It’s accurate. That’s a marketing page for a DDoS prevention service so it’s not an unbiased source, and it’s especially important to remember the distinction between traffic hitting something like an edge node and actually reaching the target and causing harm. I see attacks fairly regularly (politics) but in most cases it means I see 15M block events for “GET /“ in Cloudflare’s dashboard but no actual impact on the service because they’re dropped quickly at locations around the world or, if they faked real browsers, they got a bunch of cache hits.
In other cases, people try more sophisticated attacks (e.g. posting random terms to a search page to avoid caching) and that’s more of a problem but it’s probably like 1% of the total traffic because it’s moved out of script kiddie territory into something where you need to have more skills and people don’t generally do that without a way to make money from it. One challenge with a DDoS in that regard is that it’s not subtle so your ability to wage an attack goes away relatively quickly without constant work replacing systems which are taken offline by a remote ISP.
If we weren't pretty good at stopping DDoS attacks, every major hosting provider would be offline daily. Yet, websites being inaccessible for me is fairly uncommon.
Not really. We are actually pretty good these days at stopping DDOS attacks.