Definition:Distributed denial-of-service (DDoS)

🌐 Distributed denial-of-service (DDoS) is a type of cyberattack in which a target's online services are overwhelmed by a flood of traffic from multiple compromised systems, rendering the target's websites, applications, or network infrastructure unavailable to legitimate users. Within the insurance industry, DDoS attacks are significant both as an insured peril under cyber insurance policies and as an operational threat to insurers, brokers, and insurtech platforms that depend on digital infrastructure to conduct business. The attack vector is distributed — meaning the malicious traffic originates from a network of hijacked devices (a "botnet") rather than a single source — making it difficult to block without sophisticated mitigation tools.

⚙️ A DDoS attack works by directing enormous volumes of requests or data packets at a target, exhausting its bandwidth, server capacity, or application resources. Attackers may use botnets composed of thousands or even millions of compromised devices, including IoT endpoints, to generate traffic volumes that can exceed hundreds of gigabits per second. For businesses targeted by such attacks, the consequences include website outages, transaction processing failures, reputational harm, and in severe cases, revenue losses running into millions of dollars per hour. Cyber insurance policies typically cover DDoS-related losses under business interruption and extra expense provisions, though coverage specifics vary by policy form. Underwriters evaluating DDoS exposure assess the applicant's mitigation posture — including the use of content delivery networks, traffic scrubbing services, and redundant infrastructure — as part of the risk assessment process. Increasingly, cyber risk models incorporate DDoS frequency and severity data to support portfolio-level pricing and accumulation analysis.

🏢 For insurance organizations themselves, the threat of DDoS attacks has moved from a theoretical concern to an operational reality. Carriers that offer real-time quoting, digital claims submission, or policyholder self-service portals are vulnerable to service disruptions that can impair customer experience and regulatory compliance. Lloyd's and major insurance exchanges that facilitate electronic placement are particularly sensitive to availability threats. Beyond individual company risk, the systemic dimension of DDoS is noteworthy: a large-scale attack on a shared technology provider or cloud platform used by multiple insurers could trigger correlated losses across the market — a form of cyber catastrophe that the industry is still learning to model and manage. As DDoS attacks grow in sophistication and scale, they remain one of the most visible and frequently occurring cyber perils, making them a staple of both cyber insurance claims experience and broader discussions about digital resilience across the insurance value chain.

Related concepts: