Fortune 500 companies to incur more than $5 billion in losses from CrowdStrike outage – and that’s EXCLUDING Microsoft
By isabelle // 2024-07-25
 
The damage from the huge IT outage caused by CrowdStrike on machines running Microsoft software last week that brought air traffic to a standstill, left some hospitals unable to provide certain services, and rendered many businesses unable to operate is still being tallied, but the modeling and insurance services firm Parametrix has already come up with an estimated price tag – and it’s quite steep. According to their calculations, the total direct financial loss that American Fortune 500 companies can expect to incur as a result of the fiasco is an incredible $5.4 billion – and that is not including Microsoft’s losses. They believe that cyber insurance will likely only cover somewhere from 10 to 20% of these losses, which would be between $540 million and $1.08 billion. They’re attributing this low coverage to the big risk retentions of many companies and the fact that a lot of them likely have low policy limits compared to the potential loss. When averaged out across the Fortune 500 companies as a whole, the loss for each is $44 million, but it is important to keep in mind that the actual loss will depend on the industry. For example, manufacturing firms could see losses of around $6 million, while airlines could be looking at upwards of $143 million in losses. However, it is the healthcare sector that Parametrix expects to experience the biggest direct financial hit, with companies suffering a loss of nearly $2 billion. This is followed by the banking industry with $1.149 billion in losses. The uneven manner in which the incident affects business sectors means that the companies in these sectors will account for nearly 60% of the loss despite only making up one fifth of Fortune 500 revenues. Parametrix’s estimates are drawn from more than 54 billion points of data based on the historical performance of cloud services and directly monitoring thousands of technology businesses' real-time service status. On top of that, the CEO of Parametrix, Jonathan Hatzor, told the New York Post that he thinks Microsoft’s financial losses could total hundreds of millions of dollars. Meanwhile, