Average DDoS attack cost businesses £325,000

New Zayo report analyses trends in Distributed Denial of Service attacks from 2023, with new insights from the second half of the year.

  • Thursday, 15th February 2024 Posted 10 months ago in by Phil Alsop

Zayo Group has released its annual Distributed Denial of Service (DDoS) Insights Report, which found a significant increase in the intensity of DDoS attacks—and their impacts on businesses—in the second half of 2023. According to new Zayo data, the average DDoS attack lasted 68 minutes in 2023. With unprotected organisations shelling out an average of £4,700 per minute of each attack, that totals a startling £325,000 average cost to businesses for DDoS attacks.

A key driver to this enormous cost was the steep rise in the duration of DDoS attacks throughout the year. The average length of attacks surged by more than 400% from Q1 to Q4 of last year — from an average of 24 minutes to 121 minutes — signalling a worrying trend from both security and cost perspectives.

The astonishing volume of DDoS attacks in the first half of 2023 – up 200% from all of 2022 – seemed to have contracted in the second half of the year. Across all industries, comparing Q4 to Q1 2023, companies saw a 16% increase in attack activity. The outlook isn’t exactly rosy, however: volumetric attacks are being replaced by multi-vector attacks, spreading destruction more widely by targeting individual IP addresses, email systems, databases or web browsers – which are much harder to detect.

"What we’re seeing is that cybercrime is only getting savvier,” said Anna Claiborne, Senior VP of Network Connectivity at Zayo. “AI is presenting itself as a double-edged sword in this space. On one side of the blade, criminals are using AI to increase the sophistication of attacks and circumvent traditional defence mechanisms; on the other, mitigation platforms are using AI to dynamically identify and defend against new and emerging threats. As DDoS remains a profitable model for cybercriminals, attacks will continue to be a brutal inevitability for businesses. But luckily, DDoS protection is also rising to the occasion."

Key Findings by Industry:

Telecommunications companies experienced the most frequent attacks, comprising about 40% of total attack volume with nearly 13,000 attacks in H2 2023.

Retail and healthcare companies experienced the largest attacks in H2, with an average attack size of 2.5 Gbps across companies in these two industries.

Government entities once again experienced the longest attacks with the average attack duration increasing from 4 hours in H1, to 18 hours in H2, increasing by 322%. This is a 1,141% increase from Q1 to Q4 of 2023.

Educational institutions accounted for 17% of all attacks last year, thanks in part to the ease and affordability of botnet-for-hire services combined with frequent gaps in the cybersecurity of the institutions.

Why it Matters:

DDoS attacks are here to stay – and cybercriminals are not discriminating over an organisation’s size, industry or business model. These attacks cost organisations thousands of dollars per attack, not to mention reputational harm and customer churn – and many of the factors contributing to a vulnerable environment, such as increased digitisation, political unrest and hybrid work, are not going away anytime soon.

The sheer sophistication of these attacks – which are meticulously planned to hit during a business’ busiest time of day and often utilise automation, like bots, to make it easier – makes it a crucial time for organisations to have advanced, forward-thinking DDoS protection. For every company, it is not a matter of if, but when.

“Most people on the internet aren’t plotting a DDoS attack, but the internet is a big place and Dark Web crime is the fastest growing business on earth,” said Eric O’Neill, National Security Strategist at Carbon Black. “We’re in an attacker’s market and they are leveraging sophisticated technologies and cutting-edge techniques to innovate the way they deceive, disrupt and destroy our most critical data. To stop the attackers from gaining the upper hand, we need DDoS protection that is as easy and effective as turning on a switch.”

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing (DocuWare IDP), bringing about unprecedented improvements...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with 47% saying they have already achieved positive ROI.

MSPs will invest in more AI security forecasting

Posted 5 days ago by Phil Alsop
Predictive maintenance and forecasting for security and failures will be a growing area for MSPs with an interest in security, says Nicole Reineke,...

Machine identities next big target for cyberattacks

Posted 6 days ago by Phil Alsop
Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024....
Nearly 50% of organisations have experienced a security breach in the last two years.

IT professionals recognise lack of gender diversity

Posted 1 week ago by Phil Alsop
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of...

A moving landscape for MSPs

Posted 1 week ago by Phil Alsop
2025 predictions from Ranjan Singh, chief product officer at Kaseya.

Data breach epidemic takes its toll

Posted 1 week ago by Phil Alsop
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.