Today’s outage caused by a defect in CrowdStrike’s Falcon update that ultimately resulted in major IT outages has caused havoc on businesses across the globe. It has also caused the cyber insurance market to scramble as they assess exposures and aggregation of potential loss.  The incident is possibly the largest single network outage ever, even more widespread than NotPetya in 2017.

Between contractual agreements, Tech E&O exposure and Cyber insurance policies, this represents precisely the type of widespread, systemic risk insurers and reinsurers underwriting the risks of technology are most concerned about; one event or failure having a cascading impact on their insureds.  At this point, cyber insurers are assessing the degree of claims and, we expect, are quantifying their exposure, which might trigger a re-evaluation of wording to address widespread events, system failures, single points of failure, business interruption and contingent business interruption. Here are some of the things that have been disclosed at this point:

Below are some critical updates published by CrowdStrike:

What Happened?  Is this a Cyber attack?

This event is not a cyber attack. It is a technology disruption incident related to a software update.

What Caused the Incident?

The outage was caused by a defect found in CrowdStrike’s Falcon content update for Windows hosts.Mac and Linux hosts are not impacted. The magnitude of the outage is due to the widespread usage of the Microsoft Windows Operating System.

Is the Incident Resolved? 

CrowdStrike has a solution, and organizations worldwide are in various stages of recovery. Reports are that organizations have found success in following the remediation guidance published by CrowdStrike. Organizations can refer to Crowdstrike and/or Microsoft for specific remediation guidance or technical support.

Read more updates from CrowdStrike regarding the situation at https://www.crowdstrike.com/blog/our-statement-on-todays-outage/.

Whether this will be covered under your Cyber or Technology E&O policy depends on the breadth of coverage. Some of the questions to be raised include:

• Does this event impact my customers and our ability to provide products or services?
• Is my cyber coverage expanded to include contingent business interruption (CBI), which means revenue loss due to events caused or experienced by a third-party technology dependency?
• Does my cyber coverage include systems failure, and does CBI include coverage for system failure?
• What is the waiting period or time of disruption required to trigger CBI?

CBI coverage only tends to respond to cyberattacks by bad actors, but some policies may include coverage for system failure (e.g. outages due to an error without bad actor involvement). Coverage availability for systems failure varies by a organization’s size, dependency on third parties, the systemic nature of the business and cost.

Please reach out to your cyber broker with questions regarding your specific policy coverage.

Cyber Team