Record values in attack intensity and duration

The report highlights several record values in attack intensity and duration. While a single 1.4 Tbit/s attack was considered exceptional in 2024, three attacks surpassing 1 Tbit/s were recorded in 2025. The strongest attack measured was 1.33 Tbit/s, with over 120 million packets per second. A coordinated series of attacks totaled 509 terabytes of data, which corresponds to the daily data traffic of a medium-sized city of around 120,000 people, or over 170,000 hours of HD video streaming.

The increase in the duration of attacks is particularly alarming. The longest recorded attack lasted 12,388 minutes – over eight days straight. In 2025, active DDoS attacks were observed 88% of the time, equating to 322 days per year when systems in the Link11 network were targeted by attacks. This effectively makes the state of emergency the norm.

Understanding the Evolution of DDoS Attacks

The Rise of Persistent Threats

The report’s findings indicate a significant shift in the nature of DDoS attacks. What was once considered a disruptive one-off event is now a permanent strategic burden on digital business models. The data shows a greater than 70% probability that an initial attack will be followed by at least one additional attack. On average, 2.8 follow-up attacks were recorded after an initial incident – an 80% increase compared to the previous year.

This trend is not just about the frequency of attacks but also about their persistence. The longest recorded attack lasted over eight days straight, demonstrating the attackers’ ability to sustain their efforts over an extended period. This shift from short, intense attacks to prolonged, low-and-slow scenarios is a clear indication of the attackers’ strategic approach.

The Hybrid Threat: Volume, Endurance, and Precision

The report also highlights a strategic combination of high-volume attacks and long-lasting, low-and-slow scenarios. Attackers are not just focusing on the size of an attack but also on its endurance and adaptability. This hybrid approach is what makes modern DDoS campaigns so dangerous.

In addition to massive bandwidth, analysts have observed a shift in attack tactics. Attackers are systematically testing protective mechanisms, varying patterns in real time, and increasingly shifting their activities to the application level. This shift from network-level attacks to application-level attacks is a significant concern, as it bypasses traditional network protection measures and targets the very heart of digital business processes.

Rethinking Cyber Resilience

The Impact of DDoS Attacks on Business Models

The report’s findings make it clear that DDoS attacks are not just a technical problem anymore. These attacks directly impact revenue, reputation, Service Level Agreement (SLA) commitments, and regulatory requirements. Therefore, in addition to powerful, always-on DDoS protection, protecting web applications and APIs is becoming strategically important.

Modern attacks increasingly target Layer 7, imitate legitimate traffic, and cause gradual performance degradation without triggering classic alarm thresholds. This makes it crucial to adopt a holistic approach to cybersecurity, combining network protection, behavior-based analysis at the application level, and AI-supported bot detection.

The Role of Web Application & API Protection (WAAP)

Web Application & API Protection (WAAP) is a key recommendation for companies looking to secure their digital business processes. WAAP solutions provide a comprehensive approach to protecting web applications and APIs, ensuring that they can operate in a permanently stable and predictable manner.

WAAP solutions offer automated, AI-powered detection and mitigation of DDoS attacks, as well as integration of DDoS scenarios into business continuity and crisis plans. This holistic approach to cybersecurity is essential for companies looking to strengthen their cyber resilience and avoid business interruptions.

Building a Resilient Digital Future

The Importance of Always-on DDoS Protection

The Link11 European Cyber Report 2026 underscores the importance of always-on DDoS protection. Reactive emergency measures are no longer sufficient in the face of persistent and evolving cyber threats. Companies must adopt a proactive approach to cybersecurity, integrating DDoS protection into their overall security architecture.

Always-on DDoS protection provides continuous monitoring and mitigation of cyber threats, ensuring that businesses can operate in a stable and predictable manner. This approach is not just about protecting against current threats but also about building resilience against future cyber challenges.

The Role of AI in Cybersecurity

The report also highlights the role of AI in cybersecurity. AI-powered detection and mitigation of DDoS attacks are becoming increasingly important, as they provide a more proactive and adaptive approach to cybersecurity. AI can analyze large volumes of data in real time, identifying and mitigating cyber threats before they can cause significant damage.

AI-supported bot detection is another area where AI is making a significant impact. By analyzing user behavior and identifying patterns associated with malicious activity, AI can help companies detect and mitigate bot-based attacks, ensuring that their digital business processes remain secure and stable.

Conclusion

The Link11 European Cyber Report 2026 provides a comprehensive overview of the current state of cyber threats in Europe. The report’s findings highlight the need for a proactive and holistic approach to cybersecurity, combining always-on DDoS protection, Web Application & API Protection (WAAP), and AI-supported bot detection.

As cyber threats continue to evolve and become more sophisticated, companies must adopt a resilient and adaptive approach to cybersecurity. By integrating DDoS protection, WAAP solutions, and AI into their overall security architecture, companies can strengthen their cyber resilience and avoid business interruptions.

The digital battlefield is far from over, but with the right strategies and technologies, companies can build a resilient digital future and withstand the ongoing battle against cyber threats.

FAQ

What are DDoS attacks?

DDoS attacks, or Distributed Denial of Service attacks, are a type of cyber attack where multiple compromised systems, known as bots, are used to target a single system and cause a denial of service. This can result in the targeted system becoming unavailable to its intended users.

What is the impact of DDoS attacks on businesses?

DDoS attacks can have a significant impact on businesses, including revenue loss, reputational damage, and compliance issues. They can also disrupt business operations and cause significant financial losses.

What is Web Application & API Protection (WAAP)?

Web Application & API Protection (WAAP) is a type of cybersecurity solution that provides protection for web applications and APIs. WAAP solutions offer a comprehensive approach to protecting against a range of cyber threats, including DDoS attacks, SQL injection, and cross-site scripting (XSS).

What is the role of AI in cybersecurity?

AI plays a crucial role in cybersecurity, providing a more proactive and adaptive approach to detecting and mitigating cyber threats. AI can analyze large volumes of data in real time, identifying and mitigating threats before they can cause significant damage. AI-supported bot detection is another area where AI is making a significant impact.

What is always-on DDoS protection?

Always-on DDoS protection is a type of cybersecurity solution that provides continuous monitoring and mitigation of DDoS attacks. Unlike reactive emergency measures, always-on DDoS protection ensures that businesses can operate in a stable and predictable manner, even in the face of persistent and evolving cyber threats.

What is the Link11 European Cyber Report 2026?

The Link11 European Cyber Report 2026 is a comprehensive overview of the current state of cyber threats in Europe. The report provides insights into the nature and impact of DDoS attacks, as well as recommendations for building a resilient digital future.