Global insured losses from last week's significant IT outage are projected to be between $400 million and $1.5 billion, according to cyber analytics firm CyberCube.
The disruption was caused by a software bug in CrowdStrike's (NASDAQ:CRWD) quality-control system, which led to a widespread computer crash, impacting services from aviation to banking. The U.S. firm disclosed this week that the bug was responsible for the damaging software update.
CyberCube noted that this incident might represent the largest single loss for the cyber insurance market, but stressed that it "does not come close to the destructive potential that leading insurers are holding capital against."
Insurer Parametrix estimated that the outage resulted in insured losses between $540 million and $1.08 billion for Fortune 500 companies, excluding Microsoft, which was also affected by the CrowdStrike bug.
However, the global insurance and reinsurance industry is expected to avoid major financial repercussions, according to ratings agency Fitch.
Cyber insurer Beazley said this week that it has no plans to change its guidance on its combined ratio—a key measure of underwriting profitability—following the outage.
Still, reinsurance broker Guy Carpenter pointed out that insurers might face additional claims related to directors' and officers' liability and property insurance, beyond the anticipated cyber insurance claims.
CrowdStrike’s Falcon software is widely used by businesses globally to protect against malware and security breaches on millions of Windows machines.
Last Friday, CrowdStrike issued a content configuration update for Falcon intended to “gather telemetry on possible novel threat techniques.” Although such updates are routinely delivered, this specific configuration update led to Windows crashes.
The company’s shares lost more than a quarter of their value over the past 5 trading sessions, and are currently trading at the lowest level since January.