Don’t Deny the Threat of Denial of Service Attacks

Video-Images-INS101-CyberLiabilityDawn walked into her office on Black Friday. Thanksgiving had been a lot of fun. It was good to catch-up with the family, some of whom had flown in from different parts of the country. Dawn, the CFO of a mid-size retailer, had done a lot of work to get the company ready for the holiday sales season. She was aware that the majority of the firm’s annual sales were generated this time of year.

Soon after she sat down, there was a call from Tom, the chief information officer. “Dawn, we have a big problem! We’ve just discovered that our website hasn’t been functioning since Tuesday! None of our customers can log into our site to conduct business! It looks like we are having a denial of service attack on our website!”

Dawn realized immediately this was a big problem. She had been heavily involved in promoting and financing the launch of the company’s new online retail system, hiring IT consultants to develop the online sales site and realigning staff and resources to implement the new online inventory management system. Worse, the majority of the firm’s sales going forward were supposed to be generated through the new online sales platform! And she had promised Sheila, the CEO, that this new online sales system would be a home run.  If this wasn’t resolved soon, the company’s annual sales could take a big hit.

“Tom, lets set up an emergency meeting with Sheila and get to the bottom of this. This has to be resolved quickly!”

A Denial of Service attack (DoS) is an attack on a firm’s online computer system by hackers that renders the system unusable and unavailable. A particularly destructive type of DoS attack is a Distributed Denial Of Service (DDoS) attack. A DDoS attack is an attack on an online system that overwhelms the targeted system with data and traffic from several sources, either slowing or stopping the system entirely.

The costs and consequences of a Denial of Service (DoS) attack, especially a Distributed Denial of Service (DDoS) attack, can be substantial:

  • A 2012 study shows that 65 percent of sites that suffered DDoS outages incurred costs of $10,000 an hour.[1]
  • A recent survey shows that over 60 percent of companies say that when DDoS outages occur, customer service is more affected than any other department. [2]
  • A study shows that 55 percent of targets suffered theft of funds, customer data, or intellectual property from denial of service attacks.[2]
  • If a company experiences a DDoS attack, there is an 87 percent chance you’ll get hit again.[2]
  • In a 2014 survey of 450 companies in North America , 60 percent of these firms reported experiencing a DDoS attack in 2013, up from just 35 percent in 2012.[3]
  • DDoS attacks can do lasting damage to customer service, online revenues and brand reputation.[4]

Denial of service attacks can inflict serious harm on a firm’s revenue and reputation, and can lead to the theft of funds and customer data. It is also possible a hacker could commandeer your computer systems to launch denial of service attacks on a third-party, exposing you to third-party lawsuits. In effect, you can be accused of abetting a denial of service attack on another company! Put simply, you have a first and third-party exposure in connection with a denial of service attack.

Many cyber risk offerings include coverage for denial of service attacks. In tandem with this, you should also consider buying a cyber insurance solution that includes public relation services (read more on this here). This can help address the damage a denial of service attack can cause to your firm’s reputation with your customers.

When shopping for cyber insurance coverage, talk to your independent insurance agent about a cyber product to address denial of service attacks.  Don’t let yourself end up like Dawn!

[1] DDoS Survey: Q1 2012 When Businesses Go Dark Page 4.
[2] Neustar Insights. May 13, 2014.
[3] Security Week. April 22, 2014.
[4] Page 2.

Leave a Reply

%d bloggers like this: