New CDNetworks Research Reveals 69% of US Companies’ DDoS Defenses Breached in Past Year

Nov 09, 2017

A new report released by CDNetworks, global content delivery network (CDN) and cloud security provider, has found 88% of US businesses claim confidence in their current DDoS mitigation, despite 69% having suffered a successful DDoS attack in the last 12 months – the second highest proportion of successful attacks, beaten only slightly by the UK (71%).

Research conducted by Sapio Research on behalf of CDNetworks surveyed 500 senior IT personnel with material control over IT security from organizations in the US, UK, Germany, Austria and Switzerland. US businesses’ overconfidence in their DDoS mitigation and recent track record of being breached is all the more concerning given 88% believed new attacks to be likely or almost certain in the next 12 months, compared to only 77% in DACH.

Businesses in the DACH region are the most conservative as only 82% are confident in their DDoS mitigation, though the majority (57%) have suffered a successful DDoS attack in the last 12 months.  

The self-assurance of US companies appears to stem from their high and growing DDoS investment, and their long track record in investment in DDoS mitigation:

  • Businesses in the US are spending the most on DDoS mitigation – an average of $34,750 per year as compared to DACH respondents who have spent only $29,000 on average. More than a quarter (26%) of all US respondents have invested more than $53,000 in DDoS mitigation technologies in the last 12 months.
  • 66% of US companies will further increase investment in mitigation technology over the next 12 months.
  • For all five of the key DDoS mitigation measures (manual protection, self-service DDoS technologies, managed mitigation, WAF and resilience audits), US businesses are the most likely to have invested for the first time more than five years ago. 

Not only have 69% of US businesses’ DDoS defenses been breached in the last year, but for 27% of businesses, more than half of DDoS attacks have been successful – almost twice as high as the next most vulnerable country (UK:15%).

The results also reveal that US businesses believe malicious attacks by competitors are the most likely reason for an attack (32%), closely followed by blackmail (30%). The belief that they are being deliberately attacked, as opposed to being targeted at random (24%), makes the motivation for the attacks almost more alarming than their prevalence.