CrowdStrike event reveals opportunity for non-malicious cyber coverage: Broadstone

Broadstone’s latest Insurance Risk Monitor suggests that the CrowdStrike event challenges the cyber insurance market’s conventional focus on malicious actors, highlighting an opportunity to offer more comprehensive coverage for non-malicious losses.

Broadstone notes that until recently, the market primarily addressed malicious events, which has kept claims from the CrowdStrike incident—caused by an unintended software update error—relatively contained.

However, policyholders faced financial losses and are likely questioning the fairness of excluding accidental losses from their coverage.

Broadstone believes this situation might present an opportunity for the market to provide more comprehensive cover for losses stemming from non-malicious causes.

The event also raises questions about how well cyber insurance models reflect the real technological landscape. For the affected machines, CrowdStrike was just one of many background services, and other software could similarly impact the Windows operating system.

Broadstone emphasises the need for a more detailed catalogue of the IT landscape to better track and quantify risks and enhance models. Given technology’s rapid evolution, this catalogue must be dynamic and regularly updated.

While cyber modelling has improved in assessing risks from data breaches, ransomware, and business interruptions, analysing widespread outages remains challenging. This highlights the need for vigilant underwriting and up-to-date modelling practices.

Bharat Raj, Head of London Markets at Broadstone, commented, “The CrowdStrike event and other recent cyber events including MoveIT, Change Healthcare, CDK Global and Snowflake, reinforce the systemic risks in the digital supply chain. There is a high level of interconnectedness within these systems that can be brought to a standstill abruptly and on a large scale.”

Raj added, “This latest outage is likely to prompt greater demand for cyber cover especially for losses stemming from non-malicious causes, which are under serviced in the current market. As insurers look to meet this growing demand, the key to ensuring strong underwriting performance will be in enhancing data collection and improving the ability to monitor and manage risk aggregations in real time.”

This website states: The content on this site is sourced from the internet. If there is any infringement, please contact us and we will handle it promptly.