The meteoric rise and dominance of programmatic is both a blessing and a curse for publishers. While it’s difficult to argue with its precision, efficiency, and revenue streams, there’s a significant caveat that comes with programmatic – fraudsters and bad actors can and do exploit the system to everyone’s detriment.

While a closer look at the digital advertising ecosystem and recent statistics on malware, non-compliance, and data leakage – all of which run rampant in bad ads – are daunting to say the least, but, as we’ll later discuss, that doesn’t imply that publishers are defenseless.

A Multi-Headed Problem

Bad ads aren’t a one-trick pony. They’re pervasive shape-shifters, attacking every corner and angle of the digital ad market – publishers, exchanges, and customers alike – just in different ways. Publishers, however, are squarely in the bad ad crosshairs, a principal player in an industry already losing over $1 billion per year from malvertising alone. Most of these losses stem from lost ad revenues, where consumers are using ad blocking tools to protect themselves from malware.

An industry already losing over $1 billion per year from malvertising alone.

Unfortunately, the very nature of programmatic has much to do with the scope and reach of the problem. A single ad can cross up to 20 different intermediaries before it reaches a user’s screen, providing plenty of opportunities for bad ads to enter the system and wreak havoc.

But with an estimated $60 billion spent on programmatic ads in the US alone in 2019, accounting for 85% of the entire domestic digital ad market, programmatic obviously isn’t going anywhere anytime soon. That deep footing in the market also means the risk associated with programmatic – for nearly every industry participant – will only rise in impact and reach.

According to research from Accenture, the risk stemming from malware, ransomware, phishing attacks, and other malicious activity represents, on average, 2.8% of annual gross revenue for large companies. Since programmatic is already a convenient entry point and fertile breeding ground for such activity, it’s a primary fuel for those risks that will only continue to put publishers and their customers in harm’s way.

Smaller companies that rely on lower-level campaigns with cheaper CPM are even more at risk. Common sense tells us that fraudsters will favor the least expensive entry points into the ecosystem, making lower-tier exchanges especially vulnerable to bad ads and, therefore, those smaller companies as well. However, with programmatic so entrenched in the industry, the risks for companies of all shapes and sizes grow by the day. In other words, each type of bad ad will continue to have ample opportunity to wield its own unique and destructive effect on the space.

Malicious Ads

The most conspicuous and notorious of the three types of bad ads, an entire vocabulary has developed around malicious ads, where terms like Trojans, malware, ransomware, and others have become part of the everyday lexicon. From the Equifax breach – stemming from fraudulent Flash update ads – to attacks on the New York Times, London Stock Exchange, and countless others, “malvertising” is just as much a threat to business as bad weather on a supply chain or rising labor costs.

As it stands, malicious ads already cost publishers over $1 billion every year. The micro-level is just as frightening, however, as Trojans and the like directly impact page views and, thus, revenue since a publisher has fewer impressions to monetize. This occurs for a couple of reasons – either user’s sense something is off and intentionally avoid the site, or forced redirects lead them elsewhere.

Also, malicious ads don’t announce where they’re coming from, so it’s rarely easy for a publisher to pinpoint their origin. Not only do staffing costs rise to address such issues, but sometimes a publisher must shut off entire suppliers as they try to isolate the problem. In the meantime, ad revenue takes a direct hit since they’re not serving those ads during the investigation.

Ad Compliance

Non-compliance issues might not be malicious, but they can be just as costly as malware through lost ad revenue. Larger files or excessive network requests damage the user experience with increased latency, most obviously through slower page load times. Simple math tells us that longer page loads mean fewer page views, also resulting in fewer ads served and, therefore, less ad revenue. To that point, according to a recent Ad Lightning survey, nearly 90% of respondents consider ad compliance issues a primary contributor to slower page load speeds and fewer page views per session.

Further, as mobile statistics from Google demonstrate, the latency caused by large, non-compliant files has a direct and powerful effect on customer engagement:

Higher bounce rates correlate with lower engagement levels between a website and user, ads obviously included. Simply put, non-compliant ads create latency that negatively impacts page views, bounce rates, abandon rates, click-throughs, and conversions. Currently, an estimated 41% of banner ads and 26% of all ads are already larger than IAB guidelines.

