Internet access data for 2025 clearly and comprehensively exposes how the network is used in practice, and it's not as we imagine in planning rooms. We analyzed the most recent Cloudflare Radar and translated the risks already present in companies' daily operations. Here you'll find practical insights, without exaggeration or unnecessary theory.
Global traffic grew by 19% in 2025, with significant acceleration starting in August. But this growth didn't come alone. Something more problematic accompanied it: security systems mitigated 6% of all global traffic due to actual attacks or violations of customer policies. This represents billions of requests that should never have reached where they did.
For those planning IT in 2026, ignoring these signs means carrying structural problems into 2026. Because what has changed is not just the volume, but the nature of what travels through the network.
The invisible traffic that is already passing through your company
Stop for a moment and think: besides your employees and customers, who else is accessing your network right now?
The answer is usually surprising.
According to Cloudflare , AI bots (excluding Google) already account for 4.2% of all HTML requests on the internet . For comparison, Googlebot itself accounts for 4.5%.
In practice, this means that almost 1 in 10 web accesses are not human .
This data goes beyond mere technical curiosity. It shows how highly automated the internet has become. This traffic consumes resources, analyzes systems, and constantly collects information, including from your company's website and services.
Therefore, in this article, we will highlight the most relevant figures from the report and show what they represent, in practical terms, for the security of your business .
Internet access in 2025 and the risks to digital security
Some old IT assumptions simply don't hold true anymore. For years, IT security operated on foundations that seemed solid: teach users to identify threats, block known domains, rely on reputation lists. By 2025, those foundations have cracked.
The problem isn't that these practices are wrong. The point is that the internet has evolved faster than the principles of security. What worked when threats were evident and malicious infrastructure was stable no longer holds up in a scenario where everything is temporary, automated, and visually legitimate.
Data from 2025 reveals three structural breakdowns that require us to rethink how we protect corporate environments.
Nearly 9% of web traffic already comes from AI bots
The data: adding Googlebot (4.5%) and other AI bots (4.2%), we have almost 9% of all HTML traffic analyzed in 2025.
These robots continuously access websites to analyze content and train artificial intelligence models. This includes institutional pages, blogs, public areas, and, in some cases, information that should not be collected automatically.
For businesses, the most common impacts are:
- Increased bandwidth consumption
- Server overload
- Risk of data scraping, such as prices, catalogs, internal structures, and sensitive information being unintentionally exposed
Even when this traffic isn't clearly malicious, it creates a new type of operational risk . Knowing which bots access your network and having control over that is no longer a differentiator but a fundamental part of digital security.
The cost of this? Decision fatigue. With each dubious click, the user needs to evaluate: "Is this legitimate?". When this decision fails, the IT team spends hours investigating, changing passwords, running forensic analyses, and reinforcing policies that no longer work.
Practical consequence: relying on appearances increases risk and consumes IT team time later on .
APIs have become one of the main points of attention
Fact: 20% of automated API calls in 2025 were made by clients based on the Go language. Furthermore, API traffic already accounts for more than half of all dynamic internet traffic .
APIs function as direct access points to systems. Unlike websites, this traffic doesn't pass through browsers, where many layers of security are typically concentrated.
The Go programming language is widely used for high-performance automation, both in legitimate applications and in automated scripts that perform scans and attempt abuse.
This highlights an important point: protecting only the website is not enough. Without visibility and control over APIs, a significant part of the infrastructure remains exposed without the company realizing it.
DDoS attacks have increased tenfold in volume
Fact: In 2025, the largest DDoS attacks reached peaks of 31.4 terabits per second , with an approximately 10-fold increase in data volume .
This volume is enough to render unavailable online services that are not prepared to handle this type of load.
The impact on the business is direct:
- Systems are down
- Interruption of sales and operations
- Damage to reputation
- High recovery costs
Even smaller companies need to consider this scenario. The ability to launch these types of attacks has become more accessible, which significantly lowers the barrier to entry for actions of this magnitude.
Phishing remains the primary entry point
The fact: 52% of the malicious emails analyzed contained deceptive links.
Phishing it exploits something simple: trust and distraction. A seemingly legitimate link is enough to lead an employee to a fake page and compromise credentials or sensitive information.
Therefore, relying solely on training is not enough. It's important to have a technical layer that validates the destination of these links and blocks access before the user reaches the malicious website.
In 2025, the problem with email wasn't volume. It was contextual sophistication. Malicious messages no longer seem suspicious. They seem familiar. And that completely changes the nature of the threat and the associated cost.
The problem is no longer quantity. It's the quality of the deception.
The three most common types of threats were:
- Deceptive links (52% of malicious messages)
- Identity theft (38%)
- Brand personification (32%)
Therefore, relying solely on training is not enough. It's important to have a technical layer that validates the destination of these links and blocks access to these malicious websites.
Here, security solutions and DNS- play a key role.
High-risk domains: when history tells you everything
The data shows that domains like .christmas and .lol had 99.8% and 99.6% , respectively, of their emails classified as spam or malicious.
Some domains have a clear history of misuse. They are created and used almost exclusively for spam campaigns, phishing, and malware distribution.
In practice, this greatly simplifies prevention. If a domain or entire category has such a high rate of malicious use, there is no real gain in allowing that access within the corporate environment .
This is an example of evidence-based security. Instead of reacting after an incident, the company proactively blocks areas of the internet that have already presented a proven risk.
Category-based DNS security allows you to do exactly that: reduce the attack surface in a simple, objective, and preventative way.
What does this mean in practice?
The data shows a more automated landscape with a higher volume of threats. The response needs to be equally proactive.
Some specific actions:
- Audit the traffic to understand the origins and types of access
- Protect your clicks with DNS filtering against phishing and malware
- Block high-risk categories and domains
- Define clear policies for the use of AI services
- To learn about and test the available DDoS protection solutions
Security needs to keep pace with the speed of the internet
Data from 2025 shows that the internet has evolved rapidly. Security needs to keep pace with this evolution, focusing on prevention and visibility.
If you're looking for a simple and efficient way to add this layer of protection, it's worth understanding exactly how Lumiun DNS works in this regard.
The final question is straightforward:
Is your security strategy prepared for the current scenario, or does it only respond when a problem arises?
