The recent CrowdStrike Falcon Sensor update outage, which caused widespread system failures, could result in insured losses between $400 million and $1.5 billion, according to CyberCube. This incident represents a significant financial burden for the cyber insurance market, marking one of the largest single insured loss events in the industry’s history.
Policy Coverage and Exclusions
Many cyber insurance policies may not cover such non-malicious system failures, leading to potential gaps in coverage for affected businesses. Contingent business interruption from “system failure” will likely be the primary coverage trigger, but this is often sub-limited or excluded in many policies.
Industry Response
The insurance industry is closely monitoring the situation, with insurers likely to reassess their coverage options and policy wordings to address such risks better. CyberCube’s Cyber Aggregation Event Response Service (CAERS) has been activated to provide up-to-date intelligence on the incident.
Broader Implications
The CrowdStrike outage underscores the need for insurers to adapt to evolving cyber risks and highlights the importance of comprehensive coverage. This event may prompt insurers to review their risk management strategies and consider the implications of widespread cyber incidents.