Navigating 2026’s cybersecurity landscape

Insights from the 2025 Cloudflare Radar Year in Review

For technology leaders, recent headlines about the rapid adoption of AI, advances in quantum computing, and other trends are sounding cybersecurity alarms. There’s no doubt that some key changes are warranted. But digging into the data on key technology trends enables organizations to fine-tune their strategies for addressing emerging threats.

According to the Cloudflare Radar 2025 Year in Review — an annual report on global Internet traffic, cyberattacks, and technology trends as observed through Cloudflare’s global network — all organizations have some cause for concern, but you shouldn’t panic. For example, the data shows that cybercriminals are launching larger and more sophisticated attacks than ever before. And at the same time, AI and search engine companies are expanding bot crawling and scraping activities — often at the expense of content creators.

But adoption of technologies with post-quantum encryption capabilities is on the rise. And that will help ensure that today’s data remains secure now and in the future.

The challenge is to find ways to tighten security and maintain control of your IT environment while simultaneously embracing changes that accelerate innovation. Insights from the Cloudflare Radar 2025 Year in Review can help you achieve that balance.

Here are five key trends from 2025 to help guide your cybersecurity plans for 2026 and beyond.

1. DDoS attacks are growing larger.

There’s no doubt that the size of distributed denial-of-service (DDoS) attacks is rising rapidly. In 2025, there were numerous record-breaking “hyper-volumetric” DDoS attacks. Hyper-volumetric network-layer attacks operate at layers 3 and 4 and peak at more than one terabit per second (1 Tbps) or more than one billion packets per second (1 Bpps).

In 2025, attacks set records for both these metrics. For example, an attack in November reached 31.4 Tbps. And a September attack reached 14 Bpps. Most of the attacks were highly distributed and very short in duration.

Defending against these attacks requires a multifaceted strategy. First, you need DDoS protection and mitigation built on a global network that can absorb the sudden spikes in traffic without affecting user performance.

Second, you need greater visibility into and control over your network. DDoS attacks can originate from thousands of networks and compromised devices — ranging from your employees’ laptops to the video systems installed in your headquarters lobby. Identifying potential vulnerabilities requires visibility into all the traffic going to and from these systems and devices.

Third, good network hygiene is essential. All of those connected devices and systems must be continuously patched to address potential vulnerabilities. Because this is time-consuming work, you should consider implementing policies that can block inbound or outbound traffic associated with relevant systems after vulnerabilities are discovered but before patching is complete.

2. Email threats are becoming sneakier.

Email continues to be a primary vector for the theft of login credentials and unauthorized access to enterprise systems. In 2025, more than 5% of the email messages analyzed by Cloudflare Email Security were malicious, up 16% year over year.

And unfortunately, phishing and other social engineering tactics are more effective today than ever before. Attackers are using generative AI (GenAI) to create more convincing messages, complete with links to increasingly authentic-looking websites.

According to the Cloudflare Radar 2025 Year in Review, deceptive links were the top malicious email threat category in 2025, found in 52% of malicious messages (up from 43% in 2024). Identity deception (where messages appear to come from colleagues, managers, or other reputable sources) is also becoming more frequent, as is brand impersonation (when messages and sites seem to represent legitimate brands).

Employee awareness continues to be critical for spotting phishing and other social engineering tactics. Still, as attackers get better at deception, awareness alone will not solve the problem.

Enterprises need email security that fights fire with fire, capitalizing on AI / machine learning (ML) and global threat intelligence to detect attacks that even well-trained employees miss. That email security should be part of a zero trust security model that prevents attackers from freely moving through networks even if they manage to steal credentials by using phishing.

3. AI bots are multiplying.

While cybercriminals plot their next attacks, AI and search engine companies are scaling up their use of AI bots. They are dispatching armies of bots that crawl and scrape web content to train AI models, populate search results, and provide responses to user prompts within GenAI tools, such as chatbots.

GoogleBot (used for search indexing and AI training) was by far the most active verified bot across the Cloudflare network in 2025. OpenAI’s GPTBot (which crawls content for AI training) was a distant second.

Interestingly, “user action” crawling (i.e., crawling in response to user prompts in a chatbot) increased dramatically during the year, up over 15x in 2025. Though crawling for model training is still the driver for most AI crawler traffic, the growth in user action crawling shows the rapidly rising popularity of AI-powered chatbots.

Search index crawling can help organizations whose content is crawled and scraped: That crawling enables the search engine to generate relevant links in response to user searches, which in turn brings visitors to sites.

