My 5 cents on Crowdstrike Incident & Insurance

The recent CrowdStrike IT outage, triggered by a service update, has had a profound impact on the global cybersecurity and insurance sectors. In this short article I review the event’s scale, comparing it to the SolarWinds hack, and delve into the ramifications for the insurance industry. With insured losses estimated between $400 million and $1.5 billion, the incident highlights the critical need for robust cybersecurity measures and comprehensive insurance coverage. The analysis also discusses insurer and reinsurer responses, emphasizing the importance of clear policy wordings and the role of emerging cyber catastrophe bonds in the evolving landscape of cyber risk.

The recent global IT outage caused by a CrowdStrike service update has sent shockwaves through the cybersecurity and insurance industries. This incident, while different in nature from the SolarWinds hack, shares a similar scale of impact, affecting millions of computers worldwide and disrupting critical services across various sectors. The event underscores the urgent need for robust cybersecurity measures, comprehensive insurance coverage, and stringent regulatory frameworks to address the evolving landscape of cyber threats.

Scale and Impact: The CrowdStrike incident, dubbed the "CrowdOut " event, affected an estimated 8.5 million computers running Microsoft operating systems. The widespread disruption touched sectors ranging from aviation and healthcare to financial services and retail, demonstrating the interconnectedness of our digital infrastructure and the potential for cascading failures.

For curious minds, here is a quick comparison of the SolarWinds vs CrowdStrike Incidents.

Now, lets talk insurance.

The CrowdStrike IT outage resulted in substantial global disruption with insured losses estimated between $400 million and $1.5 billion. The incident affected various sectors, notably aviation and banking, and led to claims across cyber, directors and officers, and property insurance. Given that the estimate for Fortune 500 companies alone (excluding Microsoft) is $540 million to $1.08 billion, it is likely that hundreds of large corporations and potentially thousands of smaller businesses were impacted.

This event has significant implications for the insurance industry, particularly in the realm of cyber insurance. The incident is likely to trigger claims across various coverage types, including:

• Cyber Insurance: Expected to bear the brunt of claims, covering costs related to business interruption and data recovery.
• Business Interruption Insurance: Likely to see substantial claims, especially from industries heavily reliant on continuous system availability.
• Contingent Business Interruption: May come into play for companies indirectly affected by the outage.
• Directors and Officers (D&O) Liability: Potential claims against executives for failing to prevent or mitigate the impact of the outage.
• General Liability: Possible third-party claims related to the outage's impacts.

The event highlights the critical nature of policy wordings and terms, as these will determine the extent of coverage and potential payouts. It also brings into focus the need for greater transparency in coverage grants and a more granular approach to tracking aggregation risks at the portfolio level.

Here is a table with a few coverages that might be triggered as a result of the CrowdStrike incident, comparing them to the ones that were triggered during the SolaWinds Incident.

Parametrix released a great report about the effected industries, and I am happy to send it over to those who can't find it online. Just send me a direct message.

After discussing the effects of the Outage with cyber security and insurance executives, I was surprised to learn that the industry expects low level of financial losses that will further foster continued growth of cyber insurance and reinsurance capital. The CrowdStrike outage serves as a significant test for the emerging cyber catastrophe bond market. While it's uncertain whether this event will trigger any payouts from existing cyber cat bonds, it raises important questions about the scope of coverage, event definitions, and loss quantification methods in these instruments. For instance, while certain cyber cat bonds are specifically designed to cover cloud outages, others with broader coverage might be affected depending on how losses are categorized and aggregated.

Industry reactions have varied , with some stakeholders expressing concerns over the potential for future claims and the need for more detailed risk assessments. There is a general consensus that while immediate price stability is encouraging, the full implications of the CrowdStrike outage will become clearer as claims are processed and more information is available.

As we navigate through the aftermath of this event, it’s crucial for the insurance and reinsurance industries to refine their approach to cyber risk. The implications for cyber insurance are particularly significant, with expected claims across multiple coverage types. This incident serves as a reminder of the evolving nature of cyber threats and the need for comprehensive and adaptable insurance solutions. For insurers and reinsurers, this event serves as a pivotal moment to reassess policies, strengthen coverage, and ensure that we are prepared for the evolving landscape of cyber threats.

If you think that any of the information provided here isn’t quite right or if you have any comments or insights to share, please feel free to send me a direct message. Your feedback is invaluable.

Thanks for reading!