While the financial implications of last week’s significant IT outage, which was caused by an update to the CrowdStrike Falcon endpoint detection and response (EDR) tool, will take time to be understood, the event is expected to accelerate interest in cat-focused reinsurance programmes, according to Luke Foord-Kelcey, Global Head of Cyber at reinsurance broker Howden Re.
The incident began on Friday, July 19th, early in the morning and affected multiple sectors globally. Cyber insurance experts have warned that there will be fallout from this as the outage caused a series of blue screen of death (BSOD) failures on Windows workstations and servers.
CrowdStrike, an important market player in EDR with approximately 17% market share as of 2022, has since reverted the update.
Foord-Kelcey commented: “The full extent of the impact will only become clear over the coming days as we are able to take stock of how rapidly the fixes have been able to be implemented and whether the resulting business interruptions have exceeded the policy waiting periods – and if so, by how much.”
Some market segments were impacted more than others. Australia experienced the worst of the impact during its working day, potentially leading to more significant ongoing consequences. The Air Transport sector, which typically takes longer to recover from outages, is also heavily affected.
Howden maintains an industry exposure database for the cyber market, covering around $9 billion, or 65% of the gross written premium (GWP).
Howden’s data shows that Australia accounts for just over 2.5% of cyber GWP, and the Air Transport sector, including airlines, airports and couriers, a little under 0.5%, with exposure figures broadly in line with these statistics.
Foord-Kelcey explains, “Given that this is a non-malicious cyber event caused by a failed patch from a third-party vendor, it may trigger Systems Failure Business Interruption-type insuring clauses, subject to waiting periods typically in the region of 8-12 hours.”
Harriet Gruen, Head of Cyber Threat Intelligence, Howden Re, said, “As the (re)insurance industry continues to assess the full implications and root causes of this mass IT outage, the incident reveals far-reaching dependencies inherent in global digital infrastructure.
“Recent years have seen a dramatic improvement in our industry’s understanding of cyber risk, leading to more nuanced insurance coverages. However, this incident underscores the evolving nature of cyber and IT risks and the need for continued investment in developing more sophisticated exposure management tools and techniques.”
Foord-Kelcey concluded, “Greater awareness of the systemic nature of cyber risk – and growing market consensus on what constitutes a systemic cyber catastrophe loss – has spurred significant interest in cyber cat structures, with continued product uptake observed in 2024.”
