About Us
Syndicate Management
Investing at Lloyd's
tax-corporate-services
News
About Us
Syndicate Management
Investing at Lloyd's
tax-corporate-services
News
The recent cybersecurity software incident at CrowdStrike has prompted some questions as to the scale of losses that could be borne by the insurance and reinsurance markets and the lines of business that might be impacted. The emerging consensus is that there will be areas subject to claims and litigations although losses are not expected to have material impact on the results of insurers. Mitigating factors include the low penetration of cyber insurance, high deductibles and time element restrictions on business interruption claims.
Background
CrowdStrike, a leading provider of cybersecurity solutions, experienced a significant outage on the 19th July, impacting numerous clients and raising concerns about the robustness of cybersecurity defences. A single ‘channel’ file update was deployed for users of the CrowdStrike Falcon Sensor product. Those also using Microsoft systems were met with what is commonly referred to as a Blue Screen of Death, signifying a major disruption to their IT infrastructure and an inability to use their key systems. The outage began lasted for several hours, and clients reported difficulties in accessing the platform, delays in threat detection, and disruptions in real-time monitoring capabilities.
Immediate Impact
The disruption had immediate ramifications for businesses relying on CrowdStrike for critical cybersecurity operations. Financial institutions, healthcare providers, and government agencies were among those affected, highlighting the widespread reliance on CrowdStrike’s services. Several organizations reported increased vulnerability to cyber threats during the outage period, though there have been no confirmed reports of successful cyber attacks exploiting the downtime.
Response and Resolution
CrowdStrike’s technical teams worked swiftly to identify the root cause and restore services. After a delay of about 6 hours, the company announced that the platform was back online, and normal operations resumed. In an official statement, CrowdStrike attributed the outage to an unexpected server issue, emphasizing that there was no indication of a cyber attack or data breach.
“We understand the critical nature of our services and deeply regret the inconvenience caused to our clients,” said George Kurtz, CEO of CrowdStrike. “Our team is conducting a thorough investigation to ensure this does not happen again and to reinforce the resilience of our systems.”
Market and Client Reactions
The outage has prompted reactions from various quarters. Industry analysts noted that while such disruptions are rare, they underscore the risks associated with centralized cybersecurity services. “CrowdStrike’s outage is a stark reminder that even top-tier cybersecurity firms are not immune to operational hiccups,” a cybersecurity analyst commented. Clients expressed mixed feelings. “We trust CrowdStrike’s capabilities, but this incident has certainly made us consider additional layers of redundancy in our cybersecurity strategy,” commented a CIO of a major financial institution. Australia has been identified as potentially the worst affected geographic region as a result of the downtime occurring in the middle of their working day. Although a manual restoration was required by some users, a fix was issued by the time the US was online – the largest market for cyber.
Beazley
The largest insurer of cyber exposures in the London market is Beazley, which underwrites through syndicates 623 and 6107. It released a trading statement on the morning of 23 July. At this early stage, Beazley does not expect that the event changes the guidance for the full year’s undiscounted combined operating ratio in the low 80s that it issued in the spring. In other words, any losses that it does sustain will fall within the normal expectation of activity for the year. Beazley will provide more detail on the first half year’s performance in a results statement to be released on 8 August.
Broader Implications for the Insurance Market
The incident has implications for the cyber insurance market. Aviation was one of the most impacted sectors but in actuality, this class of business makes up a small proportion of the market. It would seem that for the most part, insureds could claim under “systems failure” wordings in cyber policies and potentially for business interruption, or contingent business interruption. Insurers are likely to reassess the risks associated with cybersecurity vendors and the potential impacts of such outages on their policyholders. This could lead to adjustments in underwriting practices and possibly higher premiums for cybersecurity coverage. Having said that, our view is that this will not be as catastrophic as some people fear. Many of the products in the cyber market are designed to respond to malicious cyber activity, the circumstance around the CrowdStrike incident are not those of a malicious attack, merely a poorly implemented upgrade to systems.