Insurance claims resulting from business interruptions are projected to contribute to losses stemming from the CrowdStrike IT disruption.
The world experienced one of the largest IT outages in history on July 19, 2024, known as the Crowdstrike Falcon update incident. This outage, which affected around 8.5 million Microsoft devices, caused a ripple effect that disrupted critical sectors such as hospitals, airlines, banks, and government offices worldwide.
The estimated total financial loss from this outage is around $10 billion (approximately €8.59 billion). This figure includes both direct and indirect costs, encompassing the broad economic fallout on affected organizations.
The outage, which caused a "Blue Screen of Death" for many Windows users, led to the cancellation of thousands of commercial airline flights. Businesses, including those from the Fortune 500, will make claims under "systems failure" provisions of their cyber insurance policies due to the IT outage, as it was not a malicious attack.
The interconnectedness of systems was demonstrated during the outage, leading to businesses being brought to a standstill on a large scale. This event has raised concerns about the risk of single points of failure, as it brought down operations across many critical industries.
The cyber insurance market could face preliminary insured losses of up to $1.5 billion due to the IT outage. Insured organizations will link claims to direct business losses as well as contingent losses of third-party vendors due to the outage.
The Department of Transportation is investigating Delta Air Lines' handling of the IT outage that led to thousands of flights being canceled. Hospitals postponed surgeries due to the outage, and financial transactions were disrupted.
Sridhar Manyem, senior director of industry research and analytics at AM Best, stated that the interconnectedness of systems was on full display during the outage. The outage served as an example of aggregation risk in the industry, and reinsurers are expected to reevaluate underwriting practices for systems failure coverage in response.
The outage highlighted the risk of aggregation, a concern that corporate stakeholders want to better understand. They are seeking to understand the risk calculus of their technology stacks, addressing the question: Are we a target?
[1] Source: Crowdstrike [2] Source: Change Healthcare ransomware attack report, 2024
- The Crowdstrike Falcon update incident, a historic IT outage that occurred on July 19, 2024, underscores the importance of robust cybersecurity measures, particularly in light of the increasing interconnectedness of technology in sectors as diverse as sports, business, and healthcare.
- The recent Crowdstrike Falcon update incident, which caused critical infrastructure disruptions worldwide, serves as a warning for the sports industry to prioritize their cybersecurity measures, acknowledging the potential ripple effects that could stem from a technology failure.
