The recent CrowdStrike outage on July 19 had a ripple effect across a wide range of industries, from airlines to the national organ transplant matching system. In our interconnected world, few can escape its impact. Now, Parametrix provides a detailed look at the financial cost. It’s more than just a ripple.
They estimate a total direct financial loss of $5.4 billion for US Fortune 500 companies, excluding Microsoft. However, only 10% to 20% of this loss is likely to be covered by cyber insurance due to high-risk retentions and low policy limits relative to the potential outage loss.
The average loss per Fortune 500 company is $44 million. The losses range from $6 million for manufacturing companies to $143 million for airlines. The healthcare and banking sectors were most affected, with healthcare incurring $1.938 billion in losses and banking $1.149 billion. These two sectors account for 57% of the total loss but only 20% of Fortune 500 revenues. The manufacturing sector, which has the highest revenue, experienced a relatively small loss of $36 million in total. The six Fortune 500 airlines faced losses of $860 million against their combined revenue of $187.1 billion.
The outage impacted a quarter of the Fortune 500 companies, including all airlines and 43% of retailer and wholesaler firms. About 75% of companies in the health and banking sectors experienced direct costs. Beyond primary financial losses, the CrowdStrike outage caused significant operational delays. This affected both the Fortune 500 companies and their downstream entities.
Parametrix’s forthcoming report, “CrowdStrike’s Impact on the Fortune 500,” highlights several key findings:
- Traditional industries relying on physical computers faced longer recovery times, much like trying to fix a broken bridge versus repairing a damaged app.
- Cyber (re)insurers can manage systemic risk through strategic diversification across industries, service providers, and company sizes, similar to diversifying investments to reduce financial risk.
- The unique impact of the CrowdStrike outage, due to its deployment both on-premises and via the cloud, indicates that insurers should not base future cloud failure models solely on this event, akin to not basing weather predictions on one storm.
- Parametrix’s insights are based on over 54 billion data points, expertise in system failures and business interruption losses, and real-time monitoring of 6,000 leading technology businesses, including many in the Fortune 500.
Jonatan Hatzor, co-founder and CEO of Parametrix, noted, “Our analysis of the CrowdStrike outage reveals the potential extent and boundaries of a systemic cyber loss event. It also informs how insurers and reinsurers can diversify their cyber risk portfolios to minimize impacts. However, a cyber insurer focused on very large companies will suffer more significant losses than one with a broader SME portfolio.”
Hatzor also stressed the importance of prevention and risk management. He stated, “The industry should focus on controllable areas like mapping and managing aggregation risk to mitigate both malicious and non-malicious threats. This proactive approach enables better underwriting decisions and effective risk-transfer solutions to manage systemic risk.”
Source: CrowdStrike to Cost Fortune 500 $5.4 billion
Other News: First-Ever Cloud Outage Cat Bond: A Game Changer for Cyber Insurance(Opens in a new browser tab)
Other News: Columbus mayor won’t say if city was hit by ransomware attack as tech issues linger.