DDoS Protection is Like Airbags in Your Car

A few months ago, a friend of mine was involved in a serious car accident. An oncoming truck strayed out of its lane and side-swiped the entire length of her car. Luckily, the car’s airbags and seat belts protected her from severe bodily harm, and a few weeks later (and with a brand new car…) she was up and about again.

I was reminded of this story a few weeks ago during a discussion with a customer. They hadn’t been attacked in a long time and began to wonder whether they still needed DDoS protection at all.

But just as we would never take out the airbags out of a car because we have never been involved in a serious accident, so we shouldn’t cut back on cyber defenses just because we hadn’t had a major attack in a while.

The Probability is Low but the Risks are Severe

According to Radware’s 2019-2020 Global Application and Network Security Report, 33% of organizations reported being attacked by DDoS in the prior year.

While this is certainly a threatening figure, looked at the other way around, it means that two-thirds of organizations did not experience a DDoS attack in the last 12 months.

[You may also like: 3 Reasons Why DDoS Protection is Your Best Investment]

Stretch the statistic back, and it means that in the past two years, about 45% of organizations did not experience an attack, 30% did not experience an attack in the past three years, and 20% have not see an attack in the past four years. And stretch it back even further – it means that about one in eight organizations has not been attacked in the past five years.

This has led many organizations – quite sensibly – to wonder why they still need to go through the hassle and expense of deploying dedicated DDoS protections.

The problem, however, is that like car accidents, DDoS attacks may occur infrequently, but once they happen – the damages are severe.

[You may also like: 5 Myths About DDoS in 2020]

Revenue Depends on Availability

Ultimately, most organizations’ revenue depends on customers being able to reach their services.

According to a study by Gartner, the average cost of IT network downtime is $5,600 per minute, or almost $300,000 on average. Although these figures may vary by the size of the organization, number of affected assets and the severity of the outage, it demonstrates the very real damages that can occur as a result of outages.

As customers increasingly consume services online, this means that an organization’s website and network are mission-critical assets, and any downtime will lead to significant losses.

Damages as a result of a DDoS attack can be direct or indirect:

  • Direct loss of revenue – if your website or application is generating revenue directly on a regular basis, then any loss of availability will cause direct, immediate losses in revenue. For example, if your website generates $1m a day, then every hour of downtime, on average, will cause over $40,000 in damages.
  • Loss in productivity – for organizations that rely on online services, such as email, scheduling, storage, CRM or databases, any loss of availability to any of these services will directly result in loss of productivity and lost workdays.
  • SLA obligations – for applications and services that are bound by service commitments, any downtime can lead to breach of SLA, resulting in refunding customers for lost services, granting service credits, and even potentially facing lawsuits.
  • Damage to brand – in a world that is becoming ever-more connected, being available is increasingly tied to a company’s brand and identity. Any loss of availability as a result of a cyber-attack, therefore, can directly impact a company’s brand and reputation. In fact, Radware’s 2018 Application Security Report showed that 43% of companies had experienced reputation loss as a result of a cyber-attack.
  • Loss of customers – one of the biggest potential damages of a successful DDoS attack is loss of customers. This can be either direct loss (i.e., of customer who choose to abandon you as a result of a cyber-attack) or indirect (i.e., of potential customers who are unable to reach you and lost business opportunities). Either way, this is a key source of damage.

[You may also like: Why ‘Free’ DDoS Protection Can be the Most Expensive]

Would You Take the Airbags Out of Your Car?

Like many hazards in life, protection against DDoS involves balancing risk vs. probability. Most of us have never been involved in a serious car accident, or have our house burn down. Yet we still install airbags in our cars and purchase insurance for our homes.

This is because while such events occur infrequently, the damages from them are so catastrophic and far-reaching that we are willing to bear the ‘peacetime’ costs of purchasing them, so that we have them available in times of need.

The same logic applies to DDoS protection. While some organizations face constant attack, others are targeted infrequently. This does not mean, however, that the threat does not exist. And when such an attack occurs, the risks and costs of being unprotected – or having inadequate protections in place – far outweigh the costs of maintaining DDoS protection even at times we might think we don’t need it.

[You may also like: How Can You Protect What You Can’t See?]

Going back to the example we started with, even though most adults have never been involved in a serious car accident, studies have shown that car safety is the #1 consideration in purchasing a new car. This is because in the unlikely event of a serious crash, the driver’s life will depend on it.

Likewise, service availability is the lifeline on which many organizations depend to serve customers and generate revenue.

What’s your #1 consideration in making a security purchasing decision?

Read Radware’s “2019-2020 Global Application & Network Security Report” to learn more.

Download Now

Eyal Arazi

Eyal is a Product Marketing Manager in Radware’s security group, responsible for the company’s line of cloud security products, including Cloud WAF, Cloud DDoS, and Cloud Workload Protection Service. Eyal has extensive background in security, having served in the Israel Defense Force (IDF) at an elite technological unit. Prior to joining Radware, Eyal worked in Product Management and Marketing roles at a number of companies in the enterprise computing and security space, both on the small scale startup side, as well as large-scale corporate end, affording him a wide view of the industry. Eyal holds a BA in Management from the Interdisciplinary Center (IDC) Herzliya and a MBA from the UCLA Anderson School of Management.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center