Definition:Denial-of-service attack

🛡️ Denial-of-service attack refers to a deliberate cyber assault designed to overwhelm a target's network, server, or application with illegitimate traffic, rendering it unavailable to legitimate users. Within the cyber insurance market, denial-of-service (DoS) attacks — and their more common distributed variant, DDoS attacks — represent one of the most frequently reported peril types, affecting insurers both as underwriters covering policyholders' losses and as potential targets themselves. Because the attack disrupts availability rather than stealing data, its financial impact manifests primarily through business interruption losses, reputational harm, and the cost of mitigation and incident response, making it a distinct category of cyber risk that demands tailored underwriting analysis.

⚙️ In a distributed denial-of-service scenario, an attacker marshals thousands or millions of compromised devices — a botnet — to flood the target with requests simultaneously. The target's infrastructure becomes saturated, causing legitimate transactions and communications to fail. For an insurer evaluating a cyber policy submission, the applicant's resilience to DDoS events is assessed through questions about content delivery networks, traffic scrubbing services, bandwidth capacity, and incident response readiness. When a covered DDoS attack occurs, the claims process typically involves quantifying the period of downtime, calculating lost revenue under the policy's business interruption provisions, and tallying the costs of forensic investigation and remediation. Many cyber policies impose a waiting period — often ranging from 6 to 12 hours — before business interruption coverage attaches, functioning much like a temporal deductible to filter out brief disruptions.

💡 The growing frequency and sophistication of DDoS campaigns have reshaped how insurers and reinsurers model cyber aggregation risk. A single botnet campaign targeting a major cloud service provider could simultaneously trigger business interruption claims across hundreds of policyholders — a systemic exposure that traditional per-risk underwriting struggles to capture. Catastrophe modeling firms and specialist insurtechs have developed scenario-based models to estimate the potential for such correlated losses, drawing parallels with natural catastrophe aggregation. Regulators in jurisdictions including the European Union (under DORA) and the United States (through state-level cybersecurity requirements) increasingly expect both insurers and their policyholders to demonstrate operational resilience against denial-of-service threats, making the peril a central consideration in risk management frameworks across the industry.

Related concepts: