Navigating the Microsoft/CrowdStrike incident: Crawford’s response to cyber BI exposure

Many businesses will have experienced some disruption following the CrowdStrike event on Friday, July 19. CrowdStrike has confirmed that it was a faulty update which caused an estimated 8.5 million computers_[1] around the world to crash.

The outage resulted in grounded flights and broadcasters were forced off air; access to banking and healthcare services was restricted, and many businesses were unable to process orders. The full extent of any financial losses will become clearer over the coming weeks, and there remains the potential for further cyber-incidents as threat-actors seek to exploit the situation.

Responding to Cyber BI exposure

Crawford is expecting to see an increase in claims, primarily where there is cyber business interruption coverage in place or extensions which cover suppliers or outsourced providers.

The key to assessing these claims will be in the details of the policy wording. As the event was non-malicious, it is unlikely to be considered a security issue or cyber-attack. As a system outage or operational error, direct costs in responding to the incident may be excluded from coverage entirely, or in some policies, there may be specific limits or deductibles that apply. However, cyber BI wordings may however be wider in scope, specifically where cover extends to suppliers or outsourced providers.

The outage was short, with a fix deployed within hours. As such, any financial or contingent business interruption losses are likely to fall within the waiting period or time deductible, which is a feature of many cyber BI policies. However, the way a policy defines the interruption period, or the period of restoration following the event, will be an important consideration when reviewing claims for ongoing losses.

When assessing the impact of business interruption, it is important to have experts with the right experience and background, particularly for this type of short tail event. The response to a cyber business interruption exposure should include a careful review of the policy coverage to ensure that liability engages and that all claims conditions have been complied with correctly. Additionally, growth trends and potential revenue impact, both positive and negative, to include potential make up should all be considered to ensure that only losses directly related to the CrowdStrike issue are identified.

Crawford Forensic Accounting Services (CFAS) is on hand to assist. Our multi-disciplined team comes from a range of industry backgrounds, and this wealth of experience and expertise is essential to understanding how an outage may result in a financial loss. CFAS can act as an internal consultant alongside the Crawford Cyber Solution or instructed independently. Many of our claims experts have experience as both loss adjusters and accountants. We are familiar with a multitude of different cyber policy wordings, and in some cases, we have worked on the development of these wordings and definitions alongside insurers.

To find out more about how Crawford can help with your cyber and business interruption needs, contact one of our experts.

Paul Handy BSc(Hons) MBA ACII FCILA FUEDI-ELAE FIFAA ACMI
Global Head of Cyber
Crawford & Company

Additional contacts

US

Canada

Australia

Asia

Middle East

UK

Europe

Resources:

[1] https://blogs.microsoft.com/...

Public link

Please use the above public link if you want to share this noodl on another website.