2026

European cyber report

Download Report

“Those who only react after an attack
have already lost.”

Probability of follow-up attacks is over 70%.

ATTACK

509

Maximum attack volume, series of attacks on the same target(2025)

Incident Report // #L11-2025-AX

Vector DDoS (Carpet Bombing)

Duration 51 Hours Sustained

Target Infrastructure Core

Status 100% Mitigated

SYSTEM INTEGRITY MAINTAINED THROUGHOUT INCIDENT.

More.
Longer. Bigger.

DDoS undergoing structural change: 2024 as a turning point, 2025 as the new reality.

Record Duration

8 DAYS

Non-stop assault

The attack series lasted exactly 12,388 minutes — a dramatic increase compared to 2024 (2,689 minutes).

DAY_01

DAY_02

DAY_03

DAY_04

DAY_05

DAY_06

DAY_07

DAY_08

Total Duration of All Attacks

88%

Of the entire year

464,971

Minutes

7,749

Hours

322

Days

THREAT_LEVEL: CRITICAL

Terabits are no longer an exception

Registration of three attacks beyond the 1 Tbit/s mark in 2025. In direct comparison, 2024 had only one attack that exceeded 1 Tbit/s.

Downtime costs per hour (Euro – €)

50k – 250k

The damage is even greater if your customers lose trust.

Losses in revenue

Contractual Penalties

Support Effort

DDoS attacks increased again in Year-over-Year comparison

Attacks on just one day (1st March 2025)

1,247

Number of attacks continues to rise:

2024 – 2025 (Rise in attacks YoY) 75%

2023 – 2024 (Rise in attacks YOY) 137%

2022 – 2023 Baseline

By 2030
the number of attacks and volumes is expected to rise even further.

Jan Dec

Most dangerous traffic share

Hosting & Cloud Providers

50%

of traffic is malicious

Server capacities are purchased with stolen credit cards—it is virtually impossible for providers to check this immediately.

Cloud Provider

40% Traffic

Hosting Provider

60% Traffic

Fake Google Traffic is increasing massively

Fake Google Bot Traffic

96%

Real Google Bot Traffic

Measured in the Link11 network. Be aware that Google traffic is no longer just essential crawler traffic.