Skip to main content
close search
site logo
Dive Brief

Insured loss impact could reach $1B following CrowdStrike outage

Guy Carpenter said it could be worse: Had the incident involved a ransomware attack, losses could have reached $2 billion.

Published Aug. 5, 2024
David Jones's headshot
Reporter
CrowdStrike booth at Black Hat USA 2023 in Las Vegas.
CrowdStrike's booth on August 10, 2023, at Black Hat USA 2023 in Las Vegas. Matt Kapko/CFO Dive

First published on

Cybersecurity Dive

Dive Brief:

  • The insured losses connected to a global IT outage July 19, which a faulty CrowdStrike Falcon software update triggered, are expected to range between $300 million and $1 billion, according to a report released Friday from Guy Carpenter
  • The losses would have likely been much larger had the incident been malicious, according to the report. A ransomware attack involving such a widely used technology system could have ranged from $600 million to $2 billion, according to the company, which is the reinsurance brokerage business under Marsh McClennan.
  • The insurance industry may need to reevaluate its perspective on potential risks and think less in terms of a single catastrophic “super cat” incident, but rather on the risk of mid-sized “kitty cat” incidents that take place on a more frequent, but smaller scale, Guy Carpenter said.

Dive Insight:

The CrowdStrike incident is widely considered one of the largest IT outages in history. The outage caused massive disruptions after thousands of commercial flights were canceled globally, hospitals had to cancel surgeries and 911 systems were temporarily knocked offline in multiple U.S. cities. 

Many insured organizations have already filed notices of circumstances, but it is still very early in the claims process. The report estimates less than 1% of companies globally with cyber insurance coverage were impacted. 

A report released in late July by Parametrix estimates that Fortune 500 companies will see a direct impact of $5.4 billion from the disruption, excluding the impact on Microsoft. Moody’s reported that most of the insurance losses will be driven by business interruption claims. 

There may be a need for the insurance industry to build smaller, but more frequent catastrophic events into their modeling. 

The findings in the Guy Carpenter report show the CrowdStrike event would not lead to a material loss for most insurance companies. However this could change depending upon language adopted by those carriers, how underwriting is concentrated within various industries as well as the uptake of coverage for system failure. 

Since May 2023, the widely exploited MOVEit file transfer vulnerability, the Change Healthcare attack, attacks targeting Snowflake customers and CDK Global cyberattack, when all combined with this new incident could trigger a 10% loss ratio impact to the insurance industry. This would be more in line with the single catastrophic event, according to the company.

Editors' picks

Company Announcements

View all | Post a press release
Pharmaceutical Executive Taggart McGurrin Featured on Life Sciences 360 Podcast
From Wild Fig Advertising
October 29, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
Basware’s New GenAI Tool Transforms Insights for CFOs
From Basware
October 29, 2024
Editors' picks
Latest in Strategy & Operations
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell