Preliminary insured losses from the CrowdStrike IT outage for the standalone cyber insurance market are anticipated to fall between $400 million and $1.5 billion, according to CyberCube, a specialist modelling firm for cyber risks and exposures.
For those unaware, the outage was caused by the security company CrowdStrike, which sent out a corrupted software update to its huge number of customers. As per Microsoft, CrowdStrike’s update reportedly affected 8.5 million Windows devices.
“The faulty CrowdStrike Falcon Sensor update and subsequent outage – the CrowdOut Event – would represent a loss ratio impact of roughly 3-10% on global cyber premiums of $15 billion today,” CyberCube said in a recent report on the matter.
This scale of loss could reportedly make the “CrowdOut” event the largest single-insured loss event in the history of the affirmative cyber insurance industry over the past 20 years.
However, an event of this scale does not come close to the extreme scenarios currently being modelled by cyber insurers and reinsurers, CyberCube explained.
The firm continued, “Based on CyberCube’s current estimates, the event represents a loss somewhere between the 1-in-2 and the 1-in-6-year industry loss return periods, according to the company’s cyber catastrophe model and industry exposure database.”
CyberCube noted that its Portfolio Manager product shows far more destructive scenarios that can reach loss ratios of 234% in more extreme events at 1-in-200-year return periods.
“As such, the CrowdOut event is a major event for the cyber insurance market but does not come close to the destructive potential that leading insurers are holding capital against,” the firm added.
CyberCube also observed that its current estimates are provisional and based on the best information it has available.
CyberCube went on, “Each insurance carrier’s claims experience depends on some pivotal criteria relating to the characteristics of their specific portfolio including coverage for non-malicious system failure, contingent business interruption (CBI), and the makeup of insureds in that portfolio.
“While each insurance portfolio will substantively differ in these respects and as such it would not be accurate to apply cyber insurance market share allocations to reach an individual carrier’s loss potential, we expect carriers to see disproportionate losses in portfolios that have significant large corporate exposures.”
At the same time, Howden Re has suggested that the outage will accelerate interest in cat-focused reinsurance, and Aon said it is an opportunity for the re/insurance market to react and improve.
The post CrowdStrike event to cost cyber insurers up to $1.5bn: CyberCube appeared first on ReinsuranceNe.ws.