In certain instances, we may earn revenue when a reader makes a purchase or completes a form through our pages or on a partner’s website. We adhere to a strict 
What does cybersecurity readiness look like in 2025? That question has never felt more urgent. According to Cloudflare’s latest Q1 DDoS Threat Report, 20.5 million attacks were blocked in just three months, 96% of which they mitigated in 2024.
Cloudflare reportedly blocked the most intense packet-rate attack it has ever seen, hitting a staggering 4.8 billion packets per second. Attacks are getting faster, harder to trace, and far more sophisticated, forcing businesses to rethink what readiness means.
Techopedia spoke with Christian Reilly, Field CTO for EMEA at Cloudflare, to discuss which industries are holding their ground and why others are falling behind.
Key Takeaways
- Cloudflare blocked 20.5 million DDoS attacks in just three months.
- The fastest attack hit 4.8 billion packets per second.
- Digital-first industries are far better prepared than legacy sectors.
- Simplicity and clarity are outperforming complex security stacks.
- Culture-focused training helps users spot and report real threats.
- AI and quantum risks are rising faster than most teams can track.
- Show Full Guide
Volume Is Up & Time to Respond Is Down
The Q1 report revealed a 358% increase in DDoS attacks compared to the same time last year. The most extreme events included floods of 6.5 terabits per second, which Cloudflare says “matches the highest bandwidth attacks ever reported.”
Even more concerning, some of these attacks lasted under 40 seconds. Christian Reilly said:
“You simply don’t have time to respond manually. By the time a security analyst sees the alert, the damage could already be done.”
Cloudflare’s report echoed that reality: “Even the largest, record-breaking, hyper-volumetric DDoS attacks can be very short, such as the 35-second attack… 35 seconds, or even 10 minutes, is not a sufficient time for manual mitigation or activating an on-demand solution.”
In Q1, 99% of Layer 3 and 4 attacks were under 1 Gbps, and 94% of HTTP DDoS attacks were under 1 million requests per second. Yet even those levels can overwhelm unprotected systems. The attacks may be short, but the recovery period isn’t. Reilly says, “Even short attacks can trigger issues that take days to recover from.”
Digital-Native Businesses Are Holding the Line
Gaming companies. Online financial services. Media and entertainment platforms. These are the industries that are weathering the storm.
But it’s not because they’re less targeted. Quite the opposite. Reilly told Techopedia:
“If your revenue is tied directly to an online service, you don’t have a choice. You have to get serious about resilience.”
He pointed out that these businesses are often younger, more cloud-native, and less burdened by legacy infrastructure. That gives them an edge.
“It’s not unusual for digital native businesses to be less burdened by historical technology. They tend to use more cloud-provided tech, which still has risks but also enables better agility,” he added.
These companies also have board-level awareness of the risks. When your income depends on uptime, cybersecurity isn’t a side project. It’s embedded in everything.
“It’s becoming increasingly important, if not mission-critical, to garner board-level support for cybersecurity initiatives,” Reilly stressed. “I’ve seen a huge shift in the role of the CISO… articulating trends and threats in a language the board can understand.”
“The elevation of these discussions to the board becomes supercritical to attaining a level of cyber resilience that’s contextual to their business,” he said.
Education & Healthcare Are Playing Catch-Up
Public sectors like healthcare and education still struggle with fragmented systems and older tech stacks. They also often underestimate their appeal to attackers.
Reilly believes, “There’s a big difference between how organizations understand the attractiveness of their systems to bad actors and the likelihood of an attack.”
Legacy systems mean more patching, more complexity, and less flexibility. Combine that with underfunded IT departments and a limited view of cybersecurity as a strategic priority, and you have a risky combination. Attackers don’t ignore these sectors. They’re targeted precisely because they’re less prepared.
One of the clearest takeaways from our conversation was that effective cybersecurity strategies are usually simple. That might seem counterintuitive in a world obsessed with multi-layered, best-of-breed solutions. But as Reilly noted, that complexity often backfires.
He said:
“Over the years, we’ve gone for best-of-breed in everything. What that’s led to is a patchwork of security tools that are hard to observe, manage, and don’t work together.”
