The recent CrowdStrike software update incident has sent shockwaves through the business world, affecting thousands of companies and highlighting critical gaps in cyber insurance coverage. As an insurance agent or broker, understanding the implications of this event is crucial for advising clients and ensuring they have adequate protection..
CrowdStrike and its Cyber Protection Software
CrowdStrike is a leading cybersecurity company with over 23,000 subscription customers worldwide. Its Falcon platform for advanced cybersecurity protection through a cloud-native, unified solution offers superior threat intelligence, scalable architecture, and cost-effective management across industries. The platform’s proven effectiveness, high ROI, and ability to simplify security operations have made CrowdStrike’s cyber-risk solution attractive for businesses of all sizes seeking comprehensive protection against evolving cyber threats
Understanding the Scope of the Incident
On July 19, 2024, CrowdStrike, released a faulty content update for its Falcon platform. This update caused widespread system crashes and blue screens of death (BSODs) on Windows machines running the Falcon agent. Of the approximately 6,200 companies using the Falcon platform, it’s estimated that thousands were affected, spanning industries from aviation and healthcare to finance and media.
CrowdStrike’s faulty update caused widespread disruptions across various sectors across the economy since CrowdStrike serves more than half of the Fortune 500 companies
- United, American Airlines, and Delta had thousands of canceled flights.
- Bank of America, Chase, Wells Fargo, and TD North experienced service interruptions affecting customer transactions.
- Charles Schwab, TD Ameritrade, and E-trade also reported disruptions, while Visa faced issues with its payment processing systems.
Healthcare institutions were particularly hard hit. Hospitals such as Kaleida Health and Tufts Medicine had to implement emergency procedures, leading to delays in surgeries and critical services. Many facilities struggled with accessing electronic health records, potentially compromising patient care.
In the government sector, the Social Security Administration was forced to close offices and delay services.
Estimates of the business interruption losses caused by CrowdStrike’s faulty update to airlines for canceled flights and other industries for lost business exceed one billion dollars.
Key Considerations for Insurance Agents and Brokers
For an insurance professional, this incident raises several important points to consider when advising their clients about any cyber coverage that may respond to future business interruption losses caused by a vendor’s actions analogous to CrowdStrike’s faulty update:
- Review Existing Cyber Policies: Many standard cyber insurance policies may not adequately cover incidents like the CrowdStrike update. It’s crucial to review client’s existing coverage to identify any gaps.
- Contingent Business Interruption (CBI) Coverage: Ensure a client’s policies include robust CBI coverage that extends to third-party IT service providers and non-malicious events.
- Policy Exclusions: Pay close attention to exclusions related to software updates, third-party service providers, and non-malicious events. These could significantly impact claim eligibility in situations like the CrowdStrike incident.
- Waiting Periods and Deductibles: Advise clients on the implications of waiting periods and deductibles in their policies, which could affect the total recoverable amount in the event of a similar incident.
- Documentation Requirements: Guide clients on the importance of maintaining detailed records of financial losses and additional expenses incurred during such incidents to support potential claims.
Advising Clients Affected by the Outage
For clients who experienced disruptions due to the CrowdStrike update, consider the following advice:
- Immediate Documentation: Encourage thorough documentation of all losses and expenses related to the outage, including lost revenue, additional labor costs, and any contractual penalties incurred.
- Policy Review: Conduct a comprehensive review of their cyber insurance policy to determine potential coverage for this specific incident.
- Claim Preparation: Assist in preparing a detailed claim, ensuring all relevant information is included and properly presented to maximize the chances of a successful claim.
- Risk Management Assessment: Use this incident as an opportunity to reassess the client’s overall IT risk management strategy, including diversification of IT service providers and enhanced incident response planning.
A Wake-Up Call for Mid-Sized to Larger Commercial Insureds
The CrowdStrike incident serves as a reminder of the vulnerabilities inherent in our increasingly digitized business landscape. For an agency or broker’s mid-sized to larger commercial clients, this event should prompt a thorough review of their cyber insurance coverage:
- Comprehensive Coverage Review: Conduct a detailed analysis of existing cyber policies to identify any gaps in coverage, particularly regarding third-party IT service providers and non-malicious events.
- Tailored Policy Adjustments: Work with clients to customize their cyber insurance policies to address specific risks associated with their IT infrastructure and dependencies.
- Increased Limits Consideration: Given the potential for widespread disruption, discuss whether current policy limits are sufficient to cover worst-case scenarios.
- Business Continuity Planning: Encourage clients to develop or update their business continuity plans, incorporating lessons learned from the CrowdStrike incident.
- Regular Policy Reviews: Implement a schedule for regular policy reviews to ensure coverage keeps pace with evolving cyber risks and changing business operations.
Implications for the Insurance Industry
This incident highlights several trends and challenges for the insurance industry:
- Evolving Risk Landscape: The need for insurance products that address the complex and interconnected nature of modern IT systems and services.
- Non-Malicious Events: Growing recognition of the significant impact non-malicious events can have, potentially leading to new policy offerings or adjustments in existing coverage.
- Aggregation Risk: The incident underscores the potential for widespread, simultaneous claims arising from a single point of failure in widely-used IT services.
- Pricing and Underwriting Challenges: Insurers may need to reassess their pricing models and underwriting criteria to account for these types of large-scale, non-malicious incidents.
Conclusion
The CrowdStrike update incident serves as a reminder for both insurance professionals and their clients about the need for more comprehensive, nuanced cyber insurance coverage that addresses the realities of our interconnected digital economy.
Insurance agents and brokers play a vital role in helping their clients navigate this complex landscape. By staying informed about emerging risks, advocating for comprehensive coverage, and providing guidance on risk management strategies, agents and brokers can ensure their clients are well-prepared for the challenges of working in an interconnected digital world.