CrowdStrike Outage – Considerations Our Clients Should Take
CyberCube estimates between USD 400m and 1.5bn global insured losses from the CrowdOut event, possibly making it the largest single insured loss event in the history of the cyber insurance industry.
Jul 24
Understanding Policy Coverage
Since the outage on 19 July, there have been many publications on what happened and who may have been impacted, so we will not dwell on these points. However, we would like to guide our existing and prospective clients on some factors to consider following the outage, from a cyber insurance policy perspective.
It is important to understand that terms and conditions vary between policies. Some policies cover business interruption losses due to unplanned and / or unintentional interruptions of computer systems by third party / supply chain vendors of the insured, regardless of whether the interruption was caused by a security breach.
Key Factors to Consider in Your Policy
To determine if a policy covers incidents like the aforementioned or similar, clients should examine the business interruption clause to understand which circumstance type needs to occur to trigger the coverage.
There are generally two parts to this coverage:
Security Breach - Failure to prevent intrusion, unauthorised access or unauthorised use of a company computer system operated by the insured.
System Failure - Intrusion, unauthorised access or unauthorised use of a company computer system operated by the insured.
Furthermore, the business interruption insuring clause should also state whether only the insured needs to incur the incident or if this extends to a third party / supply chain vendor, as mentioned above.
Within policy language, the former is typically referred to as ‘direct’ or ‘business’ network interruption. The latter can be referred to as ‘contingent’ or ‘dependent’ business/network interruption.
Considerations should also be made regarding retentions, exclusions and restrictions in coverage, including the waiting period and period of restoration - often referred to as the indemnity period:
Waiting Period - The time until the cyber insurance business interruption insuring clause activates, usually ranging between eight and 12 hours. The shorter the waiting time, the better.
Period of Restoration / Indemnity Period - The coverage duration starting from the first occurrence of computer systems downtime, typically ranging between 120 and 365 days. Longer indemnity periods offer more comprehensive coverage.
Contractual Obligations with Third Party Vendors - Understanding the extent and limits of liability.
Other Insurance - Other insurance policies, such as Professional Indemnity / Liability insurance for third party vendors, may be impacted due to liability to your clients resulting from the outage.
Staying Vigilant
Following the CrowdStrike incident, hackers have been exploiting the situation by sending phishing emails, SMS and phone calls posing as CrowdStrike, offering fake solutions to fix the damage. We urge you to remain vigilant and cautious of such fraudulent activities.
In light of this significant outage, it is crucial to review your current policy and ensure you are adequately protected against similar incidents in the future. Our team is available to assist with any questions or concerns regarding your cyber insurance coverage.
Speciality Areas
- Cyber, Tech & Fintech
As Associate Partner, Tom Abbotts’ specialist classes include Cyber, Tech and Fintech. With eight years of experience, Tom’s sector experience also lies in Cyber, Tech and Fintech, covering locations worldwide. Interestingly, Tom’s middle name is Tiger, after golfer Tiger Woods.