In response to the global IT outage on July 19, the Australian and New Zealand Institute of Insurance and Finance (ANZIIF) has launched a video titled “IT Outage: Are You Ready?”
The outage, stemming from a defective CrowdStrike software update, impacted millions of individuals and businesses, leading to numerous insurance claims.
The video offers insights into what insurers can expect following such outages and encourages them to explore ways to support clients in reducing business and cyber risks.
See LinkedIn post here.
ANZIIF CEO Katrina Shanks emphasised the importance of having a knowledgeable insurance professional in events like the global IT outage.
“In instances like these, the value of having a trusted insurance professional who is able to understand your business and place you with the correct protections is vital,” she said. “In these changing times, it has never been more important to understand the needs of your clients and the insurance products which provide your clients with the right protections and peace of mind.”
Credit rating agency Fitch Ratings has claimed that the recent issue involving CrowdStrike is unlikely to significantly impact the financial results of global insurers.
Preliminary estimates suggest global insured losses may reach mid- to high single-digit billions of dollars. Despite ongoing claims and potential litigation, these losses are not expected to substantially affect insurers’ financial health.
According to Fitch, the insurance lines most affected include business interruption, contingent business interruption, and cyber insurance. Other lines such as travel insurance, event cancellation, and technology errors and omissions will also see some impact.
Policy terms and conditions vary greatly across different regions, sectors, and lines of business. The credit rating agency plans to update its analysis for the sector and rated insurers as new information becomes available.
Mechanisms such as limited insurance coverage, high deductibles, sublimits, and time element periods for business interruption claims will help contain insured losses. Most business interruption claims from cyber events have time element periods ranging from eight to 12 hours, keeping many claims within the retentions of primary insurers.
Industries with high availability demands, like hospitals and airlines, will be more affected, especially in regions like APAC and EMEA, where the outage occurred during work hours. In the Americas, resolving the issue often required physical access to machines or a recovery key.
Microsoft estimated that the update affected 8.5 million devices, or less than 1% of all Windows machines.
“While software updates may occasionally cause disturbances, significant incidents like the CrowdStrike event are infrequent. We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than 1% of all Windows machines. While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services,” it said.
