Global internet traffic surges 17% as post-quantum cryptography adoption grows

Overall internet traffic continues to grow year after year, with no slowdown in sight.

Cloudflare released its annual Cloudflare Radar Year in Review report this week, providing insights into the state of the internet in 2024. The report draws from data across more than 330 cities in 120 countries and provides unique insights from Cloudflare’s network, which processes an average of 63 million HTTPS requests and 42 million DNS requests per second.

Key findings from the report include:

  • Global Internet traffic grew 17.2%, with significant regional variations
  • Gaming industry surpassed finance as most targeted sector for cyber attacks
  • Post-quantum encryption reached 13% of TLS 1.3 traffic
  • Mobile devices generated 41.3% of global traffic
  • 4.3% of analyzed emails were identified as malicious
  • Starlink traffic grew 3.3x globally

The biggest surprise in the report for Cloudflare wasn’t necessarily any particular growth figure, but rather the continued expansion of Google’s dominance. The report found that once again Google is the most popular internet service overall.

“While Google’s overall dominance in both the search engine market share and browser market share metrics was generally expected, what was more surprising was the extent to which their lead varied across countries and platforms,” David Belson, head of data and insight at Cloudflare, told Network World.

For example, Belson noted that Google’s share as a search engine is higher on mobile devices, across both iOS and Android, than the global average. Similarly, Chrome holds a commanding lead in the browser market everywhere but on iOS devices. On Android devices, Chrome still leads, while the Samsung Internet browser is a stronger but still distant second place, owing to Samsung’s strong presence in the Android market.

Log4j, the vulnerability that just won’t go away

Another surprising aspect in the report highlighted by Belson is how attackers are still so persistently attempting to exploit the Log4j vulnerability. 

Flaws in the widely used open-source Java-logging Apache Log4j software were originally disclosed in 2021. Cloudflare’s report found that Log4j remains a persistent threat three years after its discovery.

“As a three-year-old vulnerability, it may be assumed that organizations have had ample time to patch their systems,” Belson said. “However, it is likely that attackers continue to see some level of success in their attempted exploits, otherwise they would turn their efforts and resources elsewhere.”

There are a variety of reasons as to why some vulnerabilities like Log4j have remained unpatched for years. Belson said that the path to mitigating vulnerabilities is not always simple. 

“The software supply chain has become an intricate labyrinth of tools, creating incredibly complex technology environments,” he said. “Many organizations don’t have a complete view of all the software in their systems, making it impossible to even understand if they are potentially vulnerable to something that needs to be patched.”

Belson also commented that patching isn’t always easy as it often requires time, money and efficient tools. For larger enterprises, patching can cause downtime, meaning that operations may need to halt or slow in order to issue a fix.

“In today’s era of rapid innovation, speed to market is usually a priority over security,” Belson said.

The rise of post-quantum encryption

The report also reveals that post-quantum (PQ) encrypted traffic reached 13% of TLS 1.3 traffic during 2024. With the continued development of increasingly powerful quantum computers, the need for post-quantum encryption is growing.

“We expect that adoption will continue to grow rapidly through 2025 as more browser platforms implement PQ encryption as a default across their supported platforms – with operating systems supporting it natively,” Belson said.

Cloudflare enabled post-quantum key agreement on its network by default in October 2022, “but use of it requires that the browser support it as well,” Cloudflare stated in its Radar report. “Google’s Chrome 124 enabled it by default this year, starting on April 17, and adoption grew rapidly following that release, including Chrome derivatives. Other browsers are on path as well: Mozilla Firefox has started rolling out post-quantum by default, and we observed Apple Safari starting initial testing.”

Belson said that Cloudflare would like to see this default support made available more rapidly, and the industry also needs to have more server platforms – i.e., CDN providers, cloud providers, SaaS vendors – to make post-quantum encryption available to customers by default. 

“A lot of the effort to make this happen is non-trivial engineering work, but the time to start that work was yesterday,” he said.

Will internet traffic keep growing?

Cloudflare reported that global internet traffic grew by 17.2% in 2024. It doesn’t seem like that growth will stop anytime soon.

While 2024’s growth rate was slightly less than the rates of growth seen in 2023 (25%) and 2022 (23%), internet usage continues to climb at substantial rates. Belson noted that there’s a constant flow of new content to consume that is exacerbating the adoption of mobile apps – e.g., users joining rideshare apps, food delivery apps, new social media sites, etc. – and a continued push towards moving formerly paper-based processes online.

“While it feels like we may have hit an exhaustion point as we are terminally online, internet traffic growth rates continue to show that we have not,” Belson said.

Source:: Network World