We always look forward to Akamai’s State of the Internet report…

This year’s research lands at exactly the right moment. The threat landscape is accelerating. Attackers are better funded, better automated, and increasingly powered by artificial intelligence in cyber security. Defenders must now design for failure, not just prevention.

Key Takeaways

2025 marked a step change in AI-driven cyber attacks. Tools once limited to nation states are now widely available through Ransomware as a Service (RaaS). This has compressed attack timelines from weeks to hours and increased the frequency of successful breaches.

The report reinforces a hard truth. API security is now the dominant risk area. APIs underpin cloud security, AI platforms, and modern applications, yet most organisations still lack a complete API inventory. Many do not know which APIs process sensitive data. That blind spot is being actively exploited.

DDoS attacks, bot attacks, and scraping activity continue to scale. Multi-terabit attacks are becoming normal, not exceptional. Attackers are also far more persistent, often timing activity around business-critical events. This highlights the importance of edge security, real-time threat intelligence, and experienced human response.

Resilience is a recurring theme, particularly for UK and European organisations. High-profile retail and manufacturing incidents show that outages caused by attacks and bad updates can be just as damaging as breaches. Regulations such as NIS2, DORA, and the Cyber Resilience Act are shifting the focus towards operational resilience, supply chain risk, and business continuity.

AI is also changing social engineering. Chatbots, LLMs, and digital assistants are becoming new targets. At the same time, the basics still fail too often. Multi-factor authentication, patch management, and phishing defence remain essential foundations.

Looking ahead to 2026, the message is direct. Assume breach. Prioritise incident response, disaster recovery, and third-party risk management. Cyber security is no longer about stopping every attack. It is about reducing impact and keeping the business running.

Why This Matters

Boards are asking harder questions. Budgets are under pressure. Akamai’s reports provide real-world evidence to support risk-based decisions and resilience-led strategies.

To Find Out More

Visit Akamai’s Security Intelligence Research pages to access their State of the Internet Reports here

Contact ITogether to see how we can help reduce cyber risk here

📞 +44 (0) 113 341 0123

📞 +64 (0)9 802 2444

📧 hello@itogether.com