New research shows attackers bypassing telecom to strike enterprises and critical organizations directly, putting new pressure on network defenses

Zayo, a leading global communications infrastructure provider, released its 2026 Cybersecurity Insights Report. Based on analysis of global network traffic in 2025, the report revealed a sharp escalation in the scale and focus of Distributed Denial of Service (DDoS) attacks, with attackers increasingly shifting aim beyond telecommunications to strike enterprises and other critical organizations directly. While total attack volume fell slightly below the record highs of 2024, organizations are still experiencing an all-time, sustained high of attack frequency, signaling that DDoS is becoming a defining feature of today’s threat environment.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260317649049/en/

Findings from Zayo's 2026 Cybersecurity Insights Report

“The rise in AI, IoT devices, and for-hire botnets has led us into a new era, where DDoS attacks are a permanent and highly disruptive reality for all organizations — from manufacturers and retailers to schools and governments,” explains Max Clauson, SVP of Network Connectivity at Zayo. “In this ‘new normal,’ cybersecurity can no longer operate as a standalone, reactive function. If organizations fail to prepare, they risk costly disruptions that can halt operations, delay services, and cascade rapidly across partners, customers, and critical systems.”

DDoS Threat Broadens to More Sectors

As organizations race to automate and scale, adversarial actors are evolving alongside them, shifting from brute-force noise to tactical, destructive strikes. The report found that the average attack size increased almost 70% from the year prior, while the average duration decreased to 20 minutes, down from 39 minutes the previous year. In fact, 89% of attacks now conclude in under 10 minutes. As attacks grow more precise, intense and harder to detect, real-time automated defense is increasingly essential to safeguard critical connectivity.

The report also found that the primary targets of attacks have shifted. DDoS campaigns have historically targeted telecommunications and network providers, with attacks on central traffic hubs capable of triggering widespread downstream disruption. Now, telecoms accounts for just 24% DDoS attacks in 2025, down from 42% in 2024. In return, end-user industries — enterprises, education, and the public sector — have moved further into the crosshairs, where downtime quickly turns into real operational, financial, or reputational impact.

Industry Level Trends and Insights

The report identified key trends across industries:

• Education accounted for 24% of total DDoS attacks in 2025, up from 15% the prior year, with more than 45% of attacks occurring in April and May during peak academic periods. Attack timing suggests intentional disruption, targeting networks when they’re most vital and exploiting limited security resources.
• Manufacturing experienced an average attack size of 11.6 Gbps, the largest across all industries. In automation-heavy environments, even short bursts at this scale can halt production lines and create outsized operational losses.
• Government’s share of total attacks increased from 5% to 12% year-over-year, with an average attack size of 5.5 Gbps. The rise in both frequency and scale indicates DDoS is increasingly being used as a strategic disruption tool against public-facing digital infrastructure.

Why it Matters

As end-user organizations themselves increasingly come under fire, the stakes for multi-layered cybersecurity continue to rise. In an environment where attacks are faster, more automated, and designed to disrupt operations in minutes, resilience must be built into the network itself, requiring organizations to think strategically about how their infrastructure detects, absorbs, and responds to disruption.

To download the full 2026 Cybersecurity Insights Report and explore how organizations can build resilient network architectures for today’s threat landscape, visit https://www.zayo.com/info/cybersecurity-insights-report/.

Methodology

Zayo’s 2026 Cybersecurity Insights Report analyzes DDoS attack activity observed across its global network between January 1 and December 31, 2025. Using network monitoring systems across Zayo’s backbone infrastructure spanning more than 400 markets, the report examines trends in attack frequency, magnitude, and duration to identify shifts in attacker behavior.

About Zayo

For more than 18 years, Zayo has empowered some of the world’s largest and most innovative companies to connect what’s next for their business. The Zayo group of companies connects 400 global markets with future-ready networks that span over 19.9 million fiber miles and 148,000 route miles. Zayo’s tailored connectivity solutions and managed services enable carriers, cloud providers, data centers, schools, and enterprises to deliver exceptional experiences, from core to cloud to edge. Discover how Zayo connects what’s next at www.zayo.com and follow us on LinkedIn.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260317649049/en/