performance, marketing efficiency, and even organisational trust. For instance, In a high-profile example, Ticketmaster faced significant disruptions in November 2022 during the presale for Taylor Swift’s ‘Eras’ tour.
The company reported that its systems were overwhelmed by a staggering number of ticket bot attacks, which not only blocked thousands of real fans from purchasing tickets but also led to tickets being resold on secondary markets like StubHub at prices up to four times the original value, while bots accounted for 17 billion fake ad views during the 2022 Super Bowl. This kind of waste directly undermines key performance indicators (KPIs) such as customer acquisition costs (CAC), cost per acquisition (CPA), and return on ad spend.
Furthermore, the presence of fake traffic erodes trust and transparency. When sales teams are fed fake leads and bad data, they lose faith in marketing’s ability to generate real value. According to Gartner, bad data costs organisations $12.9 million a year. Advertisers waste 21% of their media budgets because of bad data. And bad data causes B2B marketers to target the wrong decision-makers almost 86% of the time.
The Strategic Reputational Threat Of The “Fake Web”
Beyond efficiency and trust, the reputational risks associated with bot traffic are significant. A prime example is the bot issue that plagued X (formerly Twitter) leading up to Elon Musk’s acquisition in October 2022.
The platform’s struggle with automated fake users and data scrapers became a significant concern Twitter says bots – or fake accounts – make up about 5% of its “monetisable daily active users worldwide.” Musk contended it’s more like 20% or higher, impacting the credibility of its user base and its overall reputation.
Similarly, advertisers are suing Meta for $7 billion alleging that the Potential Reach metric used by the company to determine advertising costs relies on the total number of social media accounts rather than individual users. They argue that this approach is problematic because it could include bot and fake accounts, resulting in advertisers paying more money for their ads to be served to bots.
These incidents illustrate that bots and fake users are not just a nuisance—they can severely damage a brand’s reputation and financial standing. As awareness of the “Fake Web” grows, businesses must be prepared to act quickly and decisively to protect their brand integrity.
A Call For A Shift In Strategy
Tapper, a provider of enterprise grade security designed to help businesses protect their digital advertising efforts from fraudulent clicks and invalid traffic, recently released a report on the state of ad fraud in the GCC. It has brought a critical insight to the forefront: invalid traffic (IVT) is a primary driver of advertising inefficiency.
It’s no longer just a problem for the open web—it’s infiltrating “walled garden” platforms as well, posing an even greater challenge to marketers. The data reveals that the lost revenue opportunity for brands, due to invalid traffic polluting their campaigns, amounts to hundreds of billions of dollars annually. But perhaps more concerning is the unmeasurable impact on polluted data, which can skew strategies and decisions at their very core.
Key insights of the study include:
- 16.5% of all paid ad traffic in the GCC is invalid, significantly impacting marketing performance across various sectors.
- 19.5% of traffic from non-Google channels, including Meta and X (formerly Twitter), is invalid, highlighting a major risk for marketers investing heavily in social media.
- $95.71 billion in global ad spend is forecasted to be lost to invalid traffic (IVT) in 2024, a 33.25% increase from 2023.
- Google channels have lower IVT rates (11.5%) compared to non-Google platforms, suggesting that certain channels may offer better ad spend efficiency.
- Projected $274.68 billion in lost revenue opportunities in 2024 due to IVT, underscoring the urgent need for new strategies in ad fraud prevention.
Nasser Oujidane Cofounder and CEO of Tapper, says that relying solely on traditional security measures to identify and block bad traffic isn’t enough. “Instead, we advocate for an advertising-first approach—one that focuses on achieving profitable outcomes rather than simply classifying traffic as “good” or “bad”.”
As bots evolve, so must your strategies. The integration of advertising objectives with cybersecurity measures is not just smart—it’s essential for staying ahead in an environment where the cost of inaction is becoming increasingly steep. By placing profitability and performance at the heart of bot mitigation efforts, companies can protect their investments, ensure data integrity, and foster greater trust within their organisations and with their customers.
