As insurers sort through CrowdStrike claims, what should brokers do?



As insurers sort through CrowdStrike claims, what should brokers do? | Insurance Business America















Some cyber policyholders will have a “wake-up call,” experts say

Over eight million computers crashed worldwide after cybersecurity firm CrowdStrike’s software update allowed a bug to pass through and trigger a meltdown. The July 19 outage struck thousands of businesses and disrupted banking, media, aviation and healthcare industries.

The recent outage has significant implications for businesses, particularly when it comes to their cyber insurance. A report by Moody’s Ratings looking at the downstream impact of the CrowdStrike disruption on cyber insurance indicated that determining final losses for the industry will take time, as insurers need to determine which policyholders suffered losses from the outage and whether those losses are covered. 

Experts who spoke to Insurance Business noted that potential coverage gaps may emerge, and companies may need to reassess their coverage to address future incidents.

Corrie Hurm (pictured directly below), VP of claims at Embroker, said she expects business interruption claims to roll in over the coming weeks and months. 

“There will likely be a tail,” Hurm said. “Companies are still assessing their losses, especially those that don’t generate revenue but dealt with operational difficulties.”

Business interruption coverage is generally included under cyber policies, but the extent of coverage varies. Some policies only cover interruptions caused by network security breaches or cyber events, whereas the CrowdStrike incident was caused by defective software in an update.

“Not every company opts for the more extensive—and costly—policies,” Hurm noted. “Just like with car or property insurance, cyber insurance comes in different levels, and the more comprehensive the coverage, the higher the price.”

The CrowdStrike event could prompt companies to reassess their insurance needs, realizing they might be underinsured or exposed to certain risks – something brokers must address with their clients.

Vannessa Smith (pictured directly below), VP at CAC Specialty, said it could also draw more attention to the importance of system failures that aren’t caused by bad actors.

“It has given IT security stakeholders within organizations a strong case to bring to their C-suite, emphasizing why robust security measures and funding are critical,” Smith told Insurance Business.

“We’ve already seen IT budgets and dedicated security teams grow in response to recent events, and I think this trend will continue. Organizations tend to be reactive, learning from incidents and then asking, ‘What can we do to prevent this in the future?’ This outage will likely prompt further improvements in how companies approach system security and resilience.”

Secondary cyber claims from the CrowdStrike event?

On top of the business disruption, experts also shared concerns that the widespread IT outage could serve as a springboard for opportunistic cybercriminals to launch phishing or social engineering attacks. 

Affected organizations may have scrambled to recover their systems and have been more vulnerable to suspicious emails or communication requesting personal details.

“We’ve already seen threat actors sending phishing emails posing as CrowdStrike IT, exploiting the panic to gain access to systems, install malware, or steal confidential information,” noted Hurm. “I anticipate we’ll see more of these secondary social engineering claims as a result of this outage, so it’s crucial for folks to stay vigilant.”

Smith is more optimistic, saying improved cyber vigilance from organizations would mitigate the impact of social engineering attempts.

“Over the past three to five years, we’ve seen companies take cybersecurity very seriously—it’s top of mind for most boards, and there’s a much more open line of communication between CISOs, CFOs, and CEOs,” Smith said.

Still, Smith believes it’s too early to tell whether the CrowdStrike outage would be a “needle-moving” event for the cyber insurance industry.

“From a rate perspective, I don’t think there will be significant changes. I’ve spoken with underwriters and claims professionals, and, for most policyholders, the waiting period did its job,” she said. “While some experienced downtime, it wasn’t long enough to trigger a full business interruption. 

“However, from an underwriting standpoint, there’s a challenge in assessing the risk of your vendor’s vendor. Many clients weren’t directly affected by the CrowdStrike outage but were impacted by vendors who were raising issues of contingent business interruption.”

Do you have some thoughts to share about the fallout from the CrowdStrike outage? Please tell us in the comments.
 

Related Stories