Insuring Your Company Against Cyber-Attacks


Earlier this month, the Department of Justice announced the indictment of 13 individuals associated with the hacker organization Anonymous for a widespread scheme to disrupt and shut down commercial and government websites. Using cybercrime techniques known as Distributed Denials of Service (DDoS) attacks, the hackers "executed a coordinated series of cyber-attacks against victim websites by flooding those websites with a huge volume of irrelevant Internet traffic with the intent to make the resources on the websites unavailable to customers and users of those websites." Targets of these disruptive attacks included the U.S. Copyright Office, the British Intellectual Property Office, financial institutions, credit card operators, the Motion Picture Association of America and music companies.

A DDoS attack occurs when a hacker intentionally floods a computer server or servers with artificial volumes of Internet traffic, slowing and overloading the servers' functionality and ultimately crashing websites and networks hosted on those servers, rendering them unavailable to legitimate users. In addition to making networks and websites inaccessible, hackers can also use DDoS attacks as smokescreens for other criminal activities including data and intellectual property theft. While perpetrators can attack individually, they can also collaborate with other hackers, or use Trojans or Worms, to hack the computers and servers of innocent third parties. When hacked, the third-party computers become zombies, also known as bots, which act at the order of the perpetrating hackers. The coordination of multiple bots, forming a network of infiltrated computers or servers, known as a botnet, dramatically increases a hacker's capacity to overwhelm his or her targets. Although tempting, it is illegal under U.S. law to retaliate against such an attack by striking back. As the sophistication and frequency of these attacks increase, all companies, regardless of industry or size, are urged to prepare and evaluate their risks and response plans for such attacks.

Companies should review their existing coverage to determine the extent to which it covers these emerging threats and consider a variety of factors about their businesses to determine whether purchasing cyber insurance should be part of their risk management strategy. Insurance companies are increasingly offering insurance to cover disruption of business operations. Given the risks of conducting business in today's technological world, companies should consult with counsel to review their insurance policies to assess the extent to which they are covered for cybercrime-related financial losses in the event of a DDoS or other computer attack. As with all cyber-attacks and related data breaches, companies should continually evaluate and enhance their systems to mitigate such risks before a major disruption of service or theft of intellectual property occurs.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BakerHostetler | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.