news

Cailianshe News, July 24 (Editor: Xiaoxiang)Last week, the global computer blue screen crash exposed the fragility of the global economy's reliance on a few software services. Who might be the one to pay for this catastrophic IT outage? Perhaps it's the global insurance industry.

Some industry insiders have predicted that the insurance industry could face billions of dollars in losses from the incident.

Last Friday, a faulty update from cybersecurity firm CrowdStrike triggered the world’s largest-ever IT outage, disrupting more than 8.5 million computers that rely onMicrosoftWindows-based devices were affected, throwing industries from airlines to retailers into unprecedented chaos.

Cyber ​​experts said the incident was a painful reminder of the systemic nature of cyber risks, how a seemingly innocuous software update can cause as much damage as a malicious cyber attack.

The insurance industry seems destined to suffer huge claims in this incident. Aon Corporation, one of the world's largest insurance brokers, said that this incident may become the "most significant" cyber insurance loss since the NotPetya malware attack in 2017, and also highlighted the "interconnected nature of the software ecosystem."

While some insurers believe it is too early to estimate global insurance losses because they include not only typical cyber insurance, which usually covers non-malicious business interruptions or system outages, but also losses in other areas, such as liability claims, a senior insurance executive also said, "We feel that a series of claims are inevitable."

Some industry insiders have already given estimates of possible losses for insurance companies.

Derek Kilmer, a professional liability broker at Burns & Wilcox, expects insured losses from the incident to exceed $1 billion, "and possibly much higher."

Will Davies, head of insurance at PA Consulting, estimated that insurers would face "hundreds, if not thousands, of claims" from the outage, with claims estimated to run into the billions of dollars.

Insurance companies’ big trouble

Kelly Butler, head of UK cyber at Marsh, the world's largest insurance broker, cautioned that it was too early to quantify overall losses, but said about 100 of its clients globally had notified insurers of potential claims. She added that most of those claims were for business interruption or system outages.

Butler noted that the incident highlighted that system outages across IT "know no borders. Its impact is global, immediate and horizontal." She said Marsh is proactively working with clients to help them track costs associated with the incident.

Of course, experts also say there are two key factors that may help insurers limit losses.

First, many policies include a waiting period, usually 6 to 12 hours, so companies that resume operations during this period may not be able to file a claim, or the claim amount may be significantly reduced.

Second, some policies provide more coverage for cyberattacks than IT outages. This outage was not a malicious cyberattack and should be classified as a "system outage." Some insurance companies may have built-in exclusion clauses in their agreements with customers.

Even so, Timothy Wirth, executive general negligence analyst at claims management group Sedgwick, stressed that the incident had resulted in business interruption losses across a range of industries, “and there could be property damage claims if hardware was damaged or destroyed.”

Leading cyber insurer Beazley said in a statement on Tuesday that based on what is known so far, its profit guidance for this year is not expected to be affected by the global network outage. The company's shares rose after the statement, but remain below their pre-outage levels.

However, as the saying goes, "Misfortunes often bring good fortune."JefferiesAnalysts believe that an unexpected benefit of last week's outage is that it may help the "concept" of insurance to gain popularity and stimulate demand for related insurance products, thereby playing a positive catalytic role in the future prospects of the related companies and even the entire industry.

Prices for insurance products that provide protection against cyberattacks surged in the past two years when a spate of ransomware attacks rocked the market, though premiums have fallen in recent quarters. Marsh's Butler said the market had rebounded following a recent surge in claims activity. This incident will only exacerbate that.