Insurance industry analysts are tallying up the cost of company losses from last week's CrowdStrike outage, with a price tag ranging from less than half a million to over 1 billion dollars. This is as CrowdStrike CEO George Kurtz said on Thursday that more than 97% of Microsoft Windows Falcon sensors are back online.
World-leading cyber risk analytics firm CyberCube came out with its preliminary figures Thursday, estimating that the standalone cyber insurance market could lose anywhere from between $400mn and $1.5 billion.
CyberCube analysts said the “scale of loss could make the ‘CrowdOut’ event the largest single insured loss event in the history of the affirmative cyber insurance industry over the past 20 years.”
Still, the blog post by the CyberCube Cyber Aggregation Event Response Service (CAERS) team said those numbers would be much worse had the incident been the result of an actual cyber or ransomware attack.
The July 19th outage was the result of a botched software update for its Falcon Sensor endpoint protection system, used by thousands of its customers to thwart malware and other cybersecurity threats.
The glitch forced nearly 8.5 million computers running Microsoft's Windows operating system to crash and show the "Blue Screen of Death (BSOD)," Microsoft said on Saturday, causing outages in the banking, healthcare, media, and airline industries worldwide.
The misconfigured patch was pushed through despite errors in the cybersecurity vendor’s content validation software, according to CEO George Kurtz, who has been summoned by the US Congress to testify about the outage in Washington.
Earlier this week global business Insurer Parametrix approximated insured losses for Fortune 500 companies anywhere from $540 million to $1.08 billion.
Those numbers exclude any loses from Microsoft, whose Windows systems were directly impacted by the software update, Parametrix noted.
Furthermore, Chief Financial Officer at Air France KLM also said on Thursday that the worldwide cyber outage would cost the airlines close to $11 million, while analysts say for Delta Air Lines, which is still struggling to recover, losses could reach upwards of hundreds of millions of dollars.
Estimates are still preliminary
CyberCube said its estimates only included losses from insured companies directly reliant on the CrowdStrike Falcon program and Microsoft Operating Systems, as well as a much larger number of secondary impacts, such as companies relying on single points of failure, or SPoFs, that run CrowdStrike.
Those covered would include the airlines, financial, and healthcare industries, as well as SPoFs such as payment systems and Software-as-a-Service (SaaS) providers, CyberCube said.
It was "a major event for the cyber insurance market but does not come close to the destructive potential that leading insurers are holding capital against," the blog stated.
Beazley, another global cyber insurer, also said it had no plans to change its guidance on its combined ratio in the wake of the outage, a key measure of underwriting profitability, Reuters reported.
Rating agency Fitch explained that even with the large projected losses, the global insurance and reinsurance industry is likely to avoid any major financial impact from the outage.
Meanwhile, sources on Thursday revealed that Microsoft has no plans to ditch CrowdStrike as its cybersecurity vendor nor limit CrowdStrike’s access to the Windows operating system.
CyberCube pointed out that Thursday’s estimates were still “provisional and based on the best information we have available,” adding that the event is still unfolding," although CrowdStrike reported that most systems by Thursday had been restored.
“The time required to recover systems varies greatly between large and small companies due to both their IT remediation capacity and also the complexity of their respective IT infrastructure,” CyberCube said.
Your email address will not be published. Required fields are markedmarked