The July 19 global IT outage is an opportunity for the re/insurance market “to react by improving granularity on codifying policy information important for understanding portfolio accumulation risks stemming from certain coverage grants,” Aon analysts have stated.
This in order to “allow more nuanced event loss estimation and accumulation scenario analysis” at a portfolio level.
At the individual risk level, Aon expects this event to trigger greater attention to system failure coverage grants and business interruption waiting periods.
The IT outage was caused by a security update from CrowdStrike, a global cybersecurity firm based in Texas, which led to widespread issues with Microsoft’s Windows.
Caused by an update to the CrowdStrike Falcon endpoint detection and response (EDR) tool, Microsoft has estimated the IT outage affected 8.5 million Windows devices.
The air travel industry was also impacted, with more than 3,000 flights cancelled and a reported 23,900 flights delayed due to ticketing, operations, other services, at airports.
The healthcare and financial industry were also impacted.
Despite this event having caused widespread disruption across a variety of corporate and financial sectors, analysts do not anticipate a lasting impact on its rated universe.
As a non-malicious event, meaning that “system failure” coverage, where offered, within cyber re/insurance policies is the relevant loss trigger. Business interruption claims are predicted to drive the bulk of insurance industry losses.
Some analysts expect this event to accelerate interest in cat-focused reinsurance programmes, as stated by Luke Foord-Kelcey, Global Head of Cyber at reinsurance broker Howden Re.
Specific re/insurance and bond products have been developed, Aon also noted, which this event will test, both from an event definition and loss quantum perspective.
