Any IT delegate worth their salt will have failover solutions, even if it's just their home or work PC. I have two failovers on different hosting companies so in total there are three hosts from three vendors. It's not that I'm spending a lot of money on VPS services either. Since block signing is a lightweight process it's easy to have failovers running on other servers you're already using for other things.
Detecting a DDOS attack before you start missing blocks is useful as well. A simple ping monitor of the delegate and a trigger a notification if ping times start to sky rocket. If all goes well you can get in in time to lock the wallet before unlocking your failover. Otherwise, in the case of most VPS hosts, you can shutdown the host under attack via their dashboard web console.
So while DDoS is a real possibility it would be like stepping on a jellyfish. This is different from DDoS'ing a mining pool because all the clients are usually configured to connect to a few known IP's. Take them out and the pool is hosed. With DPoS who the heck knows where the delegate will pop up next
.