Re/insurers are currently re-evaluating system failure coverage and business interruption policies following a significant cyber incident that occurred recently.
On July 19, an update to CrowdStrike’s Falcon sensor led to widespread system failures across Microsoft Windows platforms, affecting sectors including aviation, finance, and healthcare.
According to Aon’s CrowdStrike/Windows Event Briefing, Microsoft estimates that approximately 8.5 million Windows devices were impacted. The incident underscores the extensive economic and societal ramifications stemming from the reliance on CrowdStrike’s services for critical enterprise operations.
The update introduced a logic error, which caused system crashes for users who installed it. This event highlights the intricate interdependencies within software ecosystems and poses a notable risk to cyber insurance portfolios.
The issue is deemed non-malicious, positioning “system failure” coverage as a key component within cyber re/insurance policies. Business interruption, encompassing loss of income and additional expenses due to system failures, is anticipated to be significantly affected, contingent upon applicable waiting periods.
Additional factors contributing to re/insured losses may include dependent business interruptions, data restoration, incident response, and costs associated with voluntary shutdowns.
At the individual risk level, Aon foresees an increased emphasis on system failure coverage and the duration of business interruption waiting periods. At the portfolio level, Aon identifies an opportunity for the market to refine policy details to better assess portfolio accumulation risks and enhance event loss estimation and scenario analysis.
This incident will serve as a crucial test for specific re/insurance and bond products, evaluating both event definitions and loss quantification.
Related topics: