Client Advisory: How the CrowdStrike Outage Illustrates the Value of Cyber Insurance

What happened?

An issue with CrowdStrike cybersecurity software caused an online disarray, including system crashes around the world as computer after computer showed the "blue screen of death" error message. The cause of the massive disruption originated from a faulty update from CrowdStrike deployed to computers running Microsoft Windows. The issue was specifically linked to "Falcon," a CrowdStrike tool.

The outage disrupted operations at airports, banks, businesses, and media companies. CrowdStrike says it has already identified and issued a fix for the error. However, some businesses continued experiencing operational challenges due to this incident. For more information, visit https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/.

Was this a cyberattack?

No. CrowdStrike defines a cyberattack as an attempt by cybercriminals, hackers, or other digital adversaries to access a computer network or system, usually to alter, steal, destroy, or expose information. While a cyberattack did not cause the widespread outage, its effects show how devastating the damage can be when a main artery of the global technology system is disrupted.

What is a system outage?

Many Cyber and Technology Errors and Omissions (Tech E&O) insurance policies include coverage for either Business Income Loss and/or Dependent Business Interruption. These cover losses caused by either:

a System Failure defined, in general terms, as an unintentional and unplanned interruption of computer systems, or

a Dependent System Failure defined, in general terms, as a failure of computer security to prevent a breach of computer systems operated by a dependent business.

How can Cyber insurance help?

If your company has been impacted by a system outage, a Cyber Insurance Policy could extend coverage for Business Income Losses and Extra Expenses following an interruption or suspension of computer systems. There are a number of potential coverage implications for affected entities resulting from a network disruption. Cyber Insurance Policies provide different types of coverage arising out of network disruptions, including system failures similar to the recent CrowdStrike outage. It is important to note that cyber policies vary greatly, make sure to discuss your policy’s terms and conditions with your McGriff insurance broker.

For impacted businesses, losses arise due to system downtime. Inability to access the network or systems not operating at normal capacity due to a cyber incident are typically covered under the System Failure or Business Interruption Insuring Agreements of the policy.

To determine if your Cyber Insurance Policy could be triggered due to a System Outage, consider the following:

• Waiting Period: When did the organization first learn about the System Outage incident? Include both date and time. The Waiting Period is the period of time that begins upon the actual interruption of the business operations caused by the system failure and ends after the elapse of the number of hours listed in your policy. Review the Policy’s Waiting Period in your Policy’s Declaration Page.
• Potential Business Interruption Losses: How did the system outage impact (or is impacting) your organizations operations? This determines potential Income Loss, Extra Expenses and possible Retention erosion.
• Claims Reporting: What are your notification obligations in the Policy? Many cyber policies require you to report an incident upon discovery.

For public companies, there are a few U.S. Securities and Exchange Commission (SEC) reporting implications arising from the system outages particularly in light of the SEC’s new cybersecurity disclosure rules. Public companies impacted by a system outage should consider performing assessments to determine whether any impact is “material,” and whether any reporting is necessary. https://www.sec.gov/newsroom/speeches-statements/gerding-cybersecurity-incidents-05212024

Cyber insurance policies may also provide coverage for fines and penalties in investigations and adversarial proceedings and state regulatory agencies. Make sure to discuss coverage with your McGriff Cyber Team for those specific coverages. Keep in mind that regulated companies should also review Directors & Officers (D&O) policies during placement and/or renewal.

If your company does not have a Cyber insurance program, a McGriff Cyber insurance specialist can help.