A Cyber Insurance Case Study: Denial of Service Attack in the Retail Sector
Updated: Jun 4, 2020
Cyber risk remains a very hot topic for all businesses, including the retail sector.It is a widespread industry issue for the retail industry as they are prime targets for hackers due to the amount of data they hold on their customers and volume of credit card transactions processed.
Hackers are continually finding new ways into the IT infrastructure of retailers to steal data and threaten their financial and operational stability. Distributed Denial of Service (DDoS) attacks are becoming more powerful as the use of easily hacked internet of things devices increases.
Here is a cautionary tale from an online retail company that was the target of a DDoS attack.
Background: The data centre which hosted the online retailer company’s website became the target of a distributed denial of service attack. The attack,which utilized hacked internet of things devices, flooded the data centre’s network with so much traffic that their network failed. This made the online retail company’s website inaccessible for a period of six hours before backup systems were able to restore 100% functionality.
The online retail company had a cyber insurance policy and was able to recover the following costs:
Recovery Costs: Increased cost of working required to get website functioning properly $18,000 Costs to subcontract with external service provider $23,000
Business Interruption: Lost sales and revenue from website downtime $142,500
Incident Response Expenses: IT forensics firm $22,000 Legal consultation fees $15,000 Incident Response Manager fees $6,000
Total Cost: $216,000 DDoS attacks are frequently used as a smokescreen for other attacks, like stealing data or implanting virus or malware. These attacks are stressful and expensive to navigate through.