The CrowdStrike outage on July 19, spread like wildfire across the globe, impacting around 8.5 million devices and disrupting critical sectors such as airlines, health, and financial services. Parametrix estimates the catastrophic event resulted in a financial loss of $5.4 billion for Fortune 500 companies (excluding Microsoft), of which only 10%-20% will be insured.
Understanding the scope and impact of this event is essential for preparing and protecting against future catastrophic cyber events. By analyzing the financial and operational fallout, you can develop and implement effective mitigation strategies, adjust policies as needed, and take proactive measures to minimize the impact of such catastrophic events.
Risk manager considerations
As a risk manager, swift and effective action is crucial to minimizing the impact and losses from a downtime event. Here are five essential steps you can take to ensure your organization is prepared for a major outage
Step 1: Understand the incident and its impact
It starts with understanding the context of the outage event. Assess the cause, scope, and duration of the outage, and evaluate its direct impact on your company. This is crucial for determining whether your current coverage is adequate. Most large enterprises are typically under-insured for cyber and business interruption (BI) risks, so it's essential to identify any coverage gaps and collaborate with your broker to enhance your protection against future incidents.
Step 2: Keep detailed logs
To prove an insurable loss for future similar events, it is important to retain all relevant data and logs. While many companies may only keep data for a few weeks or months, forensic investigations can take up to six months to commence. Ensure that you keep all logs and disable any auto-delete functions to prevent data loss, providing you with the necessary information to support any future claims.
Step 3: Track all of your expenses
This could include recovery costs, such as IT repairs or system restorations, as well as any operational costs incurred to address the outage. Fees paid to public relations firms or consultants hired to manage brand damage and communication during the crisis. Any form of compensation to customers to mitigate the impact on their experience. Accurate tracking of these expenses will support your claims and help you evaluate the full financial impact of the event.
Step 4: Speak with your broker
An outage like CrowdStrike can affect your cyber insurance policy in various ways, potentially triggering System Failure coverage or Contingent Business Interruption coverage. Given that many policies have exclusions or limitations, it’s important to understand the specific terms and conditions that may impact your coverage. Together, you and your broker can formulate a plan for managing losses and mitigating the impact on your business.
Step 5: Prepare for the future
With your current situation assessed and a claims process underway, your next focus is how you can enhance your coverage for future events. Will your existing insurance terms and conditions suffice moving forward? Work with your broker to assess coverage limits, retention levels, waiting periods, policy exclusions or limitations. There are many options to consider such as adjusting your current policy, exploring new types of insurance, or self insuring through a captive.
The CrowdStrike outage highlights how traditional cyber insurance policies fail to adequately cover the complex risks of the digital world, leaving companies exposed and vulnerable. As businesses increasingly depend on interconnected systems and third-party services, the potential for widespread impact from a single failure grows. Understanding what you’re covered for and identifying any gaps in your coverage is critical for making sure your company is protected from these unforeseen events. This guide should help you to leverage your broker and insurance coverage to better protect your business in an ever-evolving digital landscape.