Guy Carpenter estimates CrowdStrike outage loss ~$1b

A malicious attack on a widely used operating system could birth $2b in losses.

The recent CrowdStrike event has sparked significant discussion within the cybersecurity and insurance sectors, causing operational disruptions on a global scale. 

Key sectors like healthcare, financial services, and critical infrastructure were notably affected, with estimates of insured losses ranging from $300m to $1b, revealed Guy Carpenter.

However, the event has prompted underwriters to reassess their risk appetite, particularly concerning Business Interruption and System Failure coverages.

The event also highlights the difference between accidental outages and malicious attacks.

Whilst the CrowdStrike incident caused significant disruption, a malicious attack on a widely used operating system could have resulted in even greater losses, potentially reaching up to $2b.

This comparison underscores the importance of understanding the nuances of different cyber risks when developing insurance products and coverage terms.

Moreover, the event aligns with a broader trend in the cyber insurance market, where "Kitty Cat" events—mid-sized incidents that, when aggregated, can significantly impact loss ratios—are becoming more common. 

These events, whilst individually manageable, collectively pose a substantial risk to the industry, highlighting the importance of accurate modelling and scenario planning, Guy Carpenter emphasised.