DDoS Attacks Became A Constant, Link11

by

Estimated reading time: 6 minutes

DDoS Attacks Shift From Shock Events To Operating Conditions

DDoS attacks now look less like rare cyber emergencies and more like a standing business hazard. This shift is at the heart of Link11’s European Cyber Report 2026. The report argues that digital availability now ranks alongside revenue, trust, and operational continuity. It notes that cyberattacks are “designed to have an operational impact” and warns that what once appeared as an isolated disruption now poses “a structural risk to value creation.”

Link11’s 2025 data explains why this change is important. Attacks on its network increased by 75% compared to the previous year, following a 137% rise in 2024. At one point, there were 1,247 attacks in a single day. The report says this is the new normal, not just a temporary spike. It calls DDoS attacks a “permanent basic load on digital infrastructures.” This has major business and security consequences.

That language matters for both cyber insurance and cybersecurity. It shifts the discussion away from incident response theater and toward actual cyber resilience. Link11 CEO Jens-Philipp Jung put it bluntly: “Those who only react when an attack occurs have already lost. Resilience must be permanent, automated, and architecturally anchored.”

Graphic showing a digital map of Europe with network connections, the headline “DDoS Attacks Became A Constant,” and the Link11 logo, illustrating cyber resilience, cyberattack risk, and cyber insurance exposure across connected digital infrastructure.

Terabit DDoS Cyberattacks And Eight-Day Campaigns Raise The Stakes

The report shows that big attack sizes now come with another problem: endurance. In 2025, Link11 saw three attacks over 1 Tbit/s. The largest was about 1.33 Tbit/s and over 120 million packets per second. These numbers are no longer rare. The report says terabit-scale attacks now happen regularly. While size matters, the real change is in how long attacks last.

The more important finding may be duration. Link11 says the longest mitigated DDoS attack in 2025 lasted 12,388 minutes, or more than eight days. In 2024, the longest attack lasted 2,689 minutes. That is a brutal change in operating tempo. The report also says active DDoS attack conditions existed 88% of the time in 2025. That equals 322 days under attack load. It calls this the point where “the digital state of emergency has effectively become the norm.” This new normal prompts businesses to reconsider their response frameworks.

See also  Digital Healthcare Booms Amid Rising Cyber and AI Risks - CFC Report Finds

This finding is a warning for any business that still sees DDoS as a short-term problem. Link11 says response plans made for short attacks do not work when attacks last for days. Ongoing pressure wears out

Repeat Cyberattacks Make Reactive Defense Look Thin

The report also rejects the idea of the one-off cyberattack. Link11 says the probability of follow-up attacks now exceeds 70%. After an initial incident, organizations saw an average of 2.8 further attacks. That marks an increase of about 80% from the prior year. The report says companies increasingly face “a targeted siege” rather than a single disruptive blow.

That has direct business meaning. A firm can survive one ugly day. A firm may struggle with recurring cyberattacks that pressure customer access, staff judgment, and service commitments. Link11 says cyber resilience now requires systems that remain stable under sustained attack, automated systems that scale, and long-term planning rather than temporary fixes.

The report warns against relying on old assumptions about attack origins. Geo-blocking is less effective as modern attacks leverage distributed infrastructure and compromised systems globally. Today, static filters are insufficient; behavior-based analysis is needed.

Business Interruption Means Slowdown, Degradation, And Lost Sales

This is where the report stands out among vendor documents: it moves beyond spectacular outages to focus on slow harm. The WAAP section notes that modern attacks aim to “discreetly disrupt digital business processes.” It describes “creeping service degradation,” rising operating costs, and “lost revenue due to interrupted processes and declining user satisfaction.” The report further warns that “business operations are already being affected,” even when traditional alarms remain silent.

This point is important. Many businesses only look for downtime and miss other signs of failure. Link11’s case studies show this can hide real problems. In one public-sector case, a platform slowed down without clear signs of an cyberattack, leading to lost trust, more support requests, and political pressure. In a trading platform case, defenses worked because the operator noticed patterns at the application layer. Finally, an e-commerce case, slow pages led to fewer sales, even though no usual security alarms went off.

See also  Cyber Risk Management Surge: New Report Shows Rising Threats and Bigger 2026 Security Budgets

Jag Bains sums up: “The size of an attack is no longer the decisive criterion.” Instead, successful assaults mimic legitimate traffic, stay below thresholds, and gradually degrade systems.

Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!

WAAP And DNS Security Move Into The Strategic Core

Link11 says that protecting web applications and APIs should now be central to cyber resilience planning. The reason is clear: digital business relies more and more on applications, APIs, and trust relationships. Attackers are aware of this. The report says 96% of traffic that claimed to be from Googlebot in the Link11 network was fake. This shows how easily attackers can take advantage of default trust settings.

The company also highlights the importance of DNS security. This part is less about the size of DDoS attacks and more about trusting the infrastructure. The report says that availability without integrity is weak. It recommends using DNSSEC as a basic control and says DNS should not be seen as just a technical detail. Business leaders should pay attention to this. Redirected traffic, poisoned caches, and hidden abuse can disrupt operations just like a major attack.

The report reaches a strong conclusion, even if it shows the vendor’s influence. Cyber resilience is now a management discipline, not just a checklist. DDoS attacks are a constant threat as businesses rely more on digital services. Companies that wait for clear outages are missing the real warning signs. The real damage may already be happening.

FAQ: DDoS Attacks And Link11’s European Cyber Report 2026

2. How much did attacks increase?

Link11 says documented attacks in its network rose 75% in 2025.

3. Were terabit-scale attacks rare?

No. The report says attacks above 1 Tbit/s became recurring events.

4. What was the largest attack recorded?

The strongest measured attack reached about 1.33 Tbit/s.

5. How long did the longest attack last?

It lasted 12,388 minutes, or more than eight days.

6. Why does duration matter so much?

Long attacks exhaust teams, strain systems, and raise business interruption risk.

7. Does the report say attacks often return?

Yes. It says more than 70% of targets faced at least one follow-up attack.

8. How do these attacks affect business operations?

They can disrupt processes, slow services, cut sales, and hurt customer trust.

9. What kind of attacks worry Link11 most?

Hybrid attacks that combine volume, endurance, and application-layer precision.

10. What does the report recommend?

Always-on DDoS protection, WAAP, automated mitigation, and continuity planning.

Martin Hinton

Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.


Leave a Comment

×