Exclusive first look at Coalition’s new cyber claims dataGet the 2024 Cyber Claims Report
Cyber Incident? Get Help

case study

DDoS Attacks: Business Interruption Intervention

In today’s digital economy, even small companies can suffer under the siege of malicious cyber attacks — whether for extortion or entertainment. When threat actors deployed a distributed denial-of-service (DDoS) attack to disrupt a toy retailer's website traffic, Coalition helped plug the attack vector and provided business interruption coverage.

Customer paying for cosmetics over the counter


Specialty Retail


  • 1-25 employees

  • Coverages for business interruption and breach response

I spoke to the insured this morning regarding the renewal and he shared how satisfied he had been with his interaction with your staff in regards to the recent DDoS incident. He found your staff to be very knowledgeable and helpful.

Case Study

When hackers try toying with business operations.

A specialty toy retailer received an email threatening continued DDoS attacks unless the retailer conceded to the attacker’s demands. The policyholder had experienced once-daily attacks which took their store offline for four to five minutes at the time they received the email, which was passed from the customer support team to the CEO. The CEO reached out to Coalition, using our standard communication channel, approaching 9 pm California time. We responded within 20 minutes, and within an hour, we were on the phone with the CEO.

After a brief explanation, the CEO looped in the company’s IT team which runs their custom e-commerce infrastructure. We started a multi-time zone call to dive in, combing through logs, reviewing DNS settings, and digging into firewall configurations. During the conversation, the company updated its security groups, proxied (protected) more traffic, and changed its server’s public IP address. After some more back-and-forth, we uncovered a firewall rule put in place long ago which allowed all traffic from the United States through, regardless of other protections.

Once this rule was removed, all was well. The attackers returned in the following days, but their throttled attempts were not disruptive, and the attack activity stuck out like the proverbial sore thumb — easy to mitigate.

Business interruption is the key coverage in play. If a security failure such as a DDoS disrupts your business, you may qualify for lost income and expenses under your insurance policy. Coalition is unique in the marketplace in that our waiting period does not act as a deductible, just a trigger for the time period that a business interruption must satisfy prior to coverage being available. Several services qualify for Coalition’s enhanced waiting period, which means less interruption (only one hour) before coverage kicks in.

Coalition provides Active Risk Assessment of an organization’s real-time cyber risk, Active Protection through continuous threat monitoring, and Active Response to incidents if they occur — providing the most comprehensive insurance available to solve cyber risk.