DDoS Attacks in 2023 Cost Businesses $500K on Average, Reveals Zayo Data

Zayo NetworksIn the latter half of 2023, the digital landscape witnessed an alarming escalation in Distributed Denial of Service (DDoS) attacks, both in their intensity and financial toll on businesses, as detailed in Zayo Group’s latest bi-annual DDoS Insights Report. The study highlights a sharp rise in the typical length and complexity of these cyberattacks, highlighting a rising danger to cybersecurity defenses and global business operations.

Zayo Group’s findings reveal a significant surge in the impact of DDoS attacks on the corporate world. The average DDoS attack duration in 2023 was 68 minutes, which is a significant amount, but not nearly as much as the financial consequences for unprepared organizations. These DDoS attacks resulted in an average loss of $408,000 per event for unprotected firms, costing them $6,000 per minute on average. This statistic clearly illustrates the financial devastation these cyberattacks can inflict.

The escalation in DDoS attack duration would particularly be alarming, with the average length of attacks increasing by over 400 percent from the first quarter to the fourth quarter of 2023, leaping from 24 minutes to an extensive 121 minutes. This trend would not only signify a worrying shift from a security standpoint but also emphasize the increasing cost implications for businesses worldwide.

Although the number of DDoS attacks increased by 200% in the first few months of 2023 compared to the whole year 2022, the second half of the year saw a little decline. However, from the first to the fourth quarter of 2023, DDoS attack activity increased by 16% across all sectors. As these attacks have evolved from volumetric to multi-vector strategies, focusing on particular elements like IP addresses, email accounts, and databases, defensive and detection systems are faced with an increasingly difficult task, according to Zayo’s report.

Artificial intelligence (AI) plays two roles in this changing cyberwarfare, according to Anna Claiborne, Senior Vice President of Network Connectivity at Zayo. Cybercriminals are using AI technology to increase the complexity of their DDoS attacks, posing a challenge to established cybersecurity measures. In contrast, AI is also facilitating mitigation strategies by offering adaptable defenses against these always changing risks. DDoS attacks are still a profitable endeavor for hackers, Claiborne argues, portraying these cyberattacks as a severe need for companies despite developments in prevention.

The industry-specific findings from the report paint a detailed picture of the cyber threat landscape:

  • With about 13,000 events, or around 40% of the total DDoS attack volume, the telecommunications industries were the target of the majority of these attacks.
    Attack sizes averaged 2.5 Gbps, with the retail and healthcare industries seeing the most frequent assaults.
  • Attacks on government institutions lasted the longest, ranging from four hours in the first part of the year to eighteen hours in the second.
    Since botnets for hire are very cheap and cybersecurity vulnerabilities are common, educational institutions – which accounted for 17% of all DDoS attack volume – were identified as being especially susceptible.
  • The persistence of DDoS attacks would underscore a critical challenge for businesses of all sizes and across various sectors. These cyber threats entail not only substantial financial costs but also reputational damage and the potential for significant customer turnover, stated Zayo in its report. Factors such as increased digitization, political unrest, and the shift towards hybrid work environments contribute to a landscape ripe for exploitation by cybercriminals.
  • According to Zayo, there is an urgent need for advanced and proactive DDoS security systems due to the sophisticated nature of these DDoS attacks, which are typically timed to coincide with a business’s peak operating hours and are becoming more automated via the use of bots.

“Most people on the Internet aren’t plotting a DDoS attack, but the internet is a big place and Dark Web crime is the fastest growing business on Earth,” said Eric O’Neill, National Security Strategist at VMware Carbon Black. “We’re in an attacker’s market and they are leveraging sophisticated technologies and cutting-edge techniques to innovate the way they deceive, disrupt and destroy our most critical data. To stop the attackers from gaining the upper hand, we need DDoS protection that is as easy and effective as turning on a switch.”


More than 103,000 threat detections and mitigations that Zayo clients encountered in 2023 were examined in this research. From January 1, 2023, to December 31, 2023, 14 industries and areas in Western Europe and North America are covered by the data. Remarkably, 31,000 of these DDoS attacks happened in the second half of 2023, compared to 72,000 in the first half.

Go to Zayo’s report by clicking here to see the whole document.