The financial services industry has become the most targeted by network-layer distributed denial-of-service (DDoS) attacks, new Akamai research has found.

The median duration of those Layers 3 and 4 attacks worldwide has climbed 738 per cent since 2024.

Akamai's latest State of the Internet (SOTI) Security report identifies pro-Iran hacktivists and AI-driven botnets as the principal drivers of the surge.

The findings show attackers are using DDoS to disrupt online banking, payment systems and critical applications.

API security is also under sustained pressure. In Akamai's 2026 API Security Impact Study, 96 per cent of financial services leaders reported an API security incident in the past year. That figure is the highest across all industries surveyed.

In 2025, banking absorbed 60 per cent of total web attacks tracked by Akamai and 83 per cent of incursions against API endpoints.

The report also flags a preparedness gap on ransomware. Nearly 80 per cent of financial institutions experienced ransomware attacks in the past two years. Less than half have adopted advanced security technologies.

Automated threats are intensifying. Advanced bot activity surged 147 per cent in late 2025. In one case study cited in the report, 96 per cent of all site traffic was identified as malicious scraping bots.

Attack patterns vary significantly by region. EMEA is the primary target for Layers 3 and 4 DDoS, drawing 62 per cent of attacks. APAC absorbs 52 per cent of Layer 7 DDoS attacks. In North America, web attacks dominate at 44 per cent of activity.

“Cybercriminals and hacktivists continue to escalate DDoS from nuisance attacks to a sustained siege encompassing both hacktivism and cybercrime, and financial services are in the crosshairs,” said Steve Winterfeld, Advisory CISO at Akamai.

“In addition, the data shows that APIs are increasingly targeted as AI doesn't reduce traditional security risks, it puts them on steroids.”