Coffee company recoups lost revenue after DDoS attack on busy holiday weekend
Industry
Retail
Background
Employees: 51 - 250
Coverages: Breach Response, Business Interruption
Case Study
A coffee company had one of its worst nightmares become a reality just as the
holiday season began. After noticing something was amiss with its website on Black
Friday—perhaps the single-largest shopping day of the year in the United States —
the company asked its IT firm to look into the matter. The following day, the company
contacted Coalition.
The IT firm determined the coffee company was experiencing a Distributed Denial of
Service (DDoS) attack. A threat actor flooded the company’s website with visitors to
disrupt operations and, presumably, to leverage the attack into a ransom payment.
However, a ransom was never demanded, and the attack ceased after three days.
Interestingly, the DDoS attack paused between midnight and 6 a.m. every day, but the
coffee company still suffered nearly three days of interrupted sales during one of the
busiest weekends of the year. By comparing prior years of Black Friday weekends, we
were able to work with the company and estimate how much money it lost as a result of
the DDoS attack.
Here’s how key coverages came into play for this claim: Breach Response covered
the cost of breach counsel and a forensics investigation. Business Interruption coverage
covered the lost revenue and extra expenses for data and site restoration. After the
coffee company paid its $10,000 self-insured retention, its policy covered the
remaining $188,000.