New Study from Arkose Labs Reveals that Businesses Underestimate Full Impact of Account Takeover Attacks

Findings show businesses struggle with damage to brand reputation and increased compliance concerns when user accounts are compromised

San Francisco, California, UNITED STATES

SAN FRANCISCO, April 08, 2021 (GLOBE NEWSWIRE) -- Arkose Labs, a provider of online fraud and abuse prevention technology, today released study findings around account takeover (ATO) fraud and how businesses are dealing with this threat. The study included more than 100 IT executives at U.S. companies in over a dozen industries ranging in size from 1,000 employees to over 10,000.

While most businesses recognize the negative impact ATOs have on user experience and brand awareness, many underestimate the volume of attacks, as well as the total cost of ATOs targeting their users.

Account takeover attacks are the fuel that powers fraud and abuse globally. Personal data from compromised accounts is shared and sold on the Dark Web to then be reused, perpetuating the cycle of every data breach. Funds drained from hacked user accounts can be used to fund further downstream scams or to make fraudulent purchases. Legitimate accounts can also be used to send authentic-seeming spam and phishing messages to consumers via email or on a digital platform.

“With the increase in ATOs, credential stuffing, and rising sophistication of attacks, businesses need to be more vigilant in detecting the nuances and full impact of ATOs,” says Lizzie Clitheroe, Head of Product Marketing at Arkose Labs.

One thing that is apparent - account takeover attacks severely impact the user experience and as result, brand reputation. Regardless of the industry or company size, about half the companies polled said they had lost customers over the past year due to account takeover attacks, a full 90% agreed that account takeovers impacted user experience. Additionally, compliance concerns are another big problem associated with ATO attacks. If a business allows accounts to be successfully attacked at scale, it draws the attention of regulators, who will then start asking difficult questions about the security or lack thereof of their platform. This leads to greater compliance costs and burdens on internal teams.

Account takeovers are on the rise, but are businesses accounting for all the downstream costs or only the direct cost? Overall, nearly 90% of the respondents said that account takeover attacks cost them less than $500,000 in 2020, with 39% reporting losses of less than $100,000 over the past year. However, many businesses may not have full visibility into the full extent of how ATOs may be affecting their business. For example, one Arkose Labs client was dealing with 30,000 ATO attacks per day costing about $100,000 per month and was unaware of much of that volume prior to implementing the Arkose Labs platform.

“With this latest study, we wanted to better understand how ATO attacks are affecting businesses across industries. What we have found is that it can be deeply destructive - from a brand/user experience to the overall monetary loss for an organization”, says Lizzie Clitheroe, Head of Product Marketing at Arkose Labs.

Additional highlights from the study include:

  • More than 70% of poll respondents cited account integrity as a top security concern for their business.
  • ATOs ranked as a highest concern from respondents in the professional services industry, with 67% citing it as a top issue. That was followed by the healthcare industry, with 44% citing it as a top 3 concern.
  • 94% of financial institutions either agreed or strongly agreed that ATOs had impacted the user experience for their customers. Of the top ways that ATOs impacted financial institutions in 2020, financial firms reported a negative brand reputation was the top, followed closely by increased compliance concerns and decreased revenue.
  • 100% of digital retailers in our poll responded that negative brand reputation was the top impact on their business from ATOs. Compromised credentials, stolen transactions and payments fraud were named as the top three significant threats of account takeover attacks on their business.
  • 50% of the companies polled said they had lost customers over the past year due to account takeover attacks (regardless of the industry or company size).
  • The most significant impact of ATOs to end users are:
    • compromised identity credentials: 40%
    • fraudulent transaction: 32%
    • stolen payment details: 14%
    • loss of funds: 8%
    • time spent to reclaim account: 3%
    • other: 3%

To access the full ATO study/ebook please click here.

About Arkose Labs:
Arkose Labs bankrupts the business model of fraud. Recognized by Gartner as a 2020 Cool Vendor, its innovative approach determines true user intent and remediates attacks in real time. Risk assessments combined with interactive authentication challenges undermine the ROI behind attacks, providing long-term protection while improving good customer throughput. Arkose Labs is based in San Francisco, Calif., with offices in Brisbane, Australia. For more information, visit or on Twitter @ArkoseLabs.

Media Contacts:
Paul Wilke

An infographic accompanying this announcement is available at

Arkose Labs_2021-03-30_Invasion of privacy - How safe is your account