NEW YORK —July 24, 2024— Parametrix, the leading provider of cloud monitoring, modeling, and insurance services, estimates that the total direct financial loss facing the US Fortune 500 companies (excluding Microsoft) from the CrowdStrike outage on 19 July is $5.4 billion. The portion of the loss covered under cyber insurance policies is likely to be no more than 10% to 20%, due to many companies’ large risk retentions, and to low policy limits relative to the potential outage loss. The weighted average loss is $44 million per Fortune 500 company, but ranges from $6 million (manufacturing companies) to $143 million (airlines).
In-depth analysis by Parametrix estimates that the largest direct financial loss will be suffered by Fortune 500 companies in the healthcare sector ($1.938 billion), followed by banking ($1.149 billion). Companies in these sectors take 57% of the loss, but account for only 20% of Fortune 500 revenues, due to the uneven impact of the event on business sectors. Manufacturing, the largest sector by revenue, suffered a trivial loss of just $36 million in total when compared to its annual revenue of $3.4 trillion across 130 companies, while the event cost the six Fortune 500 airlines approximately $860 million, against revenue of $187.1 billion.
A quarter of the Fortune 500 was impacted (125 corporations), including 100% of airlines in the cohort, and 43% of retailer & wholesaler companies. About three quarters of health and banking sector firms suffered direct costs. Beyond such primary financial losses, CrowdStrike’s impact on critical services resulted in a cascade of operational delays affecting the Fortune 500 companies and their downstream entities. A forthcoming Impact Analysis, CrowdStrike’s Impact on the Fortune 500, to be published imminently by Parametrix Analytics, concludes that:
1. Traditional industries relying on physical computers experienced longer recovery times, which underlines the resilience and rapid recovery of cloud-based systems.
2. Cyber (re)insurers can manage systemic risk through strategic diversification across industry sectors, service providers, and company sizes.
3. The impact of the CrowdStrike outage was distinct due to its deployment both on-premises and via the cloud. Insurers should therefore not rely solely on the CrowdStrike event for modeling future cloud-based failures.
Parametrix unparalleled insight into the financial impact of the CrowdStrike event is based on:
“Our analysis of the CrowdStrike outage shows not only the possible extent of a systemic cyber loss event, but also its boundaries,” said Jonatan Hatzor, co-founder and CEO of Parametrix. “It tells us more about the ways that insurers and reinsurers can diversify their cyber risk portfolios to minimize the potential impacts of systemic cyber risk. However, our analysis does not show the whole diversification picture. A cyber insurer focused on very large companies will certainly suffer a much greater CrowdStrike loss relative to premium than one with a large SME book.”
He continued: “Prevention is important, but risk carriers have limited control over event occurrences and service-provider practices. The industry should focus on controllable areas, like mapping and managing aggregation risk. By understanding these points, we can evaluate key exposures, and mitigate both malicious and non-malicious threats. This proactive approach enables better underwriting decisions, and effective risk-transfer solutions to manage systemic risk.”
Parametrix, the leading provider of cloud monitoring, modeling, and insurance services, is a Managing General Agent and Lloyd’s Coverholder based out of New York that underwrites parametric insurance against digital supply chain interruption. Parametrix uses proprietary technology to continuously monitor the performance of a variety of third-party IT services across the globe, and to collect granular data on service interruptions. It uses that data to assess risk, provide instant insurance quotations, and to streamline claims payments, which are delivered within days. Parametrix policies are backed by major A-rated global insurers. Parametrixinsurance.com