The cybersecurity threat ecosystem evolved last year as perpetrators used AI to launch attacks and expand their reach. The shift spurred organizations to rethink defense strategies, creating new opportunities for security-oriented channel partners, according to communications infrastructure provider Zayo.
Distributed denial-of-service attacks — the bane of the telecom industry — spread to enterprises and organizations outside of the usual scope of operations, Zayo found. While fewer in number, falling slightly below 2024’s record volume, attacks were larger and harder to stop, forcing organizations — and partners — to react or risk costly consequences.
“The rise in AI, IoT devices and for-hire botnets has led us into a new era where DDoS attacks are a permanent and highly disruptive reality for all organizations,” Max Clauson, SVP of network connectivity at Zayo, said in a release accompanying the report earlier this month. “In this ‘new normal,’ cybersecurity can no longer operate as a standalone, reactive function.”
Zayo recorded more than 140,000 DDoS attacks last year, down from nearly 165,000 in 2024, but still far above 2023 levels.
Average attack size jumped significantly year over year, while average duration dropped to about 20 minutes. Nearly 90% of attacks now end in under 10 minutes, as attackers are prioritizing impact over endurance, Zayo found. They hit fast, cause chaos and move on before most organizations can react.
“The clearest takeaway is a tangible pivot from sustained campaigns of disruption to high-velocity, precision strikes overwhelming defenses in the shortest possible time frame,” Zayo said in the report.
That new reality is compressing response windows to the point where traditional cybersecurity solutions break down. By the time a human validates what’s happening, the damage likely is done.
Beyond telecom
As DDoS operations evolve, attackers are changing where they aim.
Telecommunications providers, long the primary prey, accounted for less than a quarter of attacks in 2025, down from 42% the year prior. Hackers instead went after end-user organizations that suffer immediate operational and financial consequences from downtime.
Education, one of the vulnerable sectors, now represents nearly a quarter of all DDoS activity, with attacks clustering around peak academic periods. Attacks on government agencies more than doubled as a share of total volume, while manufacturing — a sector where even brief disruptions can halt production lines — saw the largest average attack sizes.
“Rather than attempting to ‘break the internet,’ attackers are increasingly aiming to ‘break the business,’” Zayo noted in the report.
The stakes are high. Downtime costs organizations an average of about $6,000 per minute. Even a brief attack can wallop an organization with six-figure losses before longer-term impacts come into play.
Room for remediation
DDoS activity should serve as a clarion call for channel partners. Many organizations remain unprepared for faster, more devastating cyber attacks and need help shoring up defenses.
“Cybersecurity is no longer just about bolted-on tools, but how networks are designed, built and operated to ensure protection at every level,” according to Chris Nein, SVP of channel sales at Zayo.
“There is a clear gap between the ‘new normal’ of DDoS intensity and the current state of most customer environments,” Nein told Channel Dive. “Many are still operating with fragmented architectures — including multiple vendors, overlapping tools and limited visibility — which is increasing exposure.”
The market has shifted, too, according to Nein.
“Customers are now not just buying connectivity,” he said. They are looking for secure, high-performance environments that support distributed operations without added risk.”
Networking, another area in need of remediation, represents an opportunity for service providers.
“As more workloads move across hybrid environments and AI-driven applications accelerate data movement, the network itself becomes part of the security model,” Nein said. “That shift is critical for the channel.”
The networking piece is not to be underestimated.
“The role of the channel is evolving from selling individual services to helping customers simplify and modernize their networks by bringing together network, security and managed services into integrated architectures,” Nein said. “Partners who can reduce complexity and friction are the ones who will become more strategic.”
That evolution means pivoting from bundling services to designing environments.
“Security has usually been added on after the network is already in place, instead of being built into it from the start,” Nein said. “That approach is no longer working as attacks get faster and more targeted. Having too many separate tools and systems is now what creates risk.”
Treating security as a separate layer no longer works. End user organizations need a cybersecurity model that integrates connectivity, visibility and protection from the start — and partners can help.
“Partners who can bring network and security together in a simple, unified way will move beyond one-off deals and build long-term customer relationships,” Nein said.
