Re/insurers reevaluate policies after CrowdStrike system crash

Aon sees an opportunity to improve the granularity of policy information.

Re/insurers are now examining system failure coverage and business interruption policies, emphasising the need for improved risk assessment and management after the recent cyber outage.

CrowdStrike's Falcon sensor update on July 19 caused global system crashes on Microsoft Windows systems, impacting industries such as airlines, finance, and healthcare. 

“Microsoft has estimated 8.5 million Windows devices have been affected.  The broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services,” according to Aon’s Crowdstrike / Windows Event Briefing.

The update triggered a logic error, resulting in a system crash for users who downloaded it. 

The incident highlights the interconnected nature of software ecosystems and poses a significant risk to cyber insurance portfolios. 

This event is reported to be non-malicious, making “system failure” coverage within the cyber re/insurance policies the relevant loss trigger. 

Business interruption (loss of income and extra expenses) due to system failure is expected to be the most affected, subject to applicable waiting periods. 

Dependent business interruption, data restoration, incident response, and voluntary shutdown costs may also contribute to re/insured losses.

At the individual risk level, Aon expects increased focus on system failure coverage and business interruption waiting periods.

At the portfolio level, Aon sees an opportunity for the market to improve the granularity of policy information to better understand portfolio accumulation risks and enhance event loss estimation and scenario analysis. 

This event will test specific re/insurance and bond products from both event definition and loss quantum perspectives