The CrowdStrike linked IT global outage is estimated to have an insured loss range of $540 million to $1.08 billion, according to Parametrix, a provider of cloud monitoring, modeling, and insurance services.
For those who need a reminder, the outage, which took place on July 19, was caused by a security organisation called CrowdStrike, which sent out a corrupted software update to its huge number of customers. As per Microsoft, CrowdStrike’s update reportedly affected 8.5 million Windows devices.
At the same time, Parametrix estimates that the total direct financial loss facing US Fortune 500 companies (excluding Microsoft) from the CrowdStrike outage on July 19th is $5.4 billion.
However, given that the portion of the loss covered under cyber insurance policies is only expected to be in the range of 10% to 20%, Parametrix noted that the weighted average loss is $44 million per Fortune 500 company, but ranges from $6 million (manufacturing companies) to $143 million (airlines).
In addition, Parametrix is expecting that the largest direct financial loss will be suffered by Fortune 500 companies within the healthcare sector ($1.938 billion), followed by banking ($1.149 billion), while the six Fortune 500 airlines are anticipated to face approximately $860 million in losses.
Jonathan Hatzor, co-founder and CEO of Parametrix, commented: “Our analysis of the CrowdStrike outage shows not only the possible extent of a systemic cyber loss event, but also its boundaries. It tells us more about the ways that insurers and reinsurers can diversify their cyber risk portfolios to minimize the potential impacts of systemic cyber risk. However, our analysis does not show the whole diversification picture. A cyber insurer focused on very large companies will certainly suffer a much greater CrowdStrike loss relative to premium than one with a large SME book.”
Adding: “Prevention is important, but risk carriers have limited control over event occurrences and service-provider practices. The industry should focus on controllable areas, like mapping and managing aggregation risk. By understanding these points, we can evaluate key exposures, and mitigate both malicious and non-malicious threats. This proactive approach enables better underwriting decisions, and effective risk-transfer solutions to manage systemic risk.”
Meanwhile, analysts at Fitch Ratings have said that the global IT outage is not expected to have a material impact on the financial results of insurers and reinsurers, with preliminary market estimates of global insured losses in the mid-to high single digit billion USD range.
