CrowdStrike’s massive IT outage: Wake-up call for businesses to rethink cybersecurity and insurance

CrowdStrike’s global outage reveals how digital resilience and comprehensive insurance are no longer optional in today’s interconnected world.

In July 2024, a routine software update by the cybersecurity leader CrowdStrike unexpectedly caused a massive IT outage that rippled through industries worldwide. Over eight million computers were impacted, and sectors as varied as banking, healthcare, media, and aviation saw halted operations. While this incident wasn’t the result of a malicious cyberattack but a software glitch, it has raised critical questions for businesses: how do they handle digital risks, and how ready are they to recover when unforeseen disruptions strike?

CrowdStrike acted quickly to manage the issue, yet the outage highlighted a sobering reality—no system is completely immune to errors. Today’s businesses need to rethink their approach, not only in terms of cybersecurity but also in terms of comprehensive insurance coverage that considers the complexity of today’s digital landscape.

From a glitch to a financial storm

The CrowdStrike incident underscored an exposure that many companies may not have fully anticipated—the risk of non-malicious software malfunctions. Financial assessments from the incident suggest that Fortune 500 companies alone may face losses between $540 million and $1 billion. This situation has revealed a gap in many existing insurance policies. Traditional cyber insurance is often geared to cover only malicious breaches, leaving companies vulnerable to operational disruptions like this one, caused by a software error.

Clearly, the need now is for more encompassing coverage that acknowledges both cybersecurity threats and operational failures. When evaluating cyber insurance, businesses must understand subtle yet crucial distinctions, such as the difference between a cybersecurity threat and an operational error. Companies with heavy reliance on real-time data access can incur significant financial losses, even from brief outages.

Secondary threats and third-party risks

Another important lesson here is the potential for secondary threats. Following an IT disruption like the one CrowdStrike experienced, phishing attempts and other forms of social engineering attacks tend to rise, as cybercriminals capitalise on the confusion. As companies rushed to bring their systems back online, the surge in phishing attempts reminded everyone how critical it is to stay alert against opportunistic cyber threats that can arise during recovery periods.

Beyond immediate disruptions, companies must also consider the indirect impacts on their operations. For organisations that depend on third-party technology providers or haven’t fully mapped out their supply chains, the consequences of an outage can cascade. Even if a company wasn’t directly affected, disruptions to their vendors—such as those affected by CrowdStrike’s outage—can still have significant impacts. The ripple effect has shown the interconnectedness of digital risks, leading experts to predict that insurance renewals will increasingly emphasise business continuity and third-party risk management.

Rethinking D&O Insurance and Professional Indemnity

The evolving cyber risk landscape is pushing companies to consider other types of insurance as well. Directors & Officers (D&O) insurance, for instance, is becoming more relevant in the context of cyber incidents. This type of coverage can protect directors and employees against claims related to cyber incidents, covering legal defense costs and damages. In fact, by 2022, about 25 per cent of D&O claims were linked to cyber issues, emphasising the growing overlap between corporate management and digital risk.

Professional Indemnity insurance, or Errors & Omissions (E&O) insurance, also deserves a closer look. As companies adopt more digital solutions, they face higher risks of claims for negligence or failure. E&O insurance helps cover these claims, making it an essential addition to any risk management strategy.

A proactive approach to resilience

Ultimately, resilience goes beyond merely avoiding disruptions. It’s about ensuring an organisation can recover efficiently and continue operating after a challenge. Companies that adopt a proactive approach—not only in securing systems but also in having robust safety nets like comprehensive insurance and disaster recovery plans—stand a better chance of weathering storms like the CrowdStrike incident.

Employee education on data security is crucial here; they’re often the first line of defense, and proper training can significantly reduce the risk of errors leading to data breaches. For instance, consistent training on handling sensitive information, such as Data Loss Prevention (DLP) and Personally Identifiable Information (PII), can help prevent accidental leaks.

Equally important are robust Business Continuity Planning (BCP) and Disaster Recovery (DR) strategies. These plans should cover a variety of scenarios, including potential loss of key devices or infrastructure. Regular testing of BCPs and DR plans ensures they’re effective and up-to-date, making organizations better prepared for when disruptions occur.

Another vital step is isolating disaster recovery systems from primary infrastructure to ensure operations can continue independently. This lessens the dependency on external providers and strengthens resilience overall.

Lastly, revisiting vendor contracts and service-level agreements (SLAs) has become more important than ever. Understanding how third-party providers manage disruptions—and what coverage is in place for vendor-related outages—will be key to minimising risks in the future.