A global tech outage last week could lead to insurers preparing for a potential surge in business interruption claims, reported Reuters, citing industry experts.
The disruption, which affected a range of industries, from travel to finance, was reportedly caused by a software update from cybersecurity technology company CrowdStrike.
Go deeper with GlobalData
According to Ryan Griffin, a partner focused on cyber at insurance broker McGill and Partners, “insurers are bracing for hundreds, if not thousands, of claim notifications from organisations that are impacted by the CrowdStrike event”.
However, the path to compensation may not be straightforward for all businesses.
DBRS Morningstar head of insurance Marcos Alvarez explained that a typical business interruption policy within a regular commercial insurance programme would not cover losses from Friday’s (19 July 2024) outage.
Additionally, not every cyber insurance policy includes business interruption coverage, which often requires a separate purchase at an additional cost.
Nir Perry, CEO at CyberWrite, a cyber insurance risk platform, highlighted the financial implications of such outages, suggesting that “economic damages could reach tens of billions of dollars”.
Perry also emphasised the significance of the event, calling it “an insurance catastrophe”.
The outage, triggered by a defective update from CrowdStrike designed to protect Microsoft Windows systems, may also lead to legal repercussions for the companies involved.
Requests for comment from Microsoft and CrowdStrike were not immediately answered.
Sam Levine, senior vice-president – professional and cyber solutions at specialty insurance broker CAC, noted that: “Airlines (and other industries) might have rights under their contracts that allow them financial or other remuneration based on the CrowdStrike outage.”
Travellers worldwide experienced major disruptions, with travel insurer InsureMyTrip expecting an uptick in claims, particularly from travel delay and missed connection policies.
The company estimated that more than 1,600 customers might be affected by the incident.
Experts also clarified that force majeure, a clause that typically removes liability for unforeseeable catastrophes, would not apply in this situation.
Meredith Schnur, US and Canada cyber practice leader at broker Marsh, stated: “This is exactly what cyber insurance is meant to cover. This is not something that is outside of our control.”
