, APAC
/Clint Patterson from Unsplash

Cyber insurers examine common tech dependencies after crash

Guy Carpenter will assess the impact on tail risk and the $15.5b industry.

Cyber insurers are urged to take advantage of the recent cyber outage to evaluate their policyholder dependencies, assess potential aggregations across commonly used technologies, and adjust risk tolerances accordingly, warned Guy Carpenter.

On 18 July, cybersecurity firm CrowdStrike released an update for its Falcon Sensor product, designed to detect threats at computer system endpoints. 

The update caused widespread crashes on computers running Microsoft Windows, affecting various industries including airlines, banks, retailers, and hospitality. The issue has so far only impacted Microsoft systems with no reported effects on other operating systems.

Cyber insurance typically covers business interruption due to network outages, including those caused by system failures resulting from non-malicious acts like human error. 

This coverage also extends to Contingent Business Interruption (CBI) if a vendor's outage impacts the insured's network operations. 

Key to assessing network interruption claims will be the policy's waiting period, which varies between 4 to 12 hours depending on the industry and organisation size.

Though specific scenarios for widespread outages from software updates aren't typically modelled, analogous scenarios involving IT service disruptions can help estimate losses. 

These models consider impacts on IT services, customer and sales effects, and recovery challenges. Guy Carpenter is working with cyber catastrophe vendors and conducting its own analysis to provide insights to clients.

Impacts on cyber reinsurance

System failure losses will be covered under traditional proportional and aggregate reinsurance structures. Recent trends show a shift towards targeted catastrophe covers that address specific scenarios. 

Recoveries from these event-based products will depend on how coverage is defined between malicious and non-malicious incidents. Guy Carpenter will assess how this event affects tail risk assumptions and the broader $15.5b global cyber industry.

Companies involved or affected may face increased D&O claims, particularly if stock prices drop significantly, potentially leading to class action lawsuits or shareholder derivative suits alleging board breaches of fiduciary duty.

As technology integration continues, insurers need to consider the physical consequences of tech failures. 

Exposure for P&C policies will depend on how cyber risks are addressed and whether policies include “silent cyber” exclusions. 

Policies silent on cyber risks may face claims for bodily injury or property damage resulting from system failures.

Follow the link for more news on

Join Insurance Asia community
Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!