Definition:Distributed denial of service (DDoS)

🌐 Distributed denial of service (DDoS) is a type of cyberattack in which a network of compromised devices floods a target's servers or infrastructure with malicious traffic, rendering systems unavailable to legitimate users. Within the insurance industry, DDoS attacks represent both an underwriting exposure covered under cyber insurance policies and an operational threat to carriers, MGAs, and insurtech platforms that depend on always-on digital services for policy administration, claims processing, and customer engagement.

⚙️ Attackers typically harness botnets — large collections of hijacked computers, IoT devices, or cloud instances — to generate traffic volumes that overwhelm a target's bandwidth or exhaust its application resources. In practice, a DDoS strike against an insurer's policyholder portal or quote-and-bind platform can disrupt new-business workflows, delay first notice of loss submissions, and erode customer trust. From an underwriting perspective, cyber underwriters evaluate an applicant's DDoS mitigation posture — including use of content delivery networks, rate limiting, and incident-response plans — as part of the risk assessment process. Policies may cover business interruption losses, incident-response costs, and even extortion payments tied to threatened attacks.

🔒 The escalating frequency and sophistication of DDoS campaigns make cyber risk modeling a persistent challenge. Unlike many perils, DDoS attacks can be launched cheaply and repeatedly, and they often serve as smokescreens for more damaging intrusions like data breaches. For insurers, this means aggregation exposure is real: a single botnet campaign targeting a widely used cloud provider could trigger business interruption claims across thousands of policyholders simultaneously. Accurate loss modeling, carefully structured sublimits, and thoughtful exclusion language are all essential tools for managing this rapidly evolving risk.

Related concepts