From our own research, we’ve found that a 5% abandon rate for every second of delay – less than half of the actual 11% figure – equates to a $33,000 revenue loss for an ad-supported site, $400,000 annually. Those figures project to an $8 billion annual loss across the industry, simply from page load latency. Publishers can’t afford to let non-compliant ads have such a negative impact on their top-lines.

Data Leakage

Companies are under increased scrutiny regarding data privacy issues. Sweeping initiatives like GDPR and CCPA have placed a more intense and costly spotlight on enterprises that take risks with data leakage and other intrusions to data privacy. Such data leakage often takes the form of bad ads that use trackers and cookies to collect browsing or personal information on a user, selling that information to outside parties without consent of the end-user or ad platform.

From a legal perspective, something like the EU’s GDPR could impose fines as high as the greater of roughly $25 million or 4% of the previous year’s total global revenue. US-based companies, even with no physical overseas presence or transactions within the EU, can still be subject to GDPR, making data leakage a significant problem for publishers everywhere. Average fines for GDPR non-compliance are approximately $85,000 thus far– not including the associated legal costs – but are expected to rise as regulators work through an immense backlog of over 200,000 cases.

Aside from the legal ramifications, publishers must also take into account where all of that leaked data is going. Outside parties using unauthorized trackers and cookies embedded within a bad ad can sell the data at far cheaper rates, cutting off yet another revenue stream for publishers. In the age of big data, where brands and advertisers are perpetually thirsty for the information they need to engage the audience and personalize their messaging, the already massive black market for consumer data is bound to continue expanding.

Other Risks from Bad Ads

The direct costs of malicious ads, non-compliance, and data leakage aren’t the only sources of risk for the industry. From an overall perspective, the prevalence of bad ads endangers the entire digital advertising ecosystem and from a number of different angles.

An Industry Tipping Point

At some point, unless the parties involved take effective action, the industry will reach a tipping point, where the economic risks will finally outweigh the benefits and efficiencies brought by programmatic advertising. Granted, considering the phenomenal growth in recent years, programmatic isn’t likely to reach that point today or tomorrow. However, the long-term viability of the current model is in no way a given.

Consumers will grow tired of the constant deluge of malicious ads and install ad blockers in droves. They’ll disable cookies and cut advertisers off from the data they need to personalize ads and increase engagement. Publishers, too, will grow weary of bad ads infecting their systems and end relationships with platforms that can’t adequately curtail the influx of bad ads. The digital ad space is a relatively small community, at least in terms of participants, so any word of a broken relationship between a publisher and platform could be a death knell for that platform.

Fixing Programmatic

We get it. The allure of programmatic’s benefits is so vast that, although there can very well be a tipping point between risk and reward in the future, that time is years down the road. However, at current rates, the growth of bad ads in the marketplace could very well make the current model untenable at some point in the future.

When that occurs, a nearly $100 billion global industry will stop in its tracks in search of new avenues to take, and there’s nothing efficient about that process. Instead, rather than looking at the ultimate demise of programmatic as an inevitability, there are remedies to help heal those wounds. However, as is always the case, such solutions require market participants to embrace them.

While GDPR is still in its infancy, the disruption it has already caused in the marketplace is palpable. With possible fines in the tens of millions, the initiative has enough teeth to make even the world’s largest organizations sit up and take notice. But GDPR and similar regulatory efforts, at least in their current forms, really only address the data leakage side of the problem, and not even the full scope of it. But as the saying goes, it’s a start.

To slow the progression of bad ads in the digital advertising world in a meaningful way, DSPs must be more proactive in policing the ads they let through the door in the first place. Also, the massive cloud servers that house most of the malicious content must take a closer look at the files constantly moving through them.

Ultimately, though, publishers must take it upon themselves to protect their own interests, remaining the last line of defense through ad blocking technology until the rest of the ecosystem joins the fight. This is where a comprehensive, holistic approach that simultaneously blocks and scans for bad ads can provide so much value. It gives publishers, their stakeholders, and customers a robust solution that addresses the problem in its entirety rather than a piecemeal strategy that treats effects instead of causes. Given the magnitude of what’s at stake – both in terms of dollars and brand – publishers are best-served embracing effective solutions for bad ads while the digital ad industry continues to evolve.