The major disruption caused by the CrowdStrike outage could result in underwriters being more reluctant to offer system failure coverage, WTW says.

As insuranceNEWS.com.au has reported, flights were cancelled and many business systems went down after an update from the US cybersecurity group caused an issue with Microsoft Windows.

WTW cyber and technology risk specialist Benjamin Di Marco says feedback from clients suggests the impact will be “moderate”, and it will not be a catastrophic loss event.

“Thankfully, the duration of the outage caused by the CrowdStrike channel file update was relatively short-term for most organisations,” he said.

“Also, based on the available information, this event does not appear to have involved a malicious cyber intrusion. Because there was no threat actor involved, this limited the amount of incident response costs most organisations will have incurred and contained the extent of overall business interruption loss.”

Because it was not a cyberattack, a client’s policy would need to cover system failure – and not all do. Mr Di Marco says while clients may now attempt to seek this cover, they may struggle to access it.

“Often, the impediment to system failure coverage isn’t the client’s desire to obtain this insurance,” he said. “Instead, the availability of this cover depends on the willingness of insurance carriers to offer it, particularly for organisations that are deemed to have a higher technology risk profile.

“The position many insurers take is that system failure coverage is difficult to underwrite as it places the carrier in the position of acting as a guarantor of the effectiveness of a client’s overall technology environment.

“This event is likely to make the insurance market more selective in determining when to offer system failure coverage. Before now, very few people in the industry would have considered that an [endpoint detection and response] provider such as CrowdStrike could have caused supply chain outage consequences of this magnitude.”

Mr Di Marco says the event will increase focus on how the insurance industry assesses and underwrites systemic cyber and technology outage events. 

“Concerns around system cyber risks have been sidelined over the past two years due to the amount of energy the market has invested in other topics such as cyber warfare and ransomware. From a cybersecurity perspective, discussions are already taking place within the industry on the need to re-examine issues such as supply chain technology risks, effective business continuity, and disaster recovery.  

“The event will also lead to wider policy discussions, because at both the organisation level and at a national level, these events can threaten the overall resilience of the Australian economy.”