Majority Unprepared to Mitigate DDoS Attacks, Survey Says

Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today’s threat landscape.

In a new report titled Cyber Security on the Offense: A Study of IT Security Experts the Ponemon Institute and Radware found that while 65 percent of organizations experienced an average of three distributed denial-of-service (DDoS) attacks in the past 12 months, less than half reported being vigilant in monitoring for attacks – much less putting into practice proactive and preventative measures to protect their organizations.

“The reality is that cyber threats are outpacing security professionals, leaving most organizations vulnerable and unprepared,” said Avi Chesla, chief technology officer, Radware. “From hacktivists to cyber criminals, companies live under the constant threat of assaults that contribute to lost revenue and serious reputational damage. It’s critical that organizations take immediate action after reading this report. IT managers have to advocate for a multi-layered approach that also takes in account countermeasures to prevent threats before they inflict significant damage.”

Key findings from the report include:

- Availability is the top cyber security priority for organizations today. Gone are the days where companies could solely concern themselves with data leakage and integrity based attacks. Unlike the past few years, where many organizations focused on confidentiality and integrity-based attacks, respondents noted a major shift in their security objectives, ranking denial-of-service (DoS) and DDoS as two of the top three threats their organizations face today.

- DDoS attacks cost companies 3.5 million dollars every year. Although respondents cited a lack of budget as one of the major impediments to shoring up cyber security, it’s clear that organizations will pay a much higher price for their lack of preparedness. 65 percent reported experiencing an average of three DDoS attacks in the past 12 months, with an average downtime of 54 minutes per attack. With the cost for each minute of downtime amounting to as much as $100,000 per minute - including lost traffic, diminished end-user productivity and lost revenues - it is no surprise that respondents ranked availability as their top cyber security priority.

- 63 percent rate their organization’s offensive countermeasure capabilities as below average. While 60 percent say they want technology that slows down or even halts an attacker’s computer, the majority of respondents give their organizations an average or below average rating when it comes to their ability to launch counter measures. With 75 percent of organizations still relying on anti-virus and anti-malware to protect themselves from attacks, it’s clear that the old adage, “the best defense is a good offense” is not being practiced by most firms.

- Organizations are more vulnerable than ever before. With respondents ranking lack of system visibility (34 percent), mobile/remote employees (32 percent) and negligent insiders (31 percent) as their top three areas of greatest cyber security risk, it’s clear that threats can come from a number of new sources including the Bring Your Own Device (BYOD) movement. Even more disturbing, today’s threats are multi-layered, targeting not only networks but the data and application levels as well.

“There is a frightening gap that exists between the increasing severity of cyber attacks and the level of preparedness that exists in the industry,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “The report’s findings make clear that now is the time for organizations to begin making critical changes to their security approaches in order to stave off the potentially devastating costs associated with a lack of preparedness and adequate defenses.”

About the Survey

The research for Cyber Security on the Offense: A Study of IT Security Experts was co-authored by the Ponemon Institute and Radware. The report surveyed 705 US based IT and IT security practitioners responsible for managing their organization’s cyber security activities. 62 percent of the respondents surveyed were at the supervisor level or higher with an average of more than 11 years of experience. 65 percent of respondents were from organizations with a global headcount of more than one thousand and the primary industry segments for the report included financial services and the public sector as well as healthcare and pharmaceuticals. The survey consisted of 35 questions on respondents’ perceptions of and experiences with their organization’s cyber security infrastructure and the types of threats they now face.

Hot Topic

The Latest

Not All Networks Are Built for the Edge

From smart factories and autonomous vehicles to real-time analytics and intelligent building systems, the demand for instant, local data processing is exploding. To meet these needs, organizations are leaning into edge computing. The promise? Faster performance, reduced latency and less strain on centralized infrastructure. But there's a catch: Not every network is ready to support edge deployments ...

Why Observability Is the Missing Piece in Your Business Growth

Every digital customer interaction, every cloud deployment, and every AI model depends on the same foundation: the ability to see, understand, and act on data in real time ... Recent data from Splunk confirms that 74% of the business leaders believe observability is essential to monitoring critical business processes, and 66% feel it's key to understanding user journeys. Because while the unknown is inevitable, observability makes it manageable. Let's explore why ...

Gartner: Regular AI System Assessments Triple the Likelihood of High GenAI Value

Organizations that perform regular audits and assessments of AI system performance and compliance are over three times more likely to achieve high GenAI value than organizations that do not, according to a survey by Gartner ...

Beyond Autoscaling: What True Kubernetes Optimization Actually Requires

Kubernetes has become the backbone of cloud infrastructure, but it's also one of its biggest cost drivers. Recent research shows that 98% of senior IT leaders say Kubernetes now drives cloud spend, yet 91% still can't optimize it effectively. After years of adoption, most organizations have moved past discovery. They know container sprawl, idle resources and reactive scaling inflate costs. What they don't know is how to fix it ...

