Insured loss impact could reach $1B following CrowdStrike outage

Dive Brief:

The insured losses connected to a global IT outage July 19, which a faulty CrowdStrike Falcon software update triggered, are expected to range between $300 million and $1 billion, according to a report released Friday from Guy Carpenter.
The losses would have likely been much larger had the incident been malicious, according to the report. A ransomware attack involving such a widely used technology system could have ranged from $600 million to $2 billion, according to the company, which is the reinsurance brokerage business under Marsh McClennan.
The insurance industry may need to reevaluate its perspective on potential risks and think less in terms of a single catastrophic “super cat” incident, but rather on the risk of mid-sized “kitty cat” incidents that take place on a more frequent, but smaller scale, Guy Carpenter said.

Dive Insight:

The CrowdStrike incident is widely considered one of the largest IT outages in history. The outage caused massive disruptions after thousands of commercial flights were canceled globally, hospitals had to cancel surgeries and 911 systems were temporarily knocked offline in multiple U.S. cities.

Many insured organizations have already filed notices of circumstances, but it is still very early in the claims process. The report estimates less than 1% of companies globally with cyber insurance coverage were impacted.

A report released in late July by Parametrix estimates that Fortune 500 companies will see a direct impact of $5.4 billion from the disruption, excluding the impact on Microsoft. Moody’s reported that most of the insurance losses will be driven by business interruption claims.

There may be a need for the insurance industry to build smaller, but more frequent catastrophic events into their modeling.

The findings in the Guy Carpenter report show the CrowdStrike event would not lead to a material loss for most insurance companies. However this could change depending upon language adopted by those carriers, how underwriting is concentrated within various industries as well as the uptake of coverage for system failure.

Since May 2023, the widely exploited MOVEit file transfer vulnerability, the Change Healthcare attack, attacks targeting Snowflake customers and CDK Global cyberattack, when all combined with this new incident could trigger a 10% loss ratio impact to the insurance industry. This would be more in line with the single catastrophic event, according to the company.