Cyber Insurance and DDoS Attack Protection

This past spring American International Group (AIG), surveyed cyber security and risk experts to gain a deeper understanding of their views of the likelihood and impact of a systemic cyber-attack (an attack on more than one target, focused on a particular industry or sector of the economy). Not surprisingly, distributed denial of service (DDoS) attacks ranked highest among their concerns.

Systemic Cyber-attack Threat

The consensus is not comforting. According to an article in Insurance Journal, …respondents selected a mass distributed DDoS attack on a major cloud provider as the most likely cross-sector mega event. In terms of a systemic cyber-attack on one particular industry, the most likely scenario would be an attack on the Financial Services industry with 15 companies breached mass business interruption and a mass DDoS attack coordinated against financial institutions. The fact that so many cyber security experts predict this kind of scenario indicates that DDoS attacks are a serious problem.

Cyber Insurance vs. DDoS Protection

With the prevalence of massive cyber-attacks in recent years, it is no wonder that cyber insurance is a growing industry. There are multiple types of cyber insurance, both in terms of cost and coverage. For companies that are weighing the pros and cons of cyber insurance protection versus DDoS protection, “both” may be better solution than “either/or.”

One thing is for sure, companies should not substitute cyber insurance for DDoS protection. For one thing, it may be more affordable to get DDoS protection. Furthermore, the cyber insurance package may not be able to cover all the costs of a DDoS attack. There are the direct costs that can be measured in dollars, including downtime and lost revenue for hosting providers; the cost of remediation to get systems back online; and the cost to repair or replace damaged systems. There are intangible costs as well, such as loss of business trust and reputation, and lost opportunity costs from business that went elsewhere and won’t come back.

To learn how you can protect your organization from DDoS attacks, contact us.