CrowdStrike cyber incident first thoughts

The cybersecurity company CrowdStrike published an update to its antivirus Falcon sensor product on Friday 19th July. This update proved to be flawed and caused significant outage to Microsoft devices. Although CrowdStrike corrected the faulty software patch within hours, recovery times varied for affected firms.

Microsoft estimates that 8.5 million devices, fewer than 1% of all Windows devices, were impacted worldwide. The outage resulted in over 5,000 flights being cancelled globally causing major disruption to the aviation industry. At the time of the incident, CrowdStrike had more the 24,000 customers including the NHS, Sky News, Ticketmaster, eBay, Visa, Chase, Waitrose and Amazon Web Services who all suffered various levels of disruption. The impact was so severe as the software works in the center of Microsoft’s operating system, the Kernel.  This is a Microsoft specific issue on the back of an agreement with the European Commission which forced Microsoft to give access to third party developers in 2009. This is not the case for Apple’s operating system as the company shut access to the Kernel in 2020.

The cyber market will respond to the incident and Fitch estimates that insured losses will range in the mid to high single digit billion dollars. This figure also includes insurance losses from travel insurance, contingency, technology Professional Indemnity and other classes.  Beazley, the leading cyber insurer, reported this morning that the loss will not impact its target combined ratio for the full year, reiterating that the loss is expected to be of a manageable size.

Alpha comment

Although the estimated potential loss is significant, given the cyber market is expected have a market premium of circa $20bn, initial indications suggest that the market is well insulated. Cyber policies have a specified amount of time (usually between 8-12 hours) before business interruption claims are covered and these clauses will limit the exposure to cyber insurers, as many businesses were back running again within these timeframes. We also expect insurers will be able to subrogate against Crowdstrike following the loss, as it seems the firm’s negligence was responsible for the loss. As losses are expected to be manageable, the event is expected to have little impact to the cyber rating environment. However, this particular incident highlights how interconnected technology has become, and this is unlikely to change in the future. A loss of this size raises global awareness of the need for purchasing cyber insurance, increasing the flow of new cyber buyers to the global insurance market. More clarity on the loss is likely to come through in due course and we will be monitoring developments closely.