Insurance analysts predict that a recent global tech outage, linked to a flawed CrowdStrike software update, may lead to increased cyber insurance premiums. This event, which affected various industries, including airlines and banks, is expected to prompt insurers to reassess their policies and risk management strategies.
In July, a worldwide digital meltdown triggered by an unsuccessful CrowdStrike update resulted in billions of dollars in corporate losses. Analysts suggest this incident may push insurers to revise their policies not only to cover hacking incidents but also nonmalicious technical failures.
Lee Yen Teik, a senior lecturer at the National University of Singapore Business School, explained that the incident could exacerbate existing constraints in insurance capacity, making it more difficult for high-risk industries to obtain comprehensive coverage. “A tiered pricing structure may emerge, aligning premiums with an organization’s cybersecurity maturity, rewarding strong defenses while penalizing weaknesses,” he noted.
The CrowdStrike incident is one of the largest cyber events in recent memory, with direct losses for Fortune 500 companies projected to exceed $5 billion, according to Carmel Green, a partner at Reynolds Porter Chamberlain (RPC). This has prompted underwriters to reevaluate their risk appetites, particularly concerning business interruption and system failure coverages.
“The incident has resulted in service disruptions and reputational damage, especially within the airline and transportation sectors,” Green stated. Financial institutions, reliant on continuous IT operations, have also felt significant impacts.
The global outage, caused by a problematic CrowdStrike update intended to secure Microsoft Windows systems, led to widespread flight cancellations, stranded passengers, delivery delays, and closures of retail and entertainment venues. Retailers and e-commerce companies faced operational challenges that may have led to revenue losses and damaged reputations.
In the Asia-Pacific region, the share of gross premiums written for cyber insurance is notably lower than in North America and Europe, at 6% compared to 56% and 37%, respectively. However, this market is one of the fastest-growing, with a compound annual growth rate of 51.2% for primary cyber insurance and 43.4% for reinsurance from 2018 to 2022, according to S&P Global.
Cyber insurance offerings vary across the Asia-Pacific markets, influenced by economic conditions, regulatory environments, and market demand. In more developed markets like Singapore, insurers provide comprehensive coverage mandated by strict regulations such as the Personal Data Protection Act. This includes not only standard provisions for property damage and income loss but also cyber-specific extensions like cyber extortion and data restoration.
As emerging markets advance technologically and face growing cybersecurity threats, there is likely to be a shift toward more robust regulatory frameworks and enhanced insurance coverage.
Green emphasized that the CrowdStrike outage highlights the increasing vulnerability of businesses to such disruptions. “As companies strive for profitability and efficiency, their reliance on technology grows, leading to heightened risks of significant failures, especially from single points of failure,” she stated.
The interconnected nature of today’s digital ecosystems complicates liability assessments and introduces multi-party involvement during tech outages. Lee noted that the cascading effects of such incidents could not only impact individual businesses but also disrupt entire supply chains, resulting in substantial financial losses and reputational harm.
While the frequency of tech outages related to cyber incidents has decreased, the financial ramifications have become more severe, according to the Uptime Institute. Green revealed that over two-thirds of tech outages between 2022 and 2023 resulted in losses exceeding $100,000, a trend likely to continue as businesses increasingly depend on digital infrastructure.
Looking to the future, insurers are anticipated to broaden their coverage to address emerging risks, including cyber warfare and attacks on critical infrastructure. Lee added that these anticipated changes are essential for helping businesses withstand and recover from a diverse range of digital disruptions.
Related topics: