There are some questions that inspire a knee jerk reaction so strong you have to stop and wonder how you managed to avoid putting your leg through the drywall. The question of a new DDoS cost might just be one of them. As business and website owners all over the world can attest through gritted teeth, DDoS attacks have enough costs attached to them without considering any ‘new’ ones.
However, thanks to a move by a gaming company in the wake of persistent DDoS attacks, there’s a new, possibly precedent-setting response to the outages and frustrations caused by these assaults. While there is an initial price tag attached to it, or at least a dip in revenue, it may end up being that this upfront cost is a smart one to pay.
Status quo costs
Distributed denial of service attacks are well-known for the kind of bills they can ring up for victim businesses, with costs typically landing between $20,000 and $100,000 for each hour of the attack. What’s less well-known is exactly how those staggering costs are accumulated, and the other big whopping cost that often goes unaccounted for since it’s largely unquantifiable.
Those per-hour costs, the ones that routinely total up to millions of dollars, are the costs associated with dealing with the attack and then getting everything back up and running. Broken down, this could mean onboarding a mitigation service, diverting staff to mitigation efforts, investing in a backup system during downtime, and even repairing or replacing damaged software and hardware.
What isn’t associated with those costs are the ones related to revenue opportunities that are missed during downtime and – the big one – revenue lost because users become disloyal after a successful attack. Whether it’s due to the frustration of downtime or because they no longer trust a business or online service in the face of a security failing like this, DDoS attacks often lead to long-term churn, and it is perhaps the biggest DDoS cost of all. It’s with this in mind that a trailblazing gaming company has made a surprising move.
The new DDoS spend
In July, gaming company Ubisoft was targeted by a few days’ worth of on and off distributed denial of service attacks that kept their gamers offline, namely in the popular third-person fighting game For Honor. In response to these outages, Ubisoft gave every active player a host of in-game advantages. (1000 Steel, 10 XP Boost, and two Scavenger Crates.)
While it didn’t actually cost anything for Ubisoft to distribute these freebies as they are in-game items delivered digitally, it does impact their bottom line because these are all items that can be purchased in the For Honor store with real-world currency. With every active player being awarded these items, a lot of near-future purchases were rendered unnecessary. It’s money that’s not being made.
However, if you consider that potentially the most costly DDoS consequence of all is user frustration and reduced loyalty, then this initial revenue loss may end up being well worth it. Not only are freebies obviously awesome, but this move acknowledges the negative impact a DDoS outage can have on gamers and shows loyal users that Ubisoft understands how connected they are to the game and how frustrating, upsetting and inconvenient it can be to not be able to play when they want to play. As far as DDoS mea culpas go, it’s a very effective one.
Future freebies and compensation
Whether or not DDoS compensation catches on remains to be seen, though the likelihood is that it will. While we may not see, say, financial institutions reducing monthly banking fees because of outages or internet service providers lowering bills accordingly, it would be reasonable to think other online gaming companies will follow Ubisoft’s lead. It also wouldn’t take much for online gambling websites to give regular users a few extra bucks to spend on-site in order to make amends.
Distributed denial of service attacks are a massive problem for businesses of all sizes all over the world, and many of those businesses now face a choice: either get the best of the best cloud-based DDoS protection and make that proactive investment in uptime, or start calculating how much it might cost to salvage user loyalty when those users have been dealing with downtime.