BUSINESS SUPPORT
ADVERTISING FEATURE
ADVERTISING FEATURE
CROWDSTRIKE , THE MOST IMPORTANT CYBER LOSS EVENT SINCE NOTPETYA , HIGHLIGHTS SINGLE POINTS OF FAILURE .
ARE YOU FULLY COVERED ?
by Ian Sandham , Operations Manager at Mark Richard Insurance
In what is being called “ the most important cyber-accumulation loss event since NotPetya ,” the 19th July 2024 global technology outage will produce scores of insurance claims across a range of policies , test cyber-policy wordings and sharpen the industry ’ s focus on single points of failure .
Caused by a flawed software update from cyber-security firm CrowdStrike and impacting a reported 8.5 million devices running Microsoft ’ s Windows system , the outage brought businesses around the world to a digital halt . Airlines , health care facilities , government agencies , emergency response services , banks and businesses across multiple industries faced system crashes and a “ blue screen of death .” CrowdStrike quickly announced that it was a defect in an update for its Falcon endpoint detection and response platform that caused the outage , not a cyber-attack .
“ All of CrowdStrike understands the gravity and impact of the situation . We quickly identified the issue and deployed a fix , allowing us to focus diligently on restoring customer systems as our highest priority ,” said George Kurtz , the firm ’ s CEO , in a statement . He also warned affected organisations that “ adversaries and bad actors will try to exploit events like this ” and encouraged these organisations to stay vigilant against social engineering scams attempting to leverage the outage .
CYBER-INSURANCE IMPLICATIONS Early estimates suggest the insured losses from the CrowdStrike outage may hit the mid to high single-digit billions , according to commentary from Fitch Ratings . While an insured event of that size wouldn ’ t likely have a “ material ” impact on global insurers and reinsurers , the claims process could be lengthy .
The firm highlighted cyber , business interruption and contingent business interruption ( CBI ) as the most impacted insurance types . However , it cited the potential for payouts on travel insurance , event cancellation and technology errors and omissions . Industry experts agree that insurance recovery from the CrowdStrike event will hinge upon cyber-policy wordings and waiting periods before business interruption cover kicks in . Waiting periods usually range from six to 24 hours but can be longer .
KEY TAKEAWAYS The CrowdStrike incident highlights the importance of understanding where single points of failure lie within operating systems and how these can be protected . In the case of CrowdStrike ’ s outage , this had a domino effect on interconnected networks across the world . Speaking to the BBC after the event , cyber-security researcher Kevin Beaumont said that CrowdStrike doesn ’ t “ test in waves . They just deploy to all customers at once in a so-called ‘ rapid response update ,’ which was obviously a huge mistake .” In contrast , robust software testing and more scrutiny from developers could help prevent incidents stemming from SPoFs in the future . In addition , organisations should scrutinise the terms and conditions of insurance policies to ensure they are covered for IT outages and any associated repercussions .
Contact us today for further guidance and robust cyber insurance solutions .
“ Early estimates suggest the insured losses from the CrowdStrike outage may hit the mid to high single-digit billions ”
WE ARE HERE TO HELP YOU WITH ...
• Business continuity planning advice and templates .
• Getting the right insurance cover to help you survive a major disaster and continue to thrive as a business thereafter
Call us on 0117 947 9510 to discuss your needs with on our experienced advisors .
www . markrichard . co . uk COMMERCIAL 0117 947 9510 CAR AND HOME 0117 923 1330
28 www . tbebathandsomerset . co . uk