AI model training, however, is a potential threat. When AI companies scrape content from sites and then incorporate that content into the models that generate responses to user prompts (such as through the AI summaries that precede search engine results), users are less likely to visit the original sites. Fewer visitors means fewer conversions.

A large part of the problem is that AI companies crawl lots of content while referring relatively few people to the original websites. In 2025, Anthropic had the highest crawl-to-refer ratio among leading AI and search platforms. In fact, at one point, that ratio reached 500,000:1, though it typically ranged from 25,000:1 to 100,000:1 throughout the year.

Website owners need a strategy that focuses on controlling AI bots in a granular way. After all, website owners do want their sites to be indexed; they just don’t want their content to be used without providing users with links to the source material.

Using a robots.txt file, which lists a site’s preferences for bot behavior, is one approach. Cloudflare Radar data from 2025 shows that AI crawlers were the most frequently fully disallowed user agents found in robots.txt files. However, robots.txt files are often ignored by AI bots.

A more comprehensive strategy involves auditing AI bots, requiring bots to identify themselves, then establishing controls for which bots can crawl your site and what specific pages they are allowed to access. Adopting a pay per crawl model can also enable you to defray revenues lost from a reduction in traffic.

4. Post-quantum encryption adoption is up.

You’ve probably heard the warnings: In the not-too-distant future, advances in quantum computing will allow attackers to break current encryption, enabling them to access a wide array of sensitive information. This threat is driving organizations to tighten data protection, including implementing a post-quantum cryptography (PQC) strategy to protect data now and in the future.

The Cloudflare Radar 2025 Year in Review data has some good news for the post-quantum world: Post-quantum encryption secures 52% of all Transport Layer Security (TLS) 1.3 request traffic. That percentage nearly doubled over the year. (TLS 1.3 is the newest, fastest, and most secure version of the TLS protocol.) In other words, compared with the previous year, a significantly greater percentage of Internet traffic is now protected against future decryption risks.

What accounts for that change? Post-quantum encryption is becoming a default setting in many web browsers. For example, recent Apple operating system updates enable negotiation of a quantum-secure key exchange with TLS 1.3 servers that support it; so even if attackers record that traffic, it will be encrypted with algorithms that cannot be decrypted by quantum computers in the future.

But there’s still more to do for building a post-quantum game plan. For example, you need to audit the clients used on your network: It’s possible that not all of your employees and systems are using a browser or operating system that supports post-quantum encryption. You’ll also need to identify other areas where your organization uses public-key encryption and digital signatures, which will need to be updated to new standards. Then you can work on securing data in transit and at rest following the latest standards.

This process can be a large-scale transformation. And despite the gains made with browser encryption, starting this transformation shouldn’t wait.

5. Internet disruptions demand new resiliency strategies.

The increasing reliance on the Internet, cloud providers, and other third-party vendors means that enterprises need to have a robust resiliency strategy in place. In 2025, Cloudflare Radar observed 174 major Internet disruptions globally. The causes of those disruptions varied — from natural disasters and fires to cable cuts and power outages.

The largest portion of disruptions (47%) were caused by intentional government shutdowns of Internet service. In some regions, governments turn off Internet connectivity in response to civil unrest or to prevent cheating on national exams.

There might not be much you can do to prevent hurricanes or cable cuts. However, building a strong resiliency plan can help ensure that if connectivity is disrupted, your organization can continue to operate. For example, using multiple providers for some critical services can help ensure that there is no single point of failure. Taking advantage of caching services through a content delivery network (CDN) can also prevent downtime for websites and web applications if there is a problem connecting to origin servers.

Maintaining control of emerging technologies

Adoption of AI, quantum computing advances, and integration of third-party services are unlikely to slow anytime soon. For most enterprises, the best IT and cybersecurity strategies will involve balancing the opportunities derived from these trends with the need for security.

Cloudflare’s connectivity cloud enables you to combat emerging threats while accelerating innovation. You can absorb large-scale DDoS attacks, block malicious emails, impose granular controls on AI bots, adopt post-quantum cryptography, and enhance resiliency — all from a single, unified platform of cloud services. At the same time, your organization can build the next-generation, AI-powered apps that will drive competitive differentiation.

This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.

Author

David Belson — @dbelson
Head of Data Insight, Cloudflare

Key takeaways

After reading this article, you will be able to understand:

• Top 5 Internet and security trends

• Strategies to address key cybersecurity challenges

• Insights for maintaining control and improving resiliency

Related resources

• Modernizing security for the AI era

• Cloudflare Radar: 2025 Year in Review

• Regain control of AI crawlers