Key takeaways and challenges from the CrowdStrike incident
The recent CrowdStrike system failure has spotlighted the challenges businesses face with non-malicious outages and highlighted the importance of having the right cyber insurance coverage in place. During Cyber Security Awareness Month, we provide critical insights into system failures, outage prevention, and the implications for the cyber insurance marketplace.
Explore our other resources to understand how to protect your business from system failures and ensure your cyber insurance policies provide comprehensive coverage.
Key takeaways from the CrowdStrike incident
System failures and outages: Non-malicious system failures are common across security software products. While smaller events often go unnoticed, larger outages like the CrowdStrike incident can severely disrupt business operations. Understanding how these failures occur and how to mitigate their impact is essential.
Challenges in avoiding outages: Outages are difficult to avoid as security products must run on operating systems that require constant updates to stay ahead of evolving cyber threats. Regular maintenance is necessary to reduce the risk of outages but cannot guarantee their prevention.
Best practices to minimize downtime: While you can't eliminate the risk of system failures, companies can take these steps to reduce their impact:
- Stage updates to minimize disruption.
- Revisit software vendor inventories regularly to ensure all systems are up to date.
- Update business continuity plans frequently.
- Establish clear communication strategies in case of outages.
The role of cyber insurance in system failures
Coverage for non-malicious events: Cyber insurance policies often cover non-malicious events like system failures, though the exact scope of coverage can vary. It's critical to understand how these failures are categorized in your policy to ensure your business is protected.
System failure definitions: System failures are typically defined as unplanned and unintentional outages. However, definitions vary between policies, affecting the scope of coverage. Understanding these definitions in your policy is key to avoiding coverage gaps.
Third-party network claims: Coverage for third-party claims during system failures is often excluded under cyber policies. However, errors and omissions (E&O) insurance may cover certain aspects. Discuss with your broker to ensure you have appropriate protection for third-party exposures.
Improving your cyber insurance claims
Importance of forensic accountants: Independent forensic accountants play a vital role in accurately quantifying losses from system failures and business interruptions. Engaging them early in the process ensures proper documentation and helps maximize recovery. Insurers will often recommend forensic accounting firms on their panel, but these firms are not independent and are biased towards the insurance carrier.
Practical steps for claims: To file a successful claim:
- Engage independent forensic accountants early to assess losses.
- Keep detailed records of system failures, including both internal and third-party impacts.
- Document all downtime, business disruptions, and recovery efforts.
Market impact of the CrowdStrike incident
Market response: Despite the impact of the CrowdStrike incident, the cyber insurance marketplace has responded calmly. Insurers have continued offering coverage for system failures without drastic changes in pricing or capacity.
Global cyber marketplace outlook: The CrowdStrike incident is not expected to significantly impact the global cyber insurance market. Insurers remain committed to offering coverage, though policy definitions and scopes of coverage will continue to evolve based on risk profiles.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.