The average company suffers 15 DDoS attacks per year, with average attacks causing 17 hours of effective downtime, including slowdowns, denied customer access or crashes, according to A10 Networks.
As DDoS attacks become more popular, they are also growing harder to defend. While the average peak bandwidth of attacks was a staggering 30-40 gigabits per second (Gbps), 59 percent of organizations have experienced an attack over 40 Gbps. A majority of respondents (77%) also expect sophisticated multi-vector attacks to pose the most dangerous type of DDoS attack in the future.
Businesses are fighting back. More than half of the surveyed organizations said they planned to increase their DDoS prevention budgets in the next six months. IT security teams are the most likely to lead DDoS prevention efforts (36 percent), followed closely by the chief security officers (26 percent) and the CIO (26 percent).
“DDoS attacks are called ‘sudden death’ for good reason,” said Raj Jalan, CTO of A10 Networks. “If left unaddressed, the costs will include lost business, time-to-service restoration and a decline in customer satisfaction. The good news is our findings show that security teams are making DDoS prevention a top priority. With a better threat prevention system, they can turn an urgent business threat into an FYI-level notification.”
Average range of DDoS attacks is 30-40 Gbps
Key report findings
- The typical company was hit by an average of 15 DDoS attacks per year, with larger organizations experiencing more.
- One in five companies reported effective downtimes of over 36 hours, with the average attack resulting 17 hours.
- 33 percent of respondents reported DDoS attacks over 40 Gbps, with the most common attacks including UDP Flood (23%), Slow Post/Slowloris (16%) and SYN Flood (14%).
- 77 percent believe multi-vector attacks, which include volumetric and application layer attacks, will be the most dangerous in the future.
- Over half of the respondents plan to increase their DDoS budgets in the next six months (54%).
- 53% of respondents say that on-premise protection is required to be the most effective solution to address a multi-vector DDoS threat, either “hybrid” protection (34%), or an on premise appliance only solution (19%).
To help you assess the risks associated with a DDoS attack, check out Incapsula’s free DDoS Downtime Calculator.