Insurance Day is part of Maritime Intelligence

This site is operated by a business or businesses owned by Maritime Insights & Intelligence Limited, registered in England and Wales with company number 13831625 and address c/o Hackwood Secretaries Limited, One Silk Street, London EC2Y 8HQ, United Kingdom. Lloyd’s List Intelligence is a trading name of Maritime Insights & Intelligence Limited. Lloyd’s is the registered trademark of the Society Incorporated by the Lloyd’s Act 1871 by the name of Lloyd’s.

This copy is for your personal, non-commercial use. For high-quality copies or electronic reprints for distribution to colleagues or customers, please call UK support +44 (0)20 3377 3996 / APAC support at +65 6508 2430

Printed By

UsernamePublicRestriction

CrowdStrike is the cyber insurance market's first stress test

The event has made underwriters and insureds more aware of the co-ordinated nature of computing systems and could see underwriters pushing for greater clarity and consistency in their approach to business interruption and system failure wordings

The global IT outage will spark a revaluation of cyber insurance wordings, particularly in relation to business interruption

The recent CrowdStrike IT outage is forcing cyber insurers to look again at how they handle systemic cyber threats.

Caused by a faulty software update, the incident – now commonly known as CrowdOut – caused global disruption across businesses, hospitals and airports. It is still not known exactly what the industry impact will be, but preliminary estimates for insured losses range from $400m to upwards of $1bn.

Data from wholesale broker Amwins suggests of the sectors heavily affected by the incident – including banks, airlines, healthcare providers and telecom businesses – median rates per million in coverage now range from $3,200 to $7,300. More than half of insureds have purchased cyber limits of $1m, it adds, meaning if even a portion of CrowdOut losses are caught by cyber plans it could have a material impact on insurers’ loss ratios.

Modelling firm CyberCube has published an initial industry loss estimate of between $400m and $1.5bn, which would represent a loss ratio impact of 3% to 10% on the current global cyber premiums. If true, it has yet to feed through to insurers. Lloyd’s re/insurer Beazley, which underwrites a substantial cyber insurance book, recently confirmed it will maintain its undiscounted combined ratio guidance of “low 80s” for the 2024 fiscal year.

What CrowdOut has already done is highlight the unified nature of today’s digital economy. The incident revealed “the broad risks posed by a single source of failure” and the degree to which many segments of the economy are now interdependent, modelling firm Moody’s RMS said. When a key player such as CrowdStrike causes an outage, the ripple effects are felt across multiple industries, highlighting the systemic risks inherent in today’s interconnected world.

The insurance industry’s response has been telling. Some carriers have already introduced exclusions for CrowdStrike incident losses, reflecting a growing concern about the integrity and sustainability of the cyber and technology errors and omissions (E&O) marketplace, according to Amwins. The broker expects these developments to drive the market towards building in additional exclusions for systemic events and related losses.

Cyber managing general agent Coalition says some underwriters are also adding dependent business interruption (DBI) or contingent business interruption (CBI) sub-limits, exclusionary language for organisations that were not direct targets, or temporarily removing coverage altogether. CrowdOut is the third material cyber supply chain outage so far in 2024, it adds, albeit affecting less than 1% of Windows computers.

Determining the final losses from the CrowdStrike outage is likely to be a lengthy process, driven in part by the non-standardised language of cyber insurance policies, Moody’s RMS says.

Many of the claims are expected to be made under systems failure coverage, which has become a standard inclusion in cyber insurance policies because of the significant contribution business interruption makes to losses from cyber incidents.

The event has undoubtedly made underwriters and their insureds more aware of the co-ordinated nature of today’s computing systems. The insurance industry may witness underwriters collectively pushing for greater clarity and consistency in their approach to business interruption and system failure wordings within their policies – something that has so far eluded the industry.

There is also likely to be a concerted effort to pursue shared losses across other lines of coverage as the market seeks to determine the extent of liability, Amwins suggests.

Analysts at Jefferies suggest the event could become a positive catalyst for the wider cyber insurance market, arguing the high-profile nature of the CrowdStrike outage might support increased demand for cyber insurance and lead to positive rate changes.

After a period of rate pressure in the cyber market, such developments might be well received. The relative immaturity of cyber insurance products compared with other lines of business could mean CrowdStrike serves as a proof of concept for future policy adjustments.

Whatever the final insured losses from the incident end up being, it is clear from the early reaction of underwriters the insurance industry is treating this as a stress test for cyber policies.

How these policies will ultimately end up changing – and how resilient they end up being to a truly global scale cyber event – is yet to be determined.

Related Content

Topics

UsernamePublicRestriction

Register

ID1149535

Ask The Analyst

Ask The Analyst - Ask Your Question Send your question to our team of expert analysts. You can: • Ask for background information on/explanation of articles in Insurance Day * • Find out more about our views on industry developments • Ask for an interpretation of market trends • Source supplementary data relating to articles • Request explanations to further your understanding of current issues (* This relates to any Insurance Day that is included as part of your subscription) We will do the research and get back to you personally with the information you need.

Your question has been successfully sent to the email address below and we will get back as soon as possible. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts

Cancel