Is Your Network Ready for the AI Boom? 5 Overlooked Stress Points

Artificial intelligence is no longer a future investment. It's already embedded in how we work — whether through copilots in productivity apps, real-time transcription tools in meetings, or machine learning models fueling analytics and personalization. But while enterprise adoption accelerates, there's one critical area many leaders have yet to examine: Can your network actually support AI at the speed your users expect? ...

Keeping Your Business Stable When Going Through an IT Disaster

The more technology businesses invest in, the more potential attack surfaces they have that can be exploited. Without the right continuity plans in place, the disruptions caused by these attacks can bring operations to a standstill and cause irreparable damage to an organization. It's essential to take the time now to ensure your business has the right tools, processes, and recovery initiatives in place to weather any type of IT disaster that comes up. Here are some effective strategies you can follow to achieve this ...

How Engineers Can Use AIOps to Innovate Their Infrastructure

In today's fast-paced AI landscape, CIOs, IT leaders, and engineers are constantly challenged to manage increasingly complex and interconnected systems. The sheer scale and velocity of data generated by modern infrastructure can be overwhelming, making it difficult to maintain uptime, prevent outages, and create a seamless customer experience. This complexity is magnified by the industry's shift towards agentic AI ...

MEAN TIME TO INSIGHT Podcast - Episode 19: The AWS Outage

In MEAN TIME TO INSIGHT Episode 19, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA explains the cause of the AWS outage in October ... 

Cloud Migration Delays Are Putting Businesses at Risk

The explosion of generative AI and machine learning capabilities has fundamentally changed the conversation around cloud migration. It's no longer just about modernization or cost savings — it's about being able to compete in a market where AI is rapidly becoming table stakes. Companies that can't quickly spin up AI workloads, feed models with data at scale, or experiment with new capabilities are falling behind faster than ever before. But here's what I'm seeing: many organizations want to capitalize on AI, but they're stuck ...

Understanding the Plight of Today's IT Pro

On September 16, the world celebrated the 10th annual IT Pro Day, giving companies a chance to laud the professionals who serve as the backbone to almost every successful business across the globe. Despite the growing importance of their roles, many IT pros still work in the background and often go underappreciated ...

Majority Unprepared to Mitigate DDoS Attacks, Survey Says

Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today’s threat landscape.

In a new report titled Cyber Security on the Offense: A Study of IT Security Experts the Ponemon Institute and Radware found that while 65 percent of organizations experienced an average of three distributed denial-of-service (DDoS) attacks in the past 12 months, less than half reported being vigilant in monitoring for attacks – much less putting into practice proactive and preventative measures to protect their organizations.

“The reality is that cyber threats are outpacing security professionals, leaving most organizations vulnerable and unprepared,” said Avi Chesla, chief technology officer, Radware. “From hacktivists to cyber criminals, companies live under the constant threat of assaults that contribute to lost revenue and serious reputational damage. It’s critical that organizations take immediate action after reading this report. IT managers have to advocate for a multi-layered approach that also takes in account countermeasures to prevent threats before they inflict significant damage.”

Key findings from the report include:

- Availability is the top cyber security priority for organizations today. Gone are the days where companies could solely concern themselves with data leakage and integrity based attacks. Unlike the past few years, where many organizations focused on confidentiality and integrity-based attacks, respondents noted a major shift in their security objectives, ranking denial-of-service (DoS) and DDoS as two of the top three threats their organizations face today.

- DDoS attacks cost companies 3.5 million dollars every year. Although respondents cited a lack of budget as one of the major impediments to shoring up cyber security, it’s clear that organizations will pay a much higher price for their lack of preparedness. 65 percent reported experiencing an average of three DDoS attacks in the past 12 months, with an average downtime of 54 minutes per attack. With the cost for each minute of downtime amounting to as much as $100,000 per minute - including lost traffic, diminished end-user productivity and lost revenues - it is no surprise that respondents ranked availability as their top cyber security priority.

- 63 percent rate their organization’s offensive countermeasure capabilities as below average. While 60 percent say they want technology that slows down or even halts an attacker’s computer, the majority of respondents give their organizations an average or below average rating when it comes to their ability to launch counter measures. With 75 percent of organizations still relying on anti-virus and anti-malware to protect themselves from attacks, it’s clear that the old adage, “the best defense is a good offense” is not being practiced by most firms.

- Organizations are more vulnerable than ever before. With respondents ranking lack of system visibility (34 percent), mobile/remote employees (32 percent) and negligent insiders (31 percent) as their top three areas of greatest cyber security risk, it’s clear that threats can come from a number of new sources including the Bring Your Own Device (BYOD) movement. Even more disturbing, today’s threats are multi-layered, targeting not only networks but the data and application levels as well.

