Back to blogs
MazeBolt Blog - DDoS Resilience Survey - Insights from 300

DDoS Resilience Survey – Insights from 300 Security Leaders

Stay Safe Online with Cyber Awareness Month 

When it comes to DDoS resilience, investment doesn’t always equal protection. That’s the key takeaway from MazeBolt’s new 2025 DDoS Resilience Survey, which Howard Silverman, VP of Marketing, and I explored in our recent CISO Heroes webinar.

The survey — conducted with 300 CISOs and senior security leaders in banking, financial services, and insurance — revealed a troubling truth: while organizations continue to increase spending on DDoS defenses, damaging DDoS downtime remains widespread.

As we mark Cyber Awareness Month this October, the insights from this session serve as an important reminder that cyber resilience in general, and DDoS resilience in particular, is an active, ongoing discipline. Awareness alone is not enough – organizations must continuously validate that their DDoS defenses perform as intended in real-world conditions.

Damaging DDoS Downtime Remains the Norm

Nearly every respondent in the survey reported experiencing at least one damaging DDoS attack in the past 12 months. Even with layered mitigation systems in place, 42% of organizations disclosed experiencing severe or extensive DDoS damage in the last three years.

The average enterprise faced 3.85 damaging DDoS incidents in the last 12 months — evidence that the traditional approach of reactive DDoS mitigation and occasional testing isn’t enough to prevent real-world downtime.

As Howard explained, many organizations assume their DDoS defenses are working as intended – but without ongoing validation, they can’t see where coverage is incomplete or where configuration drift has introduced new weaknesses.

Testing Frequency is Dangerously Low

The survey showed that 86% of enterprises test their DDoS defenses once a year or less, leaving long gaps where vulnerabilities can go unnoticed. Traditional DDoS testing methods are typically disruptive, requiring maintenance windows and manual oversight — so most teams avoid doing them often.

That gap between testing cycles is where attacks succeed. As summarized by Howard, continuous, nondisruptive DDoS validation addresses this issue by keeping defenses aligned with live network changes.

Automation is Widespread — but Still Not Enough

While 63% of respondents said their DDoS protections are mostly automated, nearly all of them — 99% — said that they still rely on manual intervention to verify results and correct configurations.

This manual oversight adds complexity and slows down remediation, especially across multi-vendor environments. Continuous DDoS testing provides the missing automation layer — confirming protection effectiveness in real time and giving security teams the confidence to act on verified data.

Limited Testing Leaves Thousands of Vulnerabilities Unseen

Another critical finding: 83% of organizations conduct fewer than 100 attack simulations in their DDoS testing programs. That means thousands of potential attack vectors remain untested.

In the webinar, I explained that even the most robust mitigation tools cannot perform well with untested scenarios that go undetected. In contrast, a continuous DDoS testing model can run thousands of nondisruptive simulations to expose those blind spots safely in production.

Awareness of Continuous DDoS Testing is Low – but its Value is Understood

Despite the challenges highlighted, the survey also revealed encouraging momentum: only 9% of respondents were familiar with continuous, nondisruptive testing, but 97% said they see significant value in adopting this approach.

I believe this shift toward proactive DDoS validation represents a turning point. CISOs now recognize that real DDoS resilience requires proof — not assumptions — that DDoS defenses are performing effectively.

Key Data Points from the 2025 DDoS Resilience Survey

  • 86% of organizations test DDoS defenses once a year or less
  • 42% reported severe or extensive DDoS damage in the last 3 years
  • 63% say their DDoS defenses are mostly automated
  • 99% still require manual intervention
  • 83% test fewer than 100 DDoS attack simulations
  • 9% are familiar with continuous, nondisruptive DDoS testing
  • 97% see value in automated DDoS vulnerability reporting
  • 3.85 average damaging DDoS incidents per organization in the past 12 months

Watch the Highlights

Catch the key moments from the webinar on YouTube:

A Call to Rethink DDoS Protection

The survey data underscores what MazeBolt has long observed in the field: Enterprises are spending millions on DDoS protections, yet our survey shows that they are still not getting what they need — true DDoS resilience that’s free of damaging DDoS attacks.”

