Skip to main content
close search
site logo
Dive Brief

Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption

The outage will lead to reviews of underwriting criteria as concerns are raised about single points of failure, according to Moody’s Ratings.

Published July 30, 2024
David Jones's headshot
Reporter
A person goes over insurance options
time99lek via Getty Images

Dive Brief:

  • The global IT outage stemming from a faulty CrowdStrike software update will lead to cyber insurance losses primarily driven by business interruption claims, Moody’s Ratings said in a report released Monday. 
  • Businesses are expected to make claims under “systems failure” provisions, coverage that is becoming standard for cyber insurance policies, because the incident was not considered a malicious attack. Moody's said insured organizations will link claims to direct business losses as well as contingent losses of third-party vendors. 
  • The outage is likely to spur larger reviews of underwriting, with a focus on systems failure, according to Moody’s. The outage has already raised concerns about the risk of single points of failure, as lone organizations with a vast footprint can bring down operations across so many critical industries.

Dive Insight:

The July 19 outage is widely considered one of the largest IT disruptions in history, after about 8.5 million Microsoft devices were knocked offline.

The outage led to the cancellation of thousands of commercial airline flights, hospitals postponing surgeries, the temporary disruption of 911 emergency services in multiple states and financial transactions being disrupted

“Reinsurers regularly review claims following an event that impacts multiple insureds,” Laline Carvalho-Neff, vice president, senior analyst at Moody’s Ratings, said via email. “We expect reinsurers to reevaluate underwriting practices, especially for systems failure coverage, to ensure there’s clear understanding of the risk and pricing of the exposure.”

A study released last week from Parametrix showed the outage would lead to $5.4 billion in direct losses for the Fortune 500, excluding the impact on Microsoft. Insurance was likely to cover between 10% and 20% of those losses. 

A separate study by CyberCube predicted the cyber insurance market could face preliminary insured losses of up to $1.5 billion. 

The outage was exactly the type of event the industry has been worried about for years, serving as an example of aggregation risk, according to analysts. 

“The interconnectedness of systems was on full display last week and demonstrated how businesses can be brought to a standstill abruptly and on a large scale,” Sridhar Manyem, senior director, industry research and analytics at AM Best, said via email. 

Delta Air Lines is under investigation from the Department of Transportation for its handling of the outage, which led to thousands of flights being canceled and passengers stranded for days. 

Filed Under: Strategy

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell