DDoS Attacks in 2025: A Deep Dive into the Latest Stats & Threat Trends

Explore the market and threat landscape for DDoS today, through current trends and statistics.

Last updated on May 27, 2025
Mirren McDade
Laura Iannini
Written by Mirren McDade Technical Review by Laura Iannini
DDoS Stats and Trends

A Denial of Service attack involves flooding a server with access request, overwhelming it, then causing it to shut down. Distributed Denial of Service (DDoS) attacks take this one step further by bombarding them with traffic from multiple sources known as a botnet. These type of attacks can have severe consequences for internal users, as well as customers needing to access your services.

Organizations need to be well prepared for DDoS threats because their impact can be immediate and costly. DDoS attacks can disrupt online services, affect critical business operations, damage brand reputation, and lead to significant financial losses. DDoS attacks can last hours, or even days, and can also cause multiple disruptions throughout a singular attack. Both personal and business devices are susceptible to them.

At Expert Insights, we have identified various statistics and trends that cover the DDoS market today, as well as the wider threat threat landscape. Read on to get the latest stats and threat trends for DDoS attacks.

General Market Statistics 

  • The DDoS protection market is valued at $4.7 billion USD as of 2025. This is projected to grow to $9.1 billion USD by 2030 at a CAGR of 14%. 
  • By deployment model (cloud, on-premises, or hybrid), the cloud segment has the largest market share at 43%
  • By organization size, SMEs take up about 58% of the market share. 
  • By industry, the BFSI (Banking, Financial Services, Insurance) segment has the largest market share at 22%. The healthcare industry is expected to see the fastest rate of growth of about 19% during the forecast period. 
  • The following factors have been identified as drivers for the DDoS protection market: 
  • Increasing instances of sophisticated DDoS attacks 
  • Emergence of cloud-based and hybrid DDoS protection services 
  • Expansion of IoT devices and connected technologies 

Cloudflare’s 2025 Q1 DDoS Threat Report 

  • In the first quarter of 2025, Cloudflare blocked 20.5 million DDoS attacks. That represents a 358% year-over-year (YoY) increase and a 198% quarter-over-quarter (QoQ) increase. The figure from this quarter alone already almost reaches the amount of DDoS attacks (21.3 million) blocked in the entirety of 2024. 
  • During this period, Cloudflare blocked approximately 700 hyper-volumetric DDoS attacks that exceeded 1 Tbps — an average of around 8 attacks per day. Approximately 4 out of every 100,000 network-layer DDoS attacks were hyper-volumetric. 
  • The majority of Cloudflare customers surveyed did not know who was responsible for DDoS attacks on their systems. The ones that did know reported their competitors as the number one threat actor behind the attacks (39%). The next most commonly known perpetrators of DDoS attacks were state-sponsored attackers (17%) and disgruntled users / customers (17%). 
  • Most DDoS attacks only have a short duration. 89% of Layer 3/4 DDoS attacks and 75% of HTTP DDoS attacks end within 10 minutes. 
  • The top three most attacked industries are gambling / casinos, telecom, and IT. 
  • The top three most attacked regions are Germany, Turkey, and China

Additional DDoS Statistics 

  • The largest DDoS attack recorded so far took place in late 2024. This attack reached 5.6 terabits per second of traffic and lasted for 80 seconds.
  • In 2024, Akamai observed an increase in “horizontal DDoS attacks.” Almost 30% of the DDoS attacks detected by Akamai targeted multiple destinations. 
  • This is an increase from less than 20% of attacks in 2022. 
  • The rise of AI has made it significantly easier for threat actors to identify and target weak points. 
  • Almost all the DDoS attacks mitigated by Akamai in 2024 were highly sophisticated attacks that employed multiple attack vectors, used either simultaneously or in a rapidly evolving cycle to overwhelm DDoS defense platforms that depend on automation only. 
  • Akamai has also observed an increase in DDoS attacks that had a maximum duration of 60 minutes or longer. 
  • More than 60% of DDoS attacks had a DNS component.

For more information on DDoS attacks and the threats that your organization may face, check out some of the following articles from Expert Insights: 

Explore More

The Top 10 Cloud DDoS Mitigation Software

The Top 10 Cloud DDoS Mitigation Software
Discover the top cloud DDoS mitigation software with features like traffic filtering, automatic mitigation, and reporting.
Joel Witts Laura Iannini
Joel Witts, Laura Iannini Last updated on May 15, 2025
Read Now
Written By Written By
Mirren McDade
Mirren McDade Senior Journalist & Content Writer

Mirren McDade is a senior writer and journalist at Expert Insights, spending each day researching, writing, editing and publishing content, covering a variety of topics and solutions, and interviewing industry experts. She is an experienced copywriter with a background in a range of industries, including cloud business technologies, cloud security, information security and cyber security, and has conducted interviews with several industry experts. Mirren holds a First Class Honors degree in English from Edinburgh Napier University.

Technical Review Technical Review
Laura Iannini
Laura Iannini Cybersecurity Analyst

Laura Iannini is a Cybersecurity Analyst at Expert Insights. With deep cybersecurity knowledge and strong research skills, she leads Expert Insights’ product testing team, conducting thorough tests of product features and in-depth industry analysis to ensure that Expert Insights’ product reviews are definitive and insightful. Laura also carries out wider analysis of vendor landscapes and industry trends to inform Expert Insights’ enterprise cybersecurity buyers’ guides, covering topics such as security awareness training, cloud backup and recovery, email security, and network monitoring. Prior to working at Expert Insights, Laura worked as a Senior Information Security Engineer at Constant Edge, where she tested cybersecurity solutions, carried out product demos, and provided high-quality ongoing technical support. She holds a Bachelor’s degree in Cybersecurity from the University of West Florida.