Dive Overview:
Moody’s Ratings said in a report published on Monday that the global IT outage caused by CrowdStrike’s software update glitch will lead to cyber insurance losses primarily driven by business interruption claims. Because the incident was not deemed a malicious attack, companies are expected to file claims under “system failure” clauses, which are becoming standard in cyber insurance policies. Moody’s said insured organizations will link claims to third-party vendor contingency losses as well as direct business losses. Moody’s said the outage is likely to prompt a larger underwriting review focused on system failures. The outage has already raised concerns about single-point-of-failure risks, where a single organization with a vast footprint could halt operations across so many critical industries.
Dive Insights:
The July 19 outage is widely considered one of the largest IT outages in history, with around 8.5 million Microsoft devices taken offline.
The outage caused thousands of commercial flights to be canceled, hospitals to postpone surgeries, temporarily halted 911 emergency services in several states and halted financial transactions.
“Reinsurers routinely review claims after events affecting multiple insureds,” Laraine Carvalho Neff, vice president and senior analyst at Moody’s Ratings, said in an email. “We expect reinsurers to reevaluate their underwriting practices, particularly for system failure coverage, to ensure they have a clear understanding of the pricing of their risks and exposures.”
A study released last week by Parametrics estimated that the outage could result in direct losses of $5.4 billion to Fortune 500 companies, excluding the impact to Microsoft, and that insurance could cover 10% to 20% of those losses.
A separate study by Cybercube predicted that the cyber insurance market could reach up to $1.5 billion in preliminary insured losses.
Analysts say the outage is exactly the type of event the industry has long feared and is an example of aggregation risk.
“The interconnectedness of systems was made fully apparent last week, demonstrating the potential for sudden, widespread business halts,” Sridhar Maniem, senior director of industry research and analysis at AM Best, said in an email.
Delta Air Lines is under investigation by the Department of Transportation for its handling of the blackout, which canceled thousands of flights and stranded passengers for days.