“There is a frightening gap that exists between the increasing severity of cyber attacks and the level of preparedness that exists in the industry,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “The report’s findings make clear that now is the time for organizations to begin making critical changes to their security approaches in order to stave off the potentially devastating costs associated with a lack of preparedness and adequate defenses.”

About the Survey

The research for Cyber Security on the Offense: A Study of IT Security Experts was co-authored by the Ponemon Institute and Radware. The report surveyed 705 US based IT and IT security practitioners responsible for managing their organization’s cyber security activities. 62 percent of the respondents surveyed were at the supervisor level or higher with an average of more than 11 years of experience. 65 percent of respondents were from organizations with a global headcount of more than one thousand and the primary industry segments for the report included financial services and the public sector as well as healthcare and pharmaceuticals. The survey consisted of 35 questions on respondents’ perceptions of and experiences with their organization’s cyber security infrastructure and the types of threats they now face.

Hot Topic

The Latest

Not All Networks Are Built for the Edge

From smart factories and autonomous vehicles to real-time analytics and intelligent building systems, the demand for instant, local data processing is exploding. To meet these needs, organizations are leaning into edge computing. The promise? Faster performance, reduced latency and less strain on centralized infrastructure. But there's a catch: Not every network is ready to support edge deployments ...

Why Observability Is the Missing Piece in Your Business Growth

Every digital customer interaction, every cloud deployment, and every AI model depends on the same foundation: the ability to see, understand, and act on data in real time ... Recent data from Splunk confirms that 74% of the business leaders believe observability is essential to monitoring critical business processes, and 66% feel it's key to understanding user journeys. Because while the unknown is inevitable, observability makes it manageable. Let's explore why ...

Gartner: Regular AI System Assessments Triple the Likelihood of High GenAI Value

Organizations that perform regular audits and assessments of AI system performance and compliance are over three times more likely to achieve high GenAI value than organizations that do not, according to a survey by Gartner ...

Beyond Autoscaling: What True Kubernetes Optimization Actually Requires

Kubernetes has become the backbone of cloud infrastructure, but it's also one of its biggest cost drivers. Recent research shows that 98% of senior IT leaders say Kubernetes now drives cloud spend, yet 91% still can't optimize it effectively. After years of adoption, most organizations have moved past discovery. They know container sprawl, idle resources and reactive scaling inflate costs. What they don't know is how to fix it ...

Is Your Network Ready for the AI Boom? 5 Overlooked Stress Points

Artificial intelligence is no longer a future investment. It's already embedded in how we work — whether through copilots in productivity apps, real-time transcription tools in meetings, or machine learning models fueling analytics and personalization. But while enterprise adoption accelerates, there's one critical area many leaders have yet to examine: Can your network actually support AI at the speed your users expect? ...

Keeping Your Business Stable When Going Through an IT Disaster

The more technology businesses invest in, the more potential attack surfaces they have that can be exploited. Without the right continuity plans in place, the disruptions caused by these attacks can bring operations to a standstill and cause irreparable damage to an organization. It's essential to take the time now to ensure your business has the right tools, processes, and recovery initiatives in place to weather any type of IT disaster that comes up. Here are some effective strategies you can follow to achieve this ...

How Engineers Can Use AIOps to Innovate Their Infrastructure

In today's fast-paced AI landscape, CIOs, IT leaders, and engineers are constantly challenged to manage increasingly complex and interconnected systems. The sheer scale and velocity of data generated by modern infrastructure can be overwhelming, making it difficult to maintain uptime, prevent outages, and create a seamless customer experience. This complexity is magnified by the industry's shift towards agentic AI ...

MEAN TIME TO INSIGHT Podcast - Episode 19: The AWS Outage

In MEAN TIME TO INSIGHT Episode 19, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA explains the cause of the AWS outage in October ... 

Cloud Migration Delays Are Putting Businesses at Risk

The explosion of generative AI and machine learning capabilities has fundamentally changed the conversation around cloud migration. It's no longer just about modernization or cost savings — it's about being able to compete in a market where AI is rapidly becoming table stakes. Companies that can't quickly spin up AI workloads, feed models with data at scale, or experiment with new capabilities are falling behind faster than ever before. But here's what I'm seeing: many organizations want to capitalize on AI, but they're stuck ...

Understanding the Plight of Today's IT Pro

On September 16, the world celebrated the 10th annual IT Pro Day, giving companies a chance to laud the professionals who serve as the backbone to almost every successful business across the globe. Despite the growing importance of their roles, many IT pros still work in the background and often go underappreciated ...