Global tech outage: First real test for cyber insurance market
The world suffered from a tech crash on Friday which left airlines grounded, the London Stock Exchange without its RNS Service, and affected GP appointments, but who will cough up for it?
All eyes are on the insurance industry.
According to Microsoft, the global tech outage affected an estimated 8.5m Windows devices worldwide on Friday.
All eyes are now on the cyber insurance industry as it faces its first real test on what policies actually cover.
Kelly Butler, UK cyber leader for Marsh, told City A.M. that the cyber insurance industry is “not shocked” at this event.
“Global cyber market has been thinking about and contemplating for some time,” she explained, leading to “a lot of work” by the insurance market “to understand that systemic nature and what that may look like from a portfolio perspective if a matter like this were to happen, and now it has happened.”
Butler noted it’s “really early stages” to see the “implications from a financial point of view and claims point of view”.
However, Butler added that “this is obviously not a malicious act or attack. This purely falls within a system outage.”
The route of cause was the US cybersecurity company Crowdstrike, which experienced major technical issues that affected online servers worldwide.
Matt Wood, the Lloyd’s Market Association’s head of technology, stated, “We are still working hard to understand the impact of this outage.”
But he noted that “we believe that from an operational resilience viewpoint a one-day outage will be comfortably within impact tolerances for most important business services.”
“More broadly the speed and scale of this outage reminds everyone that a technology failure on this scale can have major ramifications for global supply chains and highlights again the risk of interdependence of third party systems,” Wood added.
On Tuesday, Beazley, a leading cyber insurer, provided an update to its shareholders on the London Stock Exchange on the global IT outage. It noted that “based on what is known at this point, the event will not change the current undiscounted combined ratio guidance of low-80s for the full year.”
The insurer stated that it will update the market on its first-half performance on 8 August and provide any further relevant updates regarding this event at that time.
Derek Kilmer, a professional liability broker at Burns & Wilcox told the Financial Times that he expected an insured loss upwards of $1bn.
Meanwhile, Will Davies, head of insurance at PA Consulting, predicted to the FT that insurers would see “hundreds, if not thousands of claims due to the outage”.
Matt Carter, practice director insurance at Altus Consulting pointed out: “Who is going to be liable for this remains to be seen but the need for ever sophisticated operational resilience procedures and steps, to respond in the hour of need, is evidently critical.”
“The bigger the company, the more customers you have, the higher up the board agenda it should be. Operating models need to be adaptable to allow for significant breaks in the value chain or failure of critical systems,” he added.
Butler added that “the coverage itself is the devil in the details.” However, if a company has “a fully comprehensive cyber insurance in place, this [event] is exactly what it’s for.”
She noted this event “demonstrates cyber resilience and why it is such an important risk element for each and every client out there.”
Alistair Clarke, London cyber broking leader at Aon agreed, adding this: “Event serves as a sharp reminder of why cyber insurance provides such an important part of overall cyber risk management strategy.”
He continued noting that “systemic cyber risk is here to stay and it is incumbent upon both the direct and reinsurance markets to continue innovating to provide robust and sustainable risk transfer solutions to our insureds.”
“Of particular importance is the emergence of innovative event-based reinsurance solutions,” Clarke added.
Butler did warn that even though this event was not as a result of malicious intent, the team sees threat actors capitalising on the moment via phishing campaigns purporting to be technical support.
“We’re seeing a little bit of that online at the moment so it is really important that clients remain vigilant,” she added.