Last month’s dramatic CrowdStrike outage continues to be a source of learning for the industry. The claims count isn’t over yet and cyber analysts, IT experts, brokerage firms and insurers are still publishing briefing reports, posting blogs, or commenting in the media.
Some stakeholders have praised CrowdStrike for transparency around the technical details of the glitch, enabling firms to recover relatively quickly.
However, CrowdStrike is facing legal action from both its own shareholders and Delta Airlines. US lawmakers have also called on its CEO George Kurtz to testify in Congress.
Other experts say critical questions remain, including, what led to the glitch happening and how did CrowdStrike’s quality control efforts fail?
This suggests this global incident will keep on giving – with important lessons for insurance brokers and their clients.
Melbourne-based Jacobi has more than 20 years of industry experience in Australia and the United States, most of it as a senior broker specialising in financial lines coverages including cyber.
After the benefit of several more weeks of reflection, Insurance Business asked Jacobi what else he thinks brokers should take away from this incident?
The insurance educator said some positive news for local brokers is the fact that the incident took place late on a Friday so much of the possible impact in Australia was mitigated.
“This gives brokers the opportunity to learn from a serious outage that has likely not affected many of their insureds,” said Jabobi. “My recommendation would be for brokers to familiarise or re-familiarise themselves with the terms and conditions of the various cyber insurance policies in the market.”
He said he strongly recommends reading these policies and taking notes.
“I do appreciate the difficulty in finding the time to do all this though, believe me!” said Jacobi. “For this type of outage specifically, brokers should pay particular attention to areas I discussed in my article.”
His article included looking at several different cyber insurance policies. Jacobi considered whether they would likely cover the outage through possible triggers like business interruption cover (BI) or contingent or dependent business interruption cover (CBI).
He said it was “critical for brokers to review these covers and their limits or sub-limits with their clients.”
Jacobi said this outage has underlined the importance of keeping up to date with cyber risks through sources including reading material, webinars - and their underwriters.
“This is advice I would give to brokers regardless of the insurance product and incident in question, however given the very dynamic nature of cyber risks, and therefore the insurance policies that cover these risks, this advice becomes even more important,” he said.
Like Jacobi, other industry stakeholders also see the incident as a wake-up call.
London-based Rory Egan, head of cyber analytics for Aon’s Reinsurance Solutions, described the disruption as “the most important widespread event for the cyber insurance market, since NotPetya in 2017.”
In Australia, Matthew Koce, CEO of Members Health Fund Alliance, suggested that one reason local insurers avoided significant losses, was government regulations.
“Being an APRA [Australian Prudential Regulation Authority] regulated industry, all health insurance funds have detailed risk strategies in place and there is a lot of scrutiny around IT that even extends to independent audits and assessments,” said Koce.
In a blog, Joshua Motta, CEO of Coalition Insurance Solutions (Coalition), a global cyber insurance provider, suggested the incident will raise awareness around the current limitations on many cyber policies.
For example, BI policies linked to cyber coverages that only kick in after 12 hours.
Insurers around the world are still assessing many thousands of claims on cyber policies, business interruption (BI), travel and event cancellation coverages.
Some reports estimate insured losses at between US$300 million and US$1 billion. Global reinsurance broker Guy Carpenter has reported that less than 1% of companies with cyber insurance globally were affected.
For claims insights relevant to brokers, Jacobi recommended reaching out to insurers. IB is reaching out and will report any findings in the days ahead.
What have you learnt from the CrowdStrike outage? Please tell us below