Instead, the most resilient firms streamline their approach. They ensure that security doesn’t disrupt the user experience. If protections frustrate users, they find ways to bypass them. That introduces new risks and blindsides security teams.
“You can’t secure what you don’t know about,” Christian reminded.
DDoS attacks are no longer isolated incidents. 🚨
From finance to healthcare, no sector is safe. Cyber Threat Horizon delivers real-time, industry-specific data so you can understand where the biggest risks are coming from.
🔍 See the data for yourself.
— NETSCOUT (@NETSCOUT) January 2, 2025
Cybersecurity Culture Starts with Personal Relevance
One of the most common headlines in this space is that humans are the weakest link in cybersecurity. But Christian Reilly disagrees with that framing. He believes education is the fix and not just generic compliance training. He said:
“The best companies make it personal. They don’t just run annual training. They help employees understand the difference between protecting company data and protecting photos of your kid’s graduation is almost none.”
He praised organizations that focus on building awareness without punishing mistakes. Phishing remains the number one attack vector, and errors are inevitable. But if employees fear consequences for reporting, they stay quiet.
Reilly explained:
“Culture change matters here. You can’t penalize people for clicking a link if you want them to speak up.”
AI & Quantum Are Raising the Stakes
Looking ahead, Reilly flagged two major areas of concern: artificial intelligence (AI) and quantum computing. While the latter may still feel like a future issue, it presents a worrying possibility.
Christian warned:
“Harvest Now, Decrypt Later. That means that even if quantum computing isn’t ready now, some cryptography can be stored now and potentially broken later.”
Cloudflare has been investing in post-quantum cryptography for several years. This includes upgrades to their core services and public education efforts. On the AI front, Christian pointed to the rising risk of generative and agentic models used in social engineering attacks.
The pressure is now on organizations to secure what goes into and comes out of AI systems.
“How do I validate the inputs? How do I verify the responses? Those are the new questions security leaders are asking,” Reilly said.
With autonomous agents looking at vast data sources and making decisions, many leaders will question responsibility and who they report to.
Source of Attacks: Closer Than You Think
The top sources of DDoS attacks weren’t obscure dark web outfits. Many originated from recognizable cloud and hosting providers. Cloudflare identified ASNs from companies like Hetzner, OVH, DigitalOcean, Tencent, Microsoft, and Oracle as recurring sources.
This raises another uncomfortable reality. Attackers use mainstream infrastructure to launch attacks, intentionally or through exploitation. It also highlights why cross-industry collaboration matters.
To that end, Cloudflare offers service providers a free botnet threat feed. Over 600 organizations have signed up. It’s one step toward better collective defense, but more will be needed.
New record #DDoS attack: 5.8 Tbps peak. @Cloudflare systems automatically mitigated without any human intervention or anything slowing down. If you’re not using us for DDoS mitigation, call your current provider and ask what will happen when this beast comes for them. pic.twitter.com/JMiURFB78K
— Matthew Prince 🌥 (@eastdakota) April 24, 2025
Industry Rankings Tell Their Own Story
- In Q1 2025, Germany topped the list of most-attacked countries.
- Turkey and China followed.
- The gambling and casino sector saw the highest number of attacks.
- The aerospace sector jumped 40 spots into the top 10. That kind of leap is hard to ignore.
From Reilly’s vantage point, there’s a simple reason for these shifts. He said:
“Threat actors go where the reward is high, and the resistance is low. It’s not personal. It’s opportunistic.”
That includes targeting countries with key infrastructure, industries that can’t afford downtime, and sectors experimenting with newer tech stacks.
The Bottom Line
Christian Reilly believes the biggest challenge for most security operations centers is the sheer volume of information they must comb through and examine. But, optimistically, he believes that we will see a whole new AI-enabled security operations center and incident response team shaping a new autonomous security posture.
“If we had a perfect scenario, it would be for the end users to have an easy button to report suspicious links, emails, or activity, and for problems to be autonomously dealt with,” Reilly concluded.
Organizations are already struggling with alert fatigue, and SOC teams are drowning in signals. The message is clear. Without AI and automation, they’ll miss the ones that matter.
