Skip to content

Find resources to help with recovery if you’ve been impacted by Hurricanes Milton and Helene. Learn More

Cyber

CrowdStrike/Microsoft – What Cyber Insureds Need to Know

The Baldwin Group
|
Updated: July 23, 2024
|
5 minute read

The news about the CrowdStrike and Microsoft vulnerabilities didn’t take long to make its way around the world. Most professionals felt the effects immediately when attempting to log in to their systems, with 8.5MM endpoints disabled with the “blue screen of death.” This disruption to businesses came in the form of canceled or delayed flights, disabled ATMs, amusement park riders stuck on rollercoasters, and – gleefully for some – unexpected days off of work.

What caused this outage?

CrowdStrike is a global IT security company providing endpoint detection and response (EDR) services. Their product, Falcon, uses artificial intelligence algorithms to detect suspicious activity and prevent threats in real time. CrowdStrike deployed a routine update with cybersecurity enhancements, which led to the Microsoft Windows crash. The outage impacted Microsoft 365, Azure, and Amazon Web Services – three prominent cloud service providers.

Is CrowdStrike still the right EDR tool?

CrowdStrike has been considered a top provider of EDR services for many years, with some insurers providing incentives for the utilization of CrowdStrike’s tools. The incident that happened on July 19, 2024 was an administrative error and not as a result of a vulnerability within the tool itself. Only you can determine what tool is right for you and your business, but we anticipate the insurance industry’s continued reliance on this tool.

How can the vulnerability be fixed?

CrowdStrike has published information about the remediation on their website. It can be found here.

How does insurance fit in the picture?

Cyber insurance policies contemplate lost revenues in the first-party coverages of the policy. Certain cyber insurance policies may cover lost revenue stemming from system failure as a result administrative updates and other non-incident triggers in the following ways:.

  • System Failure
    Contingent system failure provides additional breadth in coverage by reimbursing lost revenues in the event of those updates, but when those updates are made or initiated by a third-party provider, this may be subject to a waiting period like other business interruption coverages, creating a limited number of hours (typically 4-24 hours) where the insured will retain the lost revenues. Some policies will provide formulations about how lost revenues will be calculated. Depending upon the circumstances of your incident, other coverages may also apply.

  • Extra Expense
    An extension of the System Failure coverage, this provides coverage in the event of the costs that are associated with responding to or remediating an incident. This could include overtime for your employees, the cost to hire additional vendors, or other expenses that are outside of your normal operating costs.

As we learn of additional details, other coverages may be triggered as cyber policies are inherently broad. When you navigate how these types of events impact your insurance portfolio, it’s important to work with your insurance advisory team for more information and guidance about your specific coverage.

When should a claims notification happen?

If you were impacted by the outage, you should contact your insurance advisor to review the terms and conditions of your policy. They will help determine if it is appropriate to notice your policy, and what coverages may be triggered or impacted. Once you’ve made the decision to notify your insurer, it’s important to work with them to provide all pertinent information, including the dates and times of the outages, how it impacted your operations, sales from the prior year, two years, and three years. You may wish to hire a forensic accountant to review your financial information to assist with the claims process since some insurance policies may cover this cost.

Will this incident impact renewals?

It remains to be seen how this will play out in the insurance market as claims impacting lost revenues can often have a long tail. What we do know is that this is the largest scale outage of endpoints we have seen to date. Insurers have seen a major influx in the reporting of claims and this increased claims activity can be a driver of a hardened market. If you have a cyber insurance renewal coming up through the end of the year, work in close collaboration with your insurance advisor to learn about evolving market conditions well before your renewal. Whether or not you were impacted by this incident, an event of this magnitude may create a hardened market across the cyber insurance market.

What can we learn from this event?

Though we have yet to see the full repercussions of the CrowdStrike outage, there are some early lessons we can take away from this event, including:

  • The importance of conducting risk assessmentsEvents such as these prove why it’s important to regularly conduct cybersecurity risk assessments within your organization, in addition to third-party risk assessments for vendors and service providers. And in instances where a cyber event does happen, cyber insurance may prove to be a valuable investment
  • Assess your vendor requirementsAlways be sure to review contractual agreements with your trusted legal experts so that you understand your organization’s rights, obligations, and liabilities. Consult with your legal team about how you might be able to ask vendors to purchase insurance before entering a formal agreement.
  • Invest in prevention and remediation effortsBecause many organizations rely on an intricate web of technology providers, it’s important to create and continually test incident response plans for scenarios where third-party vendors experience events that impact your critical business operations. Since bad actors are opportunistic, be on alert for a potential influx of attacks, being sure to communicate with your employees that they need to be especially vigilant.

Navigating vendor risk and insurance

Because of the complex, overlaid risks all organizations face in a digitally interconnected business environment, it’s important to partner with a team of experts who understand the nuances of both cyber risk and insurance. Our team of cyber insurance experts can help you understand your company’s unique cyber risks and determine strategies that you can implement to respond to cyber events that may impact your critical business operations.

For more information, please contact your Baldwin Group advisor. The Baldwin Group’s Cyber Center of Excellence is here to help you navigate these intricate coverage questions, and assist you in managing the claims process.


Related Insights

Stay in the know

Our experts monitor your industry and global events to provide meaningful insights and help break down what you need to know, potential impacts, and how you should respond.

Real Estate
2024 State of the Market Executive Summary
Real Estate State of the Market Introduction In 2024, the real estate industry and insurance market continue to navigate a...
Real Estate
Real Estate Risk Management: Strategies to Protect Your Investments
Real Estate Risk Mitigation & Market Fluctuations Whether you own, manage, invest, or lend on real estate, in today’s fiercely...
Construction
4 Key Options for Construction Liability Insurance
One of the most frequent questions we receive is “What are my options for construction liability insurance for our development...
Retirement
Passing Your Pension to Heirs
Employees who will be receiving a pension at retirement have a difficult decision to make about how to pass their...
Retirement
Be mindful of IRS and DOL Form 5500 red flags
The Form 5500 is an ERISA requirement for retirement plans to report and disclose operating procedures. Advisors use the filing...
Let's make it possible

Partner with us to build solutions that align with your business, individual, or employee needs and open new possibilities for your future.

Connect with us