Two major reinsurance firms offer their expert insights into the recent CrowdStrike global IT outage, which resulted in widespread disruptions to Microsoft Windows systems around the world.

On July 18, cybersecurity company CrowdStrike released a software update for its Falcon Sensor product, which is designed to detect malicious threats on computer endpoints. The update has caused computers around the world to experience “blue screen of death” errors.

So far, the update has only affected Microsoft users, and there have been no reports of other operating systems being affected. The system failure caused by the CrowdStrike update has affected a wide range of industries, including airlines, banks, retailers, hospitality, and more.

Get the latest reinsurance news straight to your inbox twice a week. Sign up here

Jay Carpenter highlights this event as a single point of failure in a complex global IT supply chain. Cyber ​​insurers must assess dependencies between policyholders, evaluate the potential for aggregation across commonly used technologies, and recalibrate risk tolerance accordingly.

Losses due to system failure will fall under traditional proportional and aggregate structures, which respond to all causes of loss. In recent renewal cycles, purchasing behavior has shifted toward targeted catastrophe coverages, many of which respond to specifically defined catastrophic scenarios. Event-based products and the definitions behind them are unique to the risk cedant’s perspective and how coverage is negotiated.

Recoveries from event-based products will vary based on how coverage differentiates between malicious and non-malicious cyber incidents in each underlying formulation. As this incident progresses, Guy Carpenter will explain its impact on assumptions about extreme risk and the future of the $15.5 billion global cyber industry.

Given the size and scope of this outage, the consequences could impact product lines beyond cyber risks, most notably directors and officers (D&O) and property/casualty (P&C).

The implications for D&O towers for companies involved in or affected by the incident could include a potential 10% drop in the company’s listed shares, which could trigger class action lawsuits. Subsequent share price movements and any eventual recovery could also impact the potential for litigation.

Read more: Industry braces for flood of claims over CrowdStrike outage

Historically, securities class actions arising from technology incidents have performed poorly. Companies involved in or affected by an event may face increased exposure if they have difficulty restoring operations, potentially leading to derivative shareholder lawsuits alleging a breach of fiduciary duty by the board.

As IT and OT continue to merge, insurers must also consider the physical consequences that could arise from technology failure. The potential exposure of P&I policies will depend on how insurers treat cyber risk as a risk and whether the policy includes a “silent cyber” exclusion. Policies that remain silent on cyber risk may be exposed to bodily injury or property damage as a result of a cyber-related system failure.

Jay Carpenter stressed the importance of understanding the broader implications of such incidents on the insurance market, emphasizing the need for comprehensive risk assessment and strategic planning in light of evolving cyber threats.

Acrisure Re comments on ClowdStrike power outage

Acrisure Re notes that the scale of the problem is exacerbated by CrowdStrike’s popularity among large enterprises worldwide. With individual endpoints potentially needing to be manually rebooted, it could take IT teams days to fully resolve the issue.

Cybersecurity experts have long been concerned about systemic issues and large-scale events. While many believed that the most likely culprit would be malicious incidents, such as the WannaCry and NotPetya attacks in 2017, this event demonstrates that non-malicious incidents can have similarly large-scale impacts.

Acrisure Re notes that Australia was likely the most affected location due to the timing of the update, with many CrowdStrike users in the Western Hemisphere unable to trade while the update was being attempted.

The widespread adoption of CrowdStrike among major global enterprises underscores the importance of having a broad range of high-quality cybersecurity vendors to reduce single points of failure.

Insurers are expected to see a wave of notifications in the coming days, with potential losses under business interruption and consequential business interruption clauses. Most cyber insurance policies include triggers for both harmful and non-harmful events, and business interruption and consequential business interruption coverage typically extends to incidents occurring at IT companies. Some cyber insurance policies also provide coverage for business interruption of non-IT companies.

Acrisure Re says insurers will contract with its panel vendors to work with affected businesses to minimize insured downtime and additional costs. Insurers may also expect significant losses if the required manual reboot of individual endpoints is not universally successful, or if the resulting downtime causes business intelligence losses greater than simply replacing a device.

Acrisure Re notes that more than 20,000 companies are using CrowdStrike Falcon with Microsoft, and many managed security service providers (MSSPs) are licensing CrowdStrike to their customers, further highlighting the single points of failure and systemic exposures among small and midsize businesses. The number of companies that rely on a company using CrowdStrike Falcon with Microsoft is estimated to be in the millions.

Insurers will need to develop a plan to manage and address these risks without withdrawing coverage that is so important to buyers. In the short term, insurers should hold their ground until the full picture becomes clear, according to Acrisor Re.

What do you think of this story? Feel free to share your comments below.

Get the latest reinsurance news straight to your inbox twice a week. Sign up here