Resilience will be key in the new era of the internet, Cloudflare states
Resilience will also be key as increasing DDoS attacks continue to wreak havoc on organizations globally.
With AI having a greater influence on the internet, organizations around the world are also moving towards a new era when going online. Not only has the usage of the internet evolve, but threats have also become a lot more complicated and capable of wreaking more havoc to organizations.
Statistics from Cloudflare Radar revealed that 31% of all Internet traffic is Bot-originated in this new era while 60% of all Internet traffic is API-based. There has also been a whopping 251% Yearly growth in traffic to GenAI service on the internet in 2025.
“Automation is happening already. And AI is actually driving our life increasingly closely on a daily basis, I would say the threat landscape is evolving even faster. On that basis, everybody should really think about how they can defend going forward. And the key message is really not just about defending yourself. It's how quickly you can recover and how resilient you really are,” said Nan Hao Maguire, Field CTO APAC (pictured above).
Maguire pointed out that Cloudflare has noticed the automation trend with usage of bots with AI. She added that bots as well as attackers are not just breaking in anymore. Instead, they log is just because they can, which is much easier and faster than attacking sophisticatedly.
“These are the things I suppose we really need to pay attention to. Bots account for roughly 30% of the overall internet traffic. In Singapore, its slightly less. Whereas 93% of the traffic potentially is malicious. But the data shows us there are some bots that are good as well,” she added.
Rise in DDoS attacks
According to Cloudflare’s Year in Review as well as the Q3 and Q4 DDoS Threat Report, Indonesia has been the largest source of DDoS attacks for over a year. As the top global source for DDoS attacks, Indonesia recording a record breaking 29.7 Tbps “carpet-bombing” attack while HTTP DDoS requests from the country also surged by over 31,000 since 202i.
More than half of the top 10 source countries of DDoS attacks are in Asia, with Russia, Ukraine and Ecuador being the only countries outside the region. Thailand was in 2nd place, followed by Bangladesh. India, Vietnam, Hong Kong and Singapore complete the top 10. Singapore was also ranked as the 7th largest source location for an Application Layer Attack globally in 2025.
“In Q3 alone, we block an average of 234 billion cyber threats every single day on our network. This is global and there is a very significant amount of this application layer. More than half of that is actually DDoS attacks. Just from a single scale perspective, in May 2025, that was the first time we've seen what we consider a hyper-volumetric attack, and it's roughly about 7.9 terabytes per second in May,” said Maguire.
Maguire explained that the findings reveal an interesting statistic about Indonesia. An emerging economy globally, the stats are based on the IP addresses that were recorded as the origin of the DDoS attacks.
Maguire also shared that DDoS attack traffic against leading AI companies surged by as much as 347% MoM in September, as public concern and regulatory review of AI increases. China was the most attack country in Q3 and Q4 2025, which Maguire pointed out could be due to trade tensions over rare earth minerals and EV tariffs.
This clearly indicates a trend for the global threat landscape with hyper-volumetric DDoS attacks, ultra-sophisticated DDoS attacks, and geopolitical-driven DDoS attacks dominating.
Given this scenario, Maguire believes the confluence of securing the rapid development of AI whilst responding to the increased pace and sophistication of threats is mandating a new approach to enterprise security.
Maguire explained that organizations should not just look at solving cyberattacks with AI but also learn from the latest wave of cyber-attacks and rethink their responses.
“Very often we talk about resilience strategy, but nobody actually knows fundamentally what the key things are to protect. You cannot lose. From our perspective, building resilience into your fundamental strategy is really a necessity. You have to look at your architecture level to think about actually, how can I actually architect this? This is an orchestrated process going forward in terms of how I respond,” said Maguire.
For Maguire, cyber resilience is no longer a cost to consider. Instead, companies can turn it around to see resilience as an investment because it is really a vital protection point and an economic imperative that they can use at board level.
“Because if your business is resilient enough, be it from cyber attacks, outages, disruptions and such, this is ultimately protection for your capital, for your earning, and for you to continue to have your customer trust,” she said.
Resilience is key
Echoing her sentiments is Benjamin Ang, Senior Fellow, Head of Centre of Excellence for National Security, RSIS. Ang shared that more organizations are taking cybersecurity at the board level. This includes having to take AI at the board level as well, because there are so many implications for them.
“The reason why I would say it's important for the board to be involved is that the board makes the decisions that the IT, that CIO or CSO cannot do on their own, because the board actually directs where the money and funding goes. And also, the board can then look at things like communications in case of when a breach happens, and you need to be able to communicate the real story of what's happening so that people don't have to panic,” explained Ang.
“You need to be able to communicate when something is going on. What steps are being taken, what the real scale of the attack is, before some info campaign comes in to disrupt the thing. We've seen cases where with preparation, you're actually able to mitigate the impact,” added Ang.
While resilience towards cyberattacks is imperative, businesses also need to be resilient towards other disruptions. This includes power outages and downtime which could derail business operations.
Given that Cloudflare faced a major disruption in late 2025, which affected many of their customers globally, Ben Munroe VP of APAC Marketing shared that while they have learned from the incident and addressed the concerns by customers, most of the customers in the region were actually well prepared to deal with the situation.
“We obviously work very closely with our customers, whatever is going on in the world. And I can say that more of them are adapting to the current reality. It's more and more difficult as customers are often spread globally that they have to be operating in many different jurisdictions with many different IT infrastructures. It's our mission to help continue to improve it,” said Munroe.
Maguire also commented stating that whether it’s a network infrastructure failure or any other outage caused by updates or such, the fact that remains is that organizations need to have the right resilience strategy in place.