CrowdStrike, the Most Important Cyber Accumulation Loss Event Since NotPetya, Highlights Single Points of Failure

In what is being called “the most important cyber accumulation loss event since NotPetya,” the July 19, 2024, global technology outage will produce scores of insurance claims across a range of policies, test cyber policy wordings, and sharpen the industry’s focus on single points of failure.

Caused by a flawed software update from cybersecurity firm CrowdStrike and impacting a reported 8.5 million devices running Microsoft’s Windows system, the outage brought businesses worldwide to a digital halt. Airlines, health care facilities, government agencies, emergency response services, banks and businesses across multiple industries faced system crashes and a “blue screen of death.”

CrowdStrike quickly announced that the outage was caused by a defect in an update for its Falcon endpoint detection and response (EDR) platform, not a cyberattack.

“All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority,” said George Kurtz, the firm’s CEO, in a statement. He also warned affected organizations that “adversaries and bad actors will try to exploit events like this.” He encouraged these organizations to stay vigilant against social engineering scams attempting to leverage the outage.

Cyber Insurance Implications

Early estimates, according to commentary from Fitch Ratings, suggest the insured losses from the CrowdStrike outage may hit the mid—to high single-digit billions.

While an insured event of that size wouldn’t likely have a “material” impact on global insurers and reinsurers, the claims process will be lengthy, and litigation will be inevitable.

The firm highlighted cyber, business interruption and contingent business interruption (CBI) as the most impacted insurance coverages. However, it cited the potential for payouts on travel insurance, event cancellation and technology errors and omissions.

Industry experts agree that insurance recovery from the CrowdStrike event will hinge upon cyber policy wordings and waiting periods before business interruption cover kicks in. Waiting periods usually range from eight to 12 hours but can be as short as six hours or as long as 24.
Aon’s Reinsurance Solutions team commented in a brief: “This is likely to be the most important cyber accumulation loss event since NotPetya in 2017. However, the overall loss quantum is currently uncertain…The extent to which this is a covered event for insureds will vary.”

The broker said it analyzed cyber policy wordings and found “a range of approaches” to system failure and nonmalicious events. Some carriers offer it as a standard cover, while others do not.

Aon said it expects the event to “trigger greater attention to system failure coverage grants and business interruption waiting periods.” It could also impact event definitions used by insurers, reinsurers, and the industry’s burgeoning cyber catastrophe bond market.

Key Takeaways

The CrowdStrike incident highlights the importance of understanding where single points of failure (SPoF) lie within operating systems and how these can be protected. A SPoF is a failure in part of a system that stops the entire system from working. CrowdStrike’s outage had a domino effect on interconnected networks across the world. In contrast, robust software testing and more scrutiny from developers could help prevent incidents stemming from SPoFs in the future.

In addition, organizations should scrutinize the terms and conditions of insurance policies to ensure they are covered for IT outages and any associated repercussions.

Did you know that 60% of small and medium businesses don’t survive after a cyber attack? Protect your business with Cyber Insurance, call us at 780.424.2727 or click here to get a quote.