Insuring Your Company Against Cyber-Attacks


Earlier this month, the Department of Justice announced the indictment of 13 individuals associated with the hacker organization Anonymous for a widespread scheme to disrupt and shut down commercial and government websites. Using cybercrime techniques known as Distributed Denials of Service (DDoS) attacks, the hackers "executed a coordinated series of cyber-attacks against victim websites by flooding those websites with a huge volume of irrelevant Internet traffic with the intent to make the resources on the websites unavailable to customers and users of those websites." Targets of these disruptive attacks included the U.S. Copyright Office, the British Intellectual Property Office, financial institutions, credit card operators, the Motion Picture Association of America and music companies.

A DDoS attack occurs when a hacker intentionally floods a computer server or servers with artificial volumes of Internet traffic, slowing and overloading the servers' functionality and ultimately crashing websites and networks hosted on those servers, rendering them unavailable to legitimate users. In addition to making networks and websites inaccessible, hackers can also use DDoS attacks as smokescreens for other criminal activities including data and intellectual property theft. While perpetrators can attack individually, they can also collaborate with other hackers, or use Trojans or Worms, to hack the computers and servers of innocent third parties. When hacked, the third-party computers become zombies, also known as bots, which act at the order of the perpetrating hackers. The coordination of multiple bots, forming a network of infiltrated computers or servers, known as a botnet, dramatically increases a hacker's capacity to overwhelm his or her targets. Although tempting, it is illegal under U.S. law to retaliate against such an attack by striking back. As the sophistication and frequency of these attacks increase, all companies, regardless of industry or size, are urged to prepare and evaluate their risks and response plans for such attacks.

Companies should review their existing coverage to determine the extent to which it covers these emerging threats and consider a variety of factors about their businesses to determine whether purchasing cyber insurance should be part of their risk management strategy. Insurance companies are increasingly offering insurance to cover disruption of business operations. Given the risks of conducting business in today's technological world, companies should consult with counsel to review their insurance policies to assess the extent to which they are covered for cybercrime-related financial losses in the event of a DDoS or other computer attack. As with all cyber-attacks and related data breaches, companies should continually evaluate and enhance their systems to mitigate such risks before a major disruption of service or theft of intellectual property occurs.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BakerHostetler | Attorney Advertising

Written by:


BakerHostetler on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.