Business interruption occurs when a company has a loss of income as the direct result of a system failure or impairment due to a failure of network security. Covered losses include net profit before taxes and extra expense arising out of the interruption of network service due to an attack on a company’s network, including the acts of criminal hackers, malicious insiders and distributed denial-of-service (DDoS) attacks. DDos attacks are designed to disable a company’s network and online services by overwhelming the network with traffic from multiple sources. This prevents the company from conducting business and can cause serious damage to their reputation as well as financial losses. Hackers use DDoS attacks to expose flaws that can later be exploited. DDoS attacks are also used as a decoy. With everyone in the organization focused on the DDoS attack, secondary routes into the system could be undermanned or other systems easily bypassed without being noticed.

Claim example

Luxury Auto launched a new website to cater to its affluent clientele. The website allowed users to schedule test drives, schedule and monitor the progress of service and repair work, and process payments. One month after the website launched, the website was compromised by a DDoS attack by a hacker. It took nearly a week for Luxury Auto’s IT staff to bring the website back online. They had been the victim of a hacker initiated DDoS attack. Meanwhile, angry customers had taken to Luxury Auto’s Facebook page to complain about their online services being unavailable.