CrowdStrike outage to drive greater demand for cyber insurance: Hiscox

The CrowdStrike outage is expected to drive greater demand for cyber insurance as it highlighted the risks businesses and individuals are to face when impacted with an event like this, according to Hiscox Group Chief Underwriting Officer (CUO), Joanne Musselle.

Caused by a flawed software update for certain Windows hosts released by the cyber security firm CrowdStrike, the July 19 IT outage caused insured losses that affected multiple industries, including airlines, healthcare and financial services.

Musselle believes that this event is “a timely reminder that this type of risk shows no sort of geographical or indeed, industry boundaries. And so, a lot of people were affected at the same time.”

The CrowdStrike event highlighted the risks a global IT outage can have, as well as the need for cyber insurance.

According to Musselle, this event will drive the need for cyber cover, and she noted that consumers, customers and businesses will be looking at that, as well as thinking about how reliant they are on technology.

Therefore, the propensity of people to buy cyber insurance will increase, the CUO added. At the same time, this is an event that did not cause significant losses.

Musselle said: “CyberCube, who are one of the main vendors here, are coming out with an industry loss of between $0.4bn and $1.3bn, so not a significant event in terms of some of the RDSs.

“So, that has two schools of thought. It can either drive people to be more cautious because they’ve seen this test, in terms of this aggregation. Or, they may say, well, actually it tested it and actually it’s not going to be a significant market industry loss. And so, therefore that might fuel.

“So, I think it’s difficult to tell, but I think it definitely will drive propensity of people to buy this product, because it really highlighted the risks.”

The CUO also suggested that losses would be limited for the industry as this event was considered non-malicious, and not all cyber policies respond to non-malicious events. For example, Hiscox’s own retail core policies do not respond to non-malicious events, she explained.

The geographical aspect of the event was also a factor that Musselle finds interesting, as the insurers in areas that were more affected will see the biggest impact.

“[The outage] came on a time basis, a time update, so Asia Pacific was most affected, and then into Europe. And then, obviously, it was largely done and dusted by the time the US woke up.

“Again, from our point of view, we have very little in Asia Pacific and the majority of our businesses is written in the US and Europe.”

She added: “I think there were other things about that event which were quite interesting. One was, obviously, it was contained really quickly. Both Microsoft and obviously working with CrowdStrike come up pretty quickly. So, most people who were affected were up and running on Saturday, actually. So maybe it was more like a one day outage. And again, within the market, and obviously our own policies, there’s waiting periods.

“From our own point of view, we might anticipate a bit of activity. But our London market business is written in high excess. So, a significant waiting period before it would be affected.”

This website states: The content on this site is sourced from the internet. If there is any infringement, please contact us and we will handle it promptly.