Continuous, nondisruptive DDoS validation changes that. By running thousands of controlled simulations safely in live production environments, organizations can move from reactive DDoS mitigation to measurable, data-driven DDoS resilience.

As organizations worldwide recognize Cyber Awareness Month, MazeBolt’s message is clear: cybersecurity is everyone’s responsibility – but resilience begins with visibility. When it comes to DDoS, visibility can be obtained only through continuous, nondisruptive testing.

To learn more about what 300 CISOs and security leaders are saying about damaging DDoS downtime  – watch the webinar.

 

Skim Summary

MazeBolt’s recent webinar presented findings from the 2025 DDoS Resilience Survey, which gathered insights from 300 CISOs and senior security leaders in banking, financial services, and insurance. The discussion revealed that while organizations continue to increase spending on DDoS protection, damaging downtime remains a persistent challenge.

The webinar highlighted several critical data points:

  • 86% of organizations test DDoS defenses once a year or less.
  • 42% reported severe or extensive DDoS damage in the last year.
  • 83% run fewer than 100 simulations per test, leaving thousands of vulnerabilities unexamined.
  • 9% are familiar with continuous DDoS testing, but 97% believe it delivers clear value.

The webinar emphasized that defending against DDoS attacks is no longer just about DDoS protection solutions – it’s about validating that those protections actually work in real-world conditions, continuously and without requiring a maintenance window on live production services.

FAQ

Q: What was the main theme of the webinar?
A: The session explored the findings of MazeBolt’s 2025 DDoS Resilience Survey and examined why so many organizations still experience damaging DDoS downtime despite significant investments in mitigation technologies.

Q: Who participated in the discussion?
A: The webinar featured Howard Silverman, VP of Marketing at MazeBolt, and Aliza Israel, Senior Cyber Evangelist, who analyzed survey data and shared expert insights on DDoS validation practices.

Q: What key problems were highlighted?
A: The presenters discussed how traditional DDoS testing methods are typically infrequently done. The tests are manual (to varying degrees), and are disruptive to live production systems. They prevent teams from identifying DDoS misconfigurations and gaps in their layered DDoS defenses.

Q: What new insight did the data provide?
A: All respondents reported damaging DDoS downtime, even with advanced DDoS protection in place. Most test too infrequently to catch issues early; and traditional testing methods do not reflect live network conditions.

Q: Why is continuous DDoS testing so important?
A: Because infrastructure, configurations, and services change constantly. Continuous, nondisruptive DDoS testing provides ongoing visibility into the true effectiveness of DDoS defenses and helps close vulnerabilities before they cause damaging DDoS downtime.

Q: What was discussed about DDoS spending?
A: Although DDoS budgets are rising, protection effectiveness is not. The speakers explained that smarter DDoS validation and optimization of existing tools deliver greater returns than adding more DDoS mitigation products.

Q: How does MazeBolt’s RADAR™ fit into this?
A: RADAR enables organizations to test thousands of attack vectors safely in live production environments, continuously validating each defense layer and identifying DDoS gaps that traditional DDoS testing would miss.

Q: What was the key takeaway for security leaders?
A: DDoS resilience depends on DDoS visibility, not just investment. Continuous DDoS validation transforms defense readiness from a reactive posture to a proactive one that’s built on measurable, proven DDoS resilience.

Q: Why is this topic relevant now?
A: As Cyber Awareness Month highlights the importance of proactive security, MazeBolt’s findings emphasize that resilience depends on visibility. Continuous DDoS validation ensures that DDoS defenses are performing as expected every day of the year.

Q: Where can I access the report?
A: The full 2025 DDoS Resilience Survey, The State of DDoS Defenses, is available for download at mazebolt.com/resources/the-state-of-ddos-defenses.

Picture of Aliza Israel

Aliza Israel

Aliza Israel, Senior Cyber Evangelist at MazeBolt, is an experienced writer and blogger with hands-on knowledge of cybersecurity. Aliza is dedicated to conveying facts, figures, and insights that raise awareness of DDoS-related issues and other cybersecurity concerns that all organizations face.
View all posts by Aliza Israel

Stay Updated.
Get our Newsletter*

Recent posts