Cyber Insurers Escape Impact of CrowdStrike Outage

cybersecurity, data protection, AI

Last month’s worldwide tech outage disrupted organizations from airlines to banks to hospitals.

However, one sector that seems to have escaped the impact of the event is the cyber insurance industry, as most of the costs were uninsured, the Financial Times’ Vanessa Houlder noted in an opinion piece Tuesday (Aug. 13).

“Had the chaos gone on for longer, it could have been a different story,” Houlder wrote. “Most policies do not kick in for eight hours or so after the incident starts.”

The event happened following a glitch in a software update by the cybersecurity firm CrowdStrike, she added, pointing out that an error is easier to remedy than a cyberattack.

Risk retention and policy limits also protect insurers, who are likely to pay out under 20% of the estimated $5.4 billion losses suffered by Fortune 500 countries, a figure that does not include Microsoft, whose Windows systems were affected by the outage, per the report.

One cyber insurance company, Beazley, “shrugged off” the outage, saying its profit guidance would be unchanged despite a potential loss of $80 million to $120 million, the report said.

“Insurers can’t be confident they’ll come off so lightly in the future,” wrote Houlder. “This is one of the raciest corners of the insurance market. There is limited data on which to form judgments, although the recent outage will provide useful data points. There is no escaping the enormity of the potential risks.”

Last month — before the CrowdStrike outage — specialist insurance broker Howden released a report showing that cyber insurance premiums were falling around the world, despite a surge in ransomware attacks.

“Favorable dynamics have persisted into 2024, with the cost of cyber insurance continuing to fall despite ongoing attacks, heightened geopolitical instability and the proliferation of [generative artificial intelligence],” Sarah Neild, Howden’s head of cyber retail for the United Kingdom, said at the time.

Meanwhile, PYMNTS wrote last week that the aftermath of the outage, which has seen Delta Air Lines threaten to sue CrowdStrike after thousands of its flights were grounded, illustrates the importance of firms having a recovery plan.

“Effective disaster recovery planning requires collaboration between businesses and their B2B partners,” the report said. “This includes sharing information about potential risks, coordinating response strategies, and conducting joint drills and simulations. By working together, businesses and their partners can ensure a more comprehensive and cohesive approach to resilience.”

PYMNTS-MonitorEdge-May-2024