Fitch Ratings has indicated that the global insurance and reinsurance industry is unlikely to face significant financial repercussions from the outage caused by CrowdStrike’s problematic security software update, which disrupted internet services worldwide last week.
Preliminary estimates suggest that insured losses may range between mid-to-high single-digit billion dollars, with most claims likely falling under primary insurers’ coverage. This finding may ease investor concerns about potential claims and litigation related to the disruption. Insurers exposed to such losses often transfer some liability to reinsurers.
The CrowdStrike update caused crashes on computers running Microsoft’s Windows operating system, affecting various industries including airlines, banking, and healthcare.
Loretta Worters from the Insurance Information Institute explained that while standard cyber insurance policies cover cloud downtime from security, operational, or system failures within the insured’s own operations, they typically do not cover downtime resulting from non-malicious cyber incidents affecting third-party network service providers.
Fitch also noted that assessing cyber risk remains challenging for the insurance industry.