After last week’s global IT outage, the insurance industry has been bracing for possible losses of billions of dollars. This is because the vulnerability of an economy that runs on just a few software platforms was exposed.
industries ranging from airlines and retailers were in turmoil after a botched upgrade from security firm CrowdStrike caused one of the largest-ever IT outages. The update affected more than 8mn Windows devices.
Cyber Experts said that it was a painful and humbling reminder of the systemic nature cyber risk. They also showed how a seemingly harmless software update can cause as much disruption to a network as a malicious attack.
Aon, a major insurance broker, stated that the event was likely to be “the most significant” cyber insurance loss since the NotPetya attacks of 2017 and highlighted the “interconnectedness of software ecosystems”.
Some insurers believe it’s too early to estimate global insurance losses, from both cyber policies, which cover business interruptions or system failures that are not malicious, and other areas such as liability claims. One senior insurance executive said, “It seems inevitable that there will be claims.”
Others have estimated the cost to insurers. Derek Kilmer, a professional responsibility broker at Burns & Wilcox said he anticipated an insured loss of upwards to $1bn and that it “could even be higher”. Will Davies, the head of insurance for PA Consulting, said that insurers could expect “hundreds if not thousands” of claims. Estimated claims are in the billions.
Insurance broker Burns & Wilcox estimates $1bn as the lower end of the insured loss due to global IT outage.
Kelly Butler, UK Cyber Leader at Marsh, world’s largest insurance broker, warned that it is too early to quantify a total loss. However, she said that approximately 100 of Marsh’s global clients have notified their insurers about potential claims. She added that the majority of claims were related to business interruptions or system outages.
Butler said that the event showed there are “no boundaries” to a system outage of this magnitude. She said that the outage had a global impact, both immediately and laterally. Marsh worked “proactively” with clients to track costs associated with the incident.
Experts say that there are two factors which can limit the damage. There are usually waiting periods of six to twelve hours before coverage kicks in. A company that was able to get back up and running in that period may not be able to make a claim or their amount of compensation could be much smaller. Certain policies cover cyber attacks more than IT outages.
Timothy Wirth is an executive general adjuster with the claims management company Sedgwick. He highlighted a range of sectors which will suffer business interruption losses as a result of the incident. He added that there was also the possibility of property damage claims, if the hardware had been corrupted or damaged.
Beazley is a leading cyber insurance company. In a trading update published on Tuesday, it said that the global outage would not affect its profit guidance for this year “based on the information available at this time”. The share price of Beazley rose after the trading update, but it was still below the level before the outage.
Analysts at Jefferies said that the event last week could be a catalyst for the company and wider sector by serving as a “proof-of-concept” for cyber insurance.
Cyber insurance rates have dropped in recent quarters after a big increase in the two previous years, when a wave of ransomware attacks rocked the market. Marsh’s Butler stated that the market is “stabilising” as a result of a recent surge in claims activity. He added: “I suspect this incident will [add to it]”.
Post Disclaimer
The following content has been published by Stockmark.IT. All information utilised in the creation of this communication has been gathered from publicly available sources that we consider reliable. Nevertheless, we cannot guarantee the accuracy or completeness of this communication.
This communication is intended solely for informational purposes and should not be construed as an offer, recommendation, solicitation, inducement, or invitation by or on behalf of the Company or any affiliates to engage in any investment activities. The opinions and views expressed by the authors are their own and do not necessarily reflect those of the Company, its affiliates, or any other third party.
The services and products mentioned in this communication may not be suitable for all recipients, by continuing to read this website and its content you agree to the terms of this disclaimer.