The global insurance and reinsurance industry is expected to avoid major financial repercussions from the internet service disruption caused by a faulty security software update from CrowdStrike, according to Fitch Ratings.
Initial estimates indicate that insured losses could range from mid-to-high single-digit billions of dollars, with most claims likely to be covered by primary insurers, Fitch reported.
The analysis was expected to ease investor concerns regarding claims and potential litigation from the disruption. Insurers that are most vulnerable to such losses typically pass some of their liability to reinsurers.
The update from CrowdStrike, which crashed computers running Microsoft’s Windows operating system, impacted various industries including airlines, banking and healthcare.
"Although standard cyber insurance covers cloud downtime due to security, operational or system failures of the insured's own operations, it generally does not cover downtime caused by non-malicious cyber events at a third-party network service provider," explained Loretta Worters, a spokesperson at the US-based Insurance Information Institute.
Fitch also noted that accounting for cyber risk remains a challenge for the insurance industry.
