By now we’ve all heard about or experienced firsthand the widespread outage that occurred on Friday, July 19, 2024. CrowdStrike released a routine software update for Windows that included an undetected error causing affected Windows systems to crash. Once this happened, Windows responded as it is designed to when a critical driver crashes – it stopped working and showed the dreaded “blue screen of death.”

CrowdStrike identified and deployed a fix for the issue within 79 minutes. However, this wasn’t enough to mitigate the global impact, resulting in what has been called the largest IT outage in history.

The impact

The outage spanned the globe, causing tech disruptions to airlines, banks, the healthcare industry, emergency services, schools, and government. It is estimated that 8.5 million Windows devices were affected, and according to FlightAware.com, approximately 3,000 flights in or out of the US were canceled on July 19th. Additional disruptions occurred with 911 call centers, emergency drivers’ services, and blood donation centers.

Industries such as hospitals and airlines were most affected, as they require 24/7 availability and often lack robust back-up systems and redundancies. Due to timing, APAC and EMEA sustained a greater length of impact, as more of their workday was affected by the outage.

Cybercube, a market leader in cyber risk analytics, estimates preliminary insured losses for the standalone cyber insurance market between $400 million and $1.5 billion, representing roughly a 3%-10% loss ratio on global cyber premiums of $15 billion today.

Although this is the largest IT outage experienced, it will not reach the levels we have seen from natural catastrophic events. Preliminary reports by Fitch Ratings estimates that the global insured losses will not translate into material impact for reinsurers. The event does, however, highlight the vulnerabilities that exist globally. 

Insurance

This type of event generates a loss in revenue due to downtime, increased operational expenses, remediation costs, and reputational harm. Many of these costs fall under coverages that have sublimits or are not automatically offered on the standard policy form. Several mechanisms that could limit the insured losses include – the amount of limits, high retentions, sublimits, and time element periods for business interruption/dependent business interruption claims. Most cyber policies have time element periods that range from 8 to 12 hours. As such, we expect claims to fall within many primary policies' retentions.

The most likely exposure stemming from this incident will be dependent on business interruption, which provides coverage for loss of revenue and extra expenses incurred to reduce your company’s loss of revenue.

It’s plausible to consider there will be bodily injury claims resulting from disruptions in critical or emergent surgeries due to the outage. Smaller lines such as travel insurance, event cancellation, and technology errors and omissions will also be affected. It’s possible that D&O and P&C lines will be triggered due to the magnitude and scope of the outage.

Key Takeaways

Not all catastrophic cyber events are malicious. This was a global event that was caused by human error in coding. Focus on cybersecurity is an important first step to prevention and mitigation of cyber risk. However, business continuity and resilience are critical factors in limiting overall exposure to a malicious or non-malicious cyber event.

Being prepared for a cyber event includes ensuring that you have the most comprehensive insurance coverage in place.If you have been impacted by the CrowdStrike induced system failure it is important to report the incident to your cyber insurer as soon as possible. Most cyber insurance policies operate on a claims-made basis, which requires the claim to first be discovered and reported to the insurer during the policy period. Failure to do so could jeopardize coverage under your policy.

Newfront provides a dedicated specialized cyber claims team to help navigate coverage on complex claims. Please contact Newfront to make sure that you have the broadest terms available to help you respond and recover from any type of cyber event in the future.