Cloudflare’s 2025 Report Confirms Why Hosting Felt Harder This Year

Cloudflares 2025 Report Confirms Why Hosting Felt Harder This Year
Follow Us:
2.7k
1k

Cloudflare just released its 2025 Year in Review, and it basically confirmed what hosts already know: The internet is getting harder to run with.

Ask any hosting provider how the past year felt, they’ll tell you they’re seeing the same issues across traffic, bots, AI, and security. 2025 was the year hosting infrastructure was constantly being asked to sustain pressure from crawlers, agents, and humans at the same time without any sort of predictable behavior to accompany it.

The good news is I’ve already parsed through the most relevant Cloudflare stats for hosting providers so they know what they should keep an eye on into the new year.

1. The Internet Is a Certified Mix of Humans and Machines

Global internet traffic grew by 19% this year, but it wasn’t necessarily because more people were joining the great World Wide Web.

It was mainly caused by bots and automated systems that were tirelessly deployed to crawl and index — all in the name of serving user inquiries and training LLMs. It’s yet another reminder that hosts need to make sure their architecture is clean enough for LLMs to chunk.

Chart showing global internet traffic growth in 2025, peaking at 19% by year’s end
The May spike lines up with increased AI crawler activity and continued Starlink expansion, both of which helped raise baseline traffic for the rest of the year.

But it also means that sites have looked busier…just without the guaranteed follow-through of gaining customers, conversions, or revenue. And it still means this traffic is consuming loads more CPU, memory, and bandwidth.

Cloudflare also tracked a major increase in what it calls AI “user action,” which are requests that look like typical human behavior (scrolling, clicking, browsing), but are actually a bot. That kind of activity is up more than 15-fold, with Googlebot alone generating more HTML requests than many other crawlers combined.

Some site owners are trying to slow that down with robots.txt, which is nowadays the site owners’ best-effort request to decide which parts of their sites crawlers can access. But since it’s just a suggestion — not a requirement they have to abide by — bots can choose to either follow or ignore the protocol entirely. Either way, CPU, memory, and bandwidth patterns are going to change.

Chart of verified bot traffic in 2025, showing Googlebot as the dominant source of automated requests
Cloudflare data showing verified bot traffic trends in 2025, led by Googlebot, with smaller but steady contributions from GPTBot, BingBot, and other crawlers.

Classic human growth patterns are also changing because of this automated activity. Typical human behavior has shown patterns where there’s usually more traffic on weekdays and less on weekends with spikes in the morning and evening.

But AI agents don’t sleep or take vacations, so the predictable traffic curves we’re used to seeing are flattening out. This means that network usage, CPU, and memory are going to be tested to their limits — infrastructure is going to have to be ready all the time and not just rely on down hours to save on costs. Shared hosting, in particular, is going to have to deal with this head-on.

None of this is to say that it’s all bots. Starlink’s satellite internet traffic also doubled in places where it launched in rural regions like Armenia, Niger, Sri Lanka, and Sint Maarten. Thousands of people are now joining the masses in streaming, browsing, messaging, and perhaps soon, even working remotely.

2. The Internet Is Still a Fragile Web of a Network

This year, Cloudflare says it logged hundreds of internet outages. That may come as no surprise, but what is interesting is that nearly half of the 174 major outages tracked weren’t caused by technical issues at all — but were ordered by governments.

Iraq, Syria, and Sudan repeatedly cut internet access during academic exam periods to prevent cheating. Others, like Libya and Tanzania, enacted shutdowns in response to civil unrest. In Afghanistan, the Taliban ordered fiber connectivity shut down across multiple provinces.

Global map of 174 major internet outages in 2025, with regional counts and a timeline of disruptions
Note the spike around July: July is prime season for construction, maintenance, and upgrades because the weather is predictable and otherwise pretty mild.

Of course, there were actual physical infrastructure issues, too. Both submarine and land cable issues were aplenty, disrupting connectivity across the U.S., South Africa, Haiti, Pakistan, and Hong Kong. Acts of nature, like wildfires and hurricanes, also occured in Egypt and Jamaica this year, knocking thousands offline for days to weeks.

These instances may not affect everyone, but they should remind us that the internet isn’t an even playing field. It’s more like a patched-together puzzle that fails and succeeds. No matter the reason, though, the end user will always blame their provider. Global hosts need to triple-check their multiregion strategies and offer clear communication if and when things go down.

Bar chart showing the fastest average download speeds worldwide in 2025. Spain ranks first at 318 Mbps, followed by Hungary (305 Mbps), Portugal (297 Mbps), Chile (271 Mbps), South Korea (260 Mbps), Brazil (248 Mbps), Denmark (247 Mbps), Israel (244 Mbps), Romania (237 Mbps), and France (237 Mbps)
Any Spanish hosts reading? Spain had the fastest download speeds in 2025 at 318 Mbps.

Cloudflare also found that many of these incidents aren’t full-on outages at all. They’re mostly brief disruptions — or what it calls “gray failures.” Sites technically work, but a payment may not go through or a page won’t load. Whatever it is, end users get confused (and will complain).

OK, time for some good news: Which hosts can claim bragging rights over speed? Data points to Spain, Hungary, Portugal, Chile, South Korea, Brazil, Denmark, Israel, Romania, and France as recording the fastest average download speeds this year.

3. Attacks Are More Sophisticated and Faster

This year saw record-setting DDoS attacks, and they were mainly concentrated at the network layer. Layer 3/4 is the easiest place to cause the most damage with the least amount of effort. And boy, do attackers know it.

Cloudflare blocked hundreds of massive DDoS attacks this year, with spikes happening from summer onward:

  • In August, a 10 Tbps attack came and went
  • September followed with a 10 Tbps and then 20 Tbps attack
  • More attacks peaked at 29.7 Tbps in October and reached 31.4 Tbps in November

It’s no surprise, then, that Cloudflare flagged about 6% of all traffic as potentially malicious.

Email, surprisingly, still fits into the same picture, even if it rarely gets treated that way. Email is quite often bundled with hosting, so even when it’s not the main product, customers expect it to work. It’s also the perfect gateway into an entire network.

Chart of hyper-volumetric DDoS attack size growth in 2025, peaking at 31 Tbps
Hyper-volumetric attacks ramped up through the year, peaking in July with more than 500 incidents, compared to 150+ in February.

Cloudflare found that more than 5% of emails were malicious in 2025, with many coming from newly created or misleading TLDs like .christmas or .lol. Deceptive links, identity spoofing, and brand impersonation were the most common types of attacks, including messages that look legitimate at a glance, until a closer look reveals something like “@rnicrosoft.com”:

Look closely! Instead of “@microsoft.com.”

Here’s to 2026

Admittedly, nothing in Cloudflare’s 2025 report is especially surprising on its own. But it does confirm what the industry has been suggesting all year: that hosting has been asked to carry more weight, all the time.

If you want to go deeper, Cloudflare’s Year in Review microsite lets you explore the data by country or region so it’s easier to see which trends actually matter for certain markets heading into 2026.