A new report from Zayo Group has revealed a huge 82% surge in the frequency and sophistication of DDoS attacks over the past year – with the financial toll costing businesses greatly per attack.
Data in the biannual Distributed Denial of Service (DDoS) Insights Report showed an increase in attack frequency between 2023 and 2024, with attack volume almost doubling from 90,000 incidents in 2023 to 165,000 in 2024, as cybercriminals use AI and expanding adoption of IoT devices to launch faster, more persistent, and more complex attacks.
Key findings by industry show that finance saw the largest year-over-year attack volume growth of all sectors, surging from 3.5% of all attacks in 2023 to 7% in 2024, while telecommunications is still the most targeted sector: in 2024, it represented 42% of all observed incidents, although this was down from 48% of all attacks in 2023.
Cloud and SaaS companies conversely experienced a rise in attacks, accounting for 11% of all attacks with more than 19,000 throughout the year – 15,740 of which occurred in the second half of 2024 alone.
The financial toll remains significant - an average attack lasting 39 minutes, businesses lose nearly £185k per incident.
There is an expected rise in DDoS-as-a-Service, enabling individuals with limited technical skills to conduct attacks, which could result in a greater number of attacks and a wider variety of attack methods.
As AI and automation continue to shape the threat landscape, proactive and scalable DDoS protection is more essential than ever.
Max Clauson, Senior Vice President of Network Connectivity at Zayo said: “We’re seeing attackers use larger botnets of compromised IoT devices and AI to drastically increase the scale of attacks.
“As the sophistication of DDoS attacks continues to grow, cybercriminals are finding ways to exploit cloud services, higher bandwidth availability, and new vulnerabilities in software and network protocols, and with this in mind, there will be a greater need to invest in DDoS mitigation to protect critical infrastructure and ensure long-term data security,” Clauson concluded.