Press enter to see results or esc to cancel.

What Businesses Can Learn from the Worst IT Outage The World Has Seen

Last Friday, 19th of July, the world has experienced a massive IT outage. From airlines to financial services, a wide array of industries are affected. Insurance companies could face a series of business interruptions or cyber insurance claims following this incident initiated by CrowdStrike.

Discover the world's top health insurers.
Compare quotes with a click of the button.

Wonder who would be liable for this overwhelming financial loss? This Pacific Prime article aims to shed light on this matter and advise business owners from all industries to secure adequate business insurance to bear minimal financial impact when facing unexpected incidents.

Cause of the IT Outage

It is widely believed that the US-based anti-virus firm CrowdStrike pushed out an update to its virus scanner, Falcon, containing a rogue file that negatively impacted computers running Microsoft Windows software. Apple and Linux users were unaffected by the incident.

There is currently no evidence or suggestion that the incident is a malicious attempt by hackers, nor have the statistics shown signs of data breaches.

IT Outage Aftermath

It is not surprising that the aviation industry is experiencing the heaviest loss. The outage caused airplanes to be grounded for hours, disrupting countless trip plans of travelers around the world. Insurers expect to handle a wave of travel insurance claims such as travel delays and missed connections.

Media outlets, banks, retailers, and financial companies worldwide have also been affected. However, disruption to financial markets was minimal, as these sectors are usually equipped with and supported by strong IT systems, leaving them to experience only short-lived effects.

The effects extended to various sectors: supermarkets experiencing minor payment issues, Billboards in Times Square going blank, hospital and GP practices being disrupted, and the payroll systems being impacted. Consequently, employees who are paid weekly or monthly may have to expect a pay delay.

Although CrowdStike has issued a fix, it will have to be applied separately to each and every device affected. Computers will require a manual reboot. With the large number of electronic devices affected, the system’s recovery progress has been slow, causing inconvenience to the IT departments everywhere.

What Businesses Can Learn From This Cyber Incident

What we can learn from the CrowdStrike IT outage incident is that information systems are deeply interconnected in today’s era. With only one source of technology sustaining our digital society and economy, one small mistake could lead to long-lasting and irreversible situations.

As companies of all sizes are slowly recovering their services, there will be significant challenges to come in restoring service continuity within the complex and intertwined digital ecosystems.

Big firms are the fastest in responding to the outage and have been popping back up online, as they have better resourcing of IT staff and resilience measures in place to tackle unforeseen issues; Smaller businesses, on the other hand, take significantly more time to get back on track.

Whether it be small or big companies, be impacted or to impact, companies bear different kinds of responsibilities and liabilities whenever an incident of such occurs. This underscores the need for an extra layer of protection offered by adequate insurance coverage.

Insurances That Would Help Companies Like CrowdStrike

Professional Indemnity Insurance

The most relevant insurance for companies that initiated the incident, like CrowdStrike, would be for professional indemnity. It covers breach or negligence of professional or contractual duty of your employees.

The insured may face claims by clients alleging the provision of professional services or products that were inadequate, non-compliant with contractual agreements, or negligent altogether in the manners of:

  • Dishonest acts by own staff
  • Loss of client documents which led to a breach
  • Improper advice given to a client
  • Breach of regulations or instructions concerning contractual terms

Note: For tech companies specifically, the professional indemnity policy might come with a cover for product liability which covers claims arising out of the defective nature of certain products

Directors & Officers Liability Insurance (D&O)

For large companies, CrowdStrike and Microsoft in this case, the company’s directors, including the CEO, might be held liable for improper management of the company and lack of supervision for the company’s decision.

The share price of Crowdstrike also fell significantly, and shareholders might sue the directors. The D&O liability insurance could be suitable for both of the above situations, as it covers actual and alleged wrongful acts committed by management. These acts can include:

  • Failure to disclose to shareholders or regulators certain risks, or failure to provide prior disclosures
  • Alleged charges against the management for not taking adequate steps to mitigate risks or adhere to recommended regulatory/departmental guidelines
  • Breach of duty by not developing adequate contingency plans to keep a business afloat
  • Negligence in being able to seek alternate avenues for business continuity
  • Inactions to adapt to market conditions
  • Charges by employees that their management did not take adequate steps to mitigate risks, unfair dismissal, discrimination, etc.

Insurances That Would Help Companies with Affected Businesses

For cyber incidents of all kinds, cyber insurance would be the ideal coverage to provide financial security for interrupted businesses. However, it is important to understand what was actually covered in your policy because:

  • Non-malicious Events Exclusion: Some cyber policies cover losses only due to cyberattacks and malicious acts. Unfortunately, very few cyber insurance plans cover cyber issues caused by IT outages, human errors, and programming errors.
  • Non-compulsory Business Interruption Coverage: Not all cyber insurance policies cover business interruption. Either some insurers refuse to provide this cover, or some clients choose not to take up this cover.
  • Widespread Event Exclusion: Some insurers will provide coverage for cyber incidents, but only for “non-widespread” events, meaning the cyber attack or IT outage must be exclusive to your company with no other similar cases within a given time frame.

Considering the above, airlines, banks, and other retail businesses affected by CrowdStrike’s error should have cyber insurance that covers non-malicious events, business interruption, human errors, IT outages, programming errors, and incident response.

Consult Pacific Prime For Any Corporate Insurance Enquiries

The IT outage on Friday impacted mostly companies that are working with CrowdStrike. Although such widespread impact is never-before-seen, less concerning cyber incidents occur from time to time, such as data breaches, ransomware attacks, or even human errors causing data leakage.

Alongside practicing IT hygiene in the workplace, insurance coverage is of utmost importance. Not only does it protect your company financially, but it is also “proof” that your company is “insured” so that other companies would like to collaborate with confidence.

Pacific Prime has over 20 years of experience in offering innovative and customized corporate insurance solutions to businesses of all sizes. We guarantee service excellence and ensure you are paying for what you get in return— a one-stop solution to everything you need throughout your business journey.

We leverage our expertise and experience to do a thorough macro (recommended policies and coverage) and micro (benchmarking for exclusions and extensions for your industry) gap analysis of what you currently have, and what you may need to further protect your business.

Contact our expert advisors to get started now!

Content Creator at Pacific Prime
Eric is an experienced content writer specializing in writing creative copies of marketing materials including social media posts, advertisements, landing pages, and video scripts.

Since joining Pacific Prime, Eric was exposed to a new world of insurance. Having learned about insurance products extensively, he has taken joy and satisfaction in helping individuals and businesses manage risks and protect themselves against financial loss through the power of words.

Although born and raised in Hong Kong, he spent a quarter of his life living and studying in the UK. He believes his multicultural experience is a great asset in understanding the needs and wants of expats and globe-trotters.

Eric’s strengths lie in his strong research, analytical, and communication skills, obtained through his BA in Linguistics from the University of York and MSc in Teaching English to Speakers of Other Languages (TESOL) from the University of Bristol.

Outside of work, he enjoys some me-time gaming and reading on his own, occasionally going absolutely mental on a night out with friends.
Eric Chung
Latest posts by Eric Chung (see all)