Guy Carpenter: ‘Kitty Cat’ CrowdStrike Outage to Cause $300M-$1B in Insured Losses
Due to the limited amount of impacted companies with insurance and the deployment of a quick fix to mitigate losses, Guy Carpenter said the insured losses from the CrowdStrike outage is likely between $300 million and $1 billion.
The reinsurance broker’s analysis considered that the global IT outage earlier this month affected a small percentage of devices–though those that were hit caused widespread global operational disruptions. Aviation, healthcare, retail, financial services and hospitality were among the industries impacted but less than 1% of companies with cyber insurance were affected, Guy Carpenter said.
In addition, many organizations were able to fix the problem caused by Crowdstrike’s endpoint-detection-and-response (EDR) product update on Microsoft devices before the clock started on business interruption losses. Many cyber insurance policies have a waiting period built in. Guy Carpenter said these waiting periods typically range from 4 to 12 hours.
The company said its findings “align with the conclusion that this event would not result in a material loss for most insurers, although this could change based on the wordings adopted by carriers, concentration of underwriting within affected industry sectors, and uptake of system failure coverage.”
Guy Carpenter pegs the cyber insurance industry as a $15.8 billion market, based on gross premiums. Its insured-loss estimate is fairly in line with others released since the incident. CyberCube said insured losses could range from $400 million to $1.5 billion. Modeling and insurance services firm Parametrix estimated insurers will pick up between $540 million and $1.08 billion.