US Orgs Show Dangerous Overconfidence in DDoS Protections

Written by

A full 88% of US businesses claim confidence in their current DDoS mitigation, despite 69% having suffered a successful DDoS attack in the last 12 months.

According to a report from Sapio Research on behalf of CDNetworks, US businesses have the second highest proportion of successful attacks, beaten only slightly by the UK (71%). Also, for 27% of businesses, more than half of all DDoS attacks against them have been successful—almost twice as high as the next most vulnerable country (the UK stands at 15%).

The survey, which polled 500 senior IT personnel with material control over IT security from organizations in the US, UK, Germany, Austria and Switzerland, further found that US businesses’ overconfidence in their DDoS mitigation strategies is all the more concerning given 88% believed new attacks to be likely or almost certain in the next 12 months, compared to only 77% in DACH.

“The results show that most US companies are mindful of the alarming recent rise in DDoS attacks, and are increasing their investment in mitigation technology in response,” said Alex Nam, MD at CDNetworks Americas. “This has understandably led to a confidence in resilience. But when comparing alongside the frequency of DDoS attacks and the likelihood of their success, this confidence tips worryingly into complacency.”

Businesses in the DACH region are the most conservative in their self-assessment, as only 82% are confident in their DDoS mitigation; however, the majority (57%) have suffered a successful DDoS attack in the last 12 months. 

The self-assurance of US companies appears to stem from their high and growing DDoS investment, and their long track record in investment in DDoS mitigation. For all five of the key DDoS mitigation measures (manual protection, self-service DDoS technologies, managed mitigation, WAF and resilience audits), US businesses are the most likely to have invested for the first time more than five years ago.

Businesses in the US are spending the most on DDoS mitigation—an average of $34,750 per year, compared to DACH respondents who have spent only $29,000 on average. More than a quarter (26%) of all US respondents have invested more than $53,000 in the last 12 months.

There’s nowhere to go but up on that: A full 66% of US companies said they will further increase investment in mitigation technology over the next 12 months.

“While initial and prolonged investments are theoretically putting US companies in a strong position to protect themselves against DDoS attacks, it seems businesses have not noticed they are losing the arms race against cyber-criminals,” said Nam. “Only with fundamental changes in mindset and more targeted investment can such confidence be earned.”

The results also reveal that US businesses believe malicious attacks by competitors are the most likely reason for an attack (32%), closely followed by blackmail (30%). The belief that they are being deliberately attacked, as opposed to being targeted at random (24%), makes the motivation for the attacks almost more alarming than their prevalence.

What’s hot on Infosecurity Magazine?