Damages caused by faulty CrowdStrike update could reach up to 1.5 billion dollars
Cyber risk analytics firm CyberCube estimates that the preliminary insured losses from the CrowdStrike IT outage could be anywhere between $400 million and $1.5 billion.
On Friday, July 19th, 2024, a faulty update was installed via CrowdStrike’s servers, which caused a lot of trouble for companies and organizations across the globe.
Public transportation was practically impossible, and thousands of flights had to be canceled. Supermarkets, media companies, emergency services, hospitals, financial institutions, and so on were also disrupted by blue screens of death (BSODs).
The malfunctioning update affected over 8.5 million Windows computers worldwide. A fix was quickly released, but because computers kept restarting, system administrators had to fix them manually one by one. That’s why it took days for some enterprises and institutions to recover.
CyberCube calls the global IT outage caused by CrowdStrike’s faulty update “the largest single insured loss event in the history of the affirmative cyber insurance industry” over the past 20 years. The cyber risk analytics firm projects that the outage caused financial damages for the largest US and European cyber insurers, up to $1.5 billion. As the event is still unfolding, the damages will probably go up even further.
“The CrowdOut event is a major event for the cyber insurance market but does not come close to the destructive potential that leading insurers are holding capital against,” CyberCube says.
According to calculations performed by insurance company Parametrix, the direct financial losses for the U.S. Fortune 500 companies (excluding Microsoft) from the CrowdStrike outage amount to $5.4 billion. The health sector suffered the most ($1.9 billion), followed by the banking sector ($1.2 billion) and transportation/airlines ($860 million).
“Prevention is important, but risk carriers have limited control over event occurrences and service-provider practices. The industry should focus on controllable areas, like mapping and managing aggregation risk. By understanding these points, we can evaluate key exposures and mitigate both malicious and non-malicious threats. This proactive approach enables better underwriting decisions and effective risk-transfer solutions to manage systemic risk,” co-founder and CEO of Parametrix Jonatan Hatzor points out.
Earlier this week, CrowdStrike published its preliminary Post Incident Review. According to the report, a bug in the Content Validator, software that checks software updates for errors, was the root cause of the worldwide outage.
To make amends, the cybersecurity company distributed $10 Uber Eats gift cards to affected customers. In an email, the company stated that it would like to thank partners for their efforts with a cup of coffee or a late-night snack.’
Your email address will not be published. Required fields are marked