A global tech outage last week could lead to insurers preparing for a potential surge in business interruption claims, reported Reuters, citing industry experts.
The disruption, which affected a range of industries, from travel to finance, was reportedly caused by a software update from cybersecurity technology company CrowdStrike.
According to Ryan Griffin, a partner focused on cyber at insurance broker McGill and Partners, “insurers are bracing for hundreds, if not thousands, of claim notifications from organisations that are impacted by the CrowdStrike event”.
However, the path to compensation may not be straightforward for all businesses.
DBRS Morningstar head of insurance Marcos Alvarez explained that a typical business interruption policy within a regular commercial insurance programme would not cover losses from Friday’s (19 July 2024) outage.
Additionally, not every cyber insurance policy includes business interruption coverage, which often requires a separate purchase at an additional cost.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataNir Perry, CEO at CyberWrite, a cyber insurance risk platform, highlighted the financial implications of such outages, suggesting that “economic damages could reach tens of billions of dollars”.
Perry also emphasised the significance of the event, calling it “an insurance catastrophe”.
The outage, triggered by a defective update from CrowdStrike designed to protect Microsoft Windows systems, may also lead to legal repercussions for the companies involved.
Requests for comment from Microsoft and CrowdStrike were not immediately answered.
Sam Levine, senior vice-president – professional and cyber solutions at specialty insurance broker CAC, noted that: “Airlines (and other industries) might have rights under their contracts that allow them financial or other remuneration based on the CrowdStrike outage.”
Travellers worldwide experienced major disruptions, with travel insurer InsureMyTrip expecting an uptick in claims, particularly from travel delay and missed connection policies.
The company estimated that more than 1,600 customers might be affected by the incident.
Experts also clarified that force majeure, a clause that typically removes liability for unforeseeable catastrophes, would not apply in this situation.
Meredith Schnur, US and Canada cyber practice leader at broker Marsh, stated: “This is exactly what cyber insurance is meant to cover. This is not something that is outside of our control.”