Cyber Liability Insurance Claims Post-CrowdStrike Outage
Embedded Files
Cyber Liability Insurance Claims Post-CrowdStrike Outage
Client Outreach | Subros.IN
Client Outreach | Subros.IN
Incident Overview
Incident Overview
Policyholders of cyber liability insurance have begun notifying insurers of potential business interruption and system failure claims as companies work to reboot their systems following a massive CrowdStrike-related outage late last week. The outages were caused by a faulty software update at CrowdStrike Inc., whose cybersecurity software is used by numerous organizations, including airlines, healthcare facilities, and government agencies.
Insurance Response
Insurance Response
In many cases, cyber policies should respond, though payouts will be determined by individual wordings, the size and breadth of deductibles, and proof of financial loss, according to cyber experts.
The same should be covered as a a system outage event, not a cyberattack. A well-crafted cyber insurance policy should include system failure/accidental outage coverage. This incident adds to the need for more thought being put while availing a Cyber Policy and making them more comprehensive.
Expected Losses and Claims
Expected Losses and Claims
Total losses related to the incident are expected to be in the billions but are not expected to reach reinsurance layers. Preliminary market estimates for global insured losses from the incident are in the mid-to-high single-digit billion range, which would not reach most insurers’ reinsurance layers, according to Fitch Ratings Inc.
Specific Coverage Areas
Specific Coverage Areas
Policy provisions likely to respond to CrowdStrike-related claims include:
- Business Interruption Losses
- System Failure Losses
- Contingent System Failure Losses
Larger policyholders will likely have comprehensive coverage, but smaller companies may have more restrictive policy wordings.
Insurer and Policyholder Actions
Insurer and Policyholder Actions
Deductibles and waiting periods vary by policy. A waiting period can range from eight to 24 hours, with 12 hours being most common for middle market-sized companies.
Policyholders who think they will have a claim should:
- Determine when they were affected by the outage.
- Document their losses.
- Tabulate normal and customary income versus what was recorded during the outage.
- Determine which of their vendors were affected.
- Notify their insurers.
Page updated
Google Sites
Report abuse