Welcome to the Intelligence Era, where business moves at the speed of data. Organizations are leaning on deep learning, hyper-automation, and AI-powered operations to scale faster than ever before. But as companies harness real-time data and AI to make critical decisions, they’re not the only ones evolving. Adversaries are right there with them, crafting sophisticated, tactical attacks designed to exploit the very technologies driving progress.
Threats move faster, attack surfaces are wider, and disruption is often the impact. Attackers deliberately target organizations at critical times, aiming to take them offline, disable their defenses, and steal their data. To stay ahead, modern enterprises must unify connectivity, visibility, and security at every layer of their digital foundation. Anything less leaves room for unnecessary risk.
To help you chart the way forward, we’re sharing key findings from our 2026 Cybersecurity Insights Report — a roadmap to proactive, scalable defense strategies tailored to the new age of intelligent infrastructure.
The New Threat Landscape: Intensity Over Frequency
2025 global network data reveals a dramatic change in attacker behavior. Gone are the days of prolonged, high-frequency digital sieges. Today’s malicious actors strike with short, intense bursts, delivering rapid disruption before outdated protection solutions can take effect or manual human intervention can respond.
While the overall number of Distributed Denial of Service (DDoS) events decreased 15% year-over-year (logging 140,519 incidents in 2025 compared to 164,996 in 2024), the severity skyrocketed. The average attack size soared to 3.6 Gbps, a staggering 70% jump, while the median duration plummeted from 39 to just 20 minutes.
What does this mean for your business? These hit-and-run incidents risk your uptime and drain your bottom line. Amplified by new and evolved attack tactics, including carpet bombing and Websocket manipulation, it’s become clear that not all DDoS Protection solutions are effective anymore.
Average downtime costs remain steady at $6,000 per minute. That means the typical 20-minute attack racks up $120,000 in losses. And that’s not including the cost of reputational damage or compliance penalties.
Key Takeaways:
- Attack Frequency: Down 15%
- Attack Intensity: Up 70%
- Financial Impact: $120,000+ average damage per successful attack
Protecting Data by Design
Security can’t be an afterthought. In the Intelligence Era, “protecting data by design” is essential.
- Zero-Trust Everywhere: Explicit verification, Just-In-Time and Just-Enough-Access (JIT/JEA), and the assumption of breach must anchor your security framework.
- Shrink the Attack Surface: Don’t let public internet exposure become your biggest liability. Secure your operations with private, dedicated connectivity to locations and cloud providers (AWS, Azure, Google Cloud).
- Unify Networking and Security: When your work tools are all over the place, it’s hard to see what’s going on. Secure Access Service Edge (SASE) brings together your network and your security into one simple, cloud-based solution.
Industry-Specific Attack Trends for 2025
The distribution of DDoS attacks has spread across every industry. As cloud, API, and multi-cloud adoption surge, no sector is off-limits. Here’s a look at how the threat evolved across industries:
Telecommunications
Telecoms saw overall attack volume drop from 42% in 2024 to 24% in 2025. But attackers shifted from backbone providers to end-user sectors, as purpose-built mitigation makes disruption more expensive.
- Average Attack Size: 6.7 Gbps
- Trend: Adversaries are adapting, targeting industries where downtime equals lost revenue.
Education
High-frequency, low-bandwidth DDoS attacks on the Education sector are likely intentional disruptions, not brute-force attempts. After COVID-19, the shift to digital learning created a large, vulnerable attack surface.
- Average Attack Size: 0.5 Gbps
- Trend: The education sector saw a spike in attacks, with 45% of its annual total occurring in April and May.
Government
DDoS attacks are on the rise and are being used as strategic and geopolitical weapons, not just for cybercrime. The public sector is a prime target, as it moves to digital-first services like citizen portals and emergency systems. This creates a larger, more visible attack surface. Despite agencies investing in cybersecurity, challenges like prolonged modernization timelines and outdated legacy infrastructure create inconsistent defensive capabilities. This has contributed to a surge in DDoS attacks targeting the sector, with attack volume jumping from 5% to 12%.
- Average Attack Size: 5.5 Gbps
- Trend: As the public sector shifts to digital-first services and works to modernize its legacy infrastructure, it becomes a prime target for DDoS attacks.
Energy
While attacks were less frequent in 2024, their increased size highlights the growing threat to critical infrastructure. Utility companies are prime targets for large-scale DDoS attacks designed to disrupt services and create openings for more severe threats.
- Average Attack Size: 10.5 Gbps
- Trend: The need for utility companies to quickly resolve service disruptions and cyberattacks makes them vulnerable targets for malicious actors.
Manufacturing
Manufacturers are increasingly adopting technologies like AI and automated robotics, which expands their digital attack surface. This reliance on high-capacity connectivity makes them prime targets for cybercriminals, as downtime is costly and halts production. Some companies even find it cheaper to pay ransoms than to suffer operational losses. While manufacturers are starting to prioritize cybersecurity, many are still in the early stages of developing the necessary strategies to defend against large-scale attacks.
- Average Attack Size: 11.6 Gbps
- Trend: As manufacturers embrace advanced technologies, their expanding digital footprint and reliance on connectivity make them increasingly vulnerable to costly cyberattacks.
Cloud and SaaS
Major cloud and SaaS platforms have strong built-in protections, which has reduced direct attacks. However, this creates a false sense of security for many businesses. These services rely on a complex network of shared systems like logins, integrations, and third-party tools. An attack on any single dependency can cause significant disruption, even if the main platform is secure. This shared responsibility model means that while availability is a collective effort, the risk falls on individual businesses.
- Average Attack Size: 4.8 Gbps
- Trend: Big cloud platforms invested in best-in-class resilience. But business-level risk remains: attackers only need to compromise one key dependency to impact multiple customers downstream.
The Zayo Perspective: Building a Resilient Network
A fragmented vendor stack creates gaps adversaries love to exploit. Your security posture is only as strong as the weakest integration point. At Zayo, we build secure, distributed networks that unify core, cloud, and edge protection into one intelligent foundation.
Here’s how we empower enterprise defense:
- Private Transport: Dedicated connectivity removes workloads from public exposure, shielding critical processes from general DDoS scans.
- In-Line DDoS Protection: Embedded traffic scrubbing at the network edge keeps malicious packets out before they threaten the business.
- SD-WAN & Managed Firewalls: Intelligent, real-time routing pairs with firewalls expertly tuned for your risk posture — keeping data flowing, even as threats evolve.
Cybersecurity is Changing. Are You Ready?
The cybersecurity threat landscape is undergoing a significant transformation. We are shifting from an era of high-volume disruptions to one defined by fast, intelligent, and multi-faceted attacks.
The nature of the adversary has evolved:
- Past Threats: Previously, attacks were often initiated by individual hackers.
- Current Threats: Today, we face autonomous AI agents capable of adapting their attack methods in real-time. These agents exploit millions of unsecured, internet-connected devices worldwide.
This new reality requires a more advanced approach to security. Zayo offers the infrastructure and the intelligent framework necessary to secure your digital future. Our comprehensive, full-stack security ecosystem is specifically designed to defend automation-first enterprises against these emerging threats. Let’s work together to build a secure future.
This blog post offers just a glimpse of the insights found in our 2026 Cybersecurity Insights Report. The full report includes a roadmap for your security strategy and an evaluation to help you determine your organization’s security readiness.
