Impact of CrowdStrike Cyber Event on Small Businesses
Understanding the Impact of the CrowdStrike Cyber Event on Small Businesses
In July 2024, the cyber world was shaken by what is now known as the CrowdStrike cyber event, a significant incident that has been officially classified as a cyber catastrophe by Verisk's Property Claim Services unit. This event, unlike any other, has had widespread implications across various industries, including airlines, banking, retail, hospitality, and government operations. The incident was triggered by an update from cybersecurity firm CrowdStrike, leading to massive IT failures globally.
The Ripple Effect on the Insurance Industry
The insurance industry is facing a new challenge due to the CrowdStrike event. Estimates suggest that the insured losses could range from $250 million to as high as $1.5 billion. This event is being compared to the NotPetya attack of 2017 in terms of its potential impact on cyber insurance. The primary concern from this incident is business interruption, which is typically covered under a cyber liability policy. This coverage helps businesses recover from financial setbacks caused by cyber disruptions.
Analysts predict that the CrowdStrike event will affect multiple insurers, impacting their earnings and leading to changes in underwriting terms and reinsurance. As a result, insurers are expected to tighten their cyber underwriting standards, increase retention rates, and adjust liability limits. This increased scrutiny will particularly focus on small- and medium-sized companies, emphasizing the importance of understanding one's policy inclusions and exclusions.
A New Era of Cyber Catastrophe
Unlike previous cyber incidents, the CrowdStrike event is not classified as a cyber attack but rather a cyber catastrophe. This distinction highlights the non-malicious nature of the event, showcasing the aggregation risk that insurers are increasingly concerned about. The impact of this event is expected to be spread across the industry, affecting various insurers and their policies. You can read more about the Verisk report on the CrowdStrike cyber event here.
Joshua Motta, CEO of Coalition, believes that while the CrowdStrike event is significant, it may not reach the loss levels typically seen in natural catastrophe events. However, the process of determining final losses is expected to be lengthy due to the non-standardized language in cyber insurance policies. Learn more about Coalition on their About Us page.
Recommendations for Small Businesses
- Review Your Cyber Liability Policy: Ensure that your business interruption coverage is included in your cyber liability package. Understand the inclusions and exclusions in your policy and consider adding endorsements if necessary.
- Engage with Your Insurance Agent: Regularly consult with your insurance agent to stay informed about changes in underwriting standards and reinsurance rates. This will help you make informed decisions and ensure your business is adequately protected.
- Understand Inclusions and Exclusions: Take the time to thoroughly review your cyber liability policy, paying close attention to the inclusions and exclusions. This will ensure you know exactly what is covered, such as business interruption, and what isn't. If there are gaps in coverage that concern you, discuss potential endorsements or adjustments with your insurance agent to better protect your business.
Building a Resilient Business
By taking these steps, small businesses can better navigate the evolving landscape of cyber insurance and protect themselves from potential disruptions. At Thrive Insurance Group, we're here to help you thrive today and protect tomorrow. If you have any questions or need personalized advice, feel free to reach out to us.
Thrive Forward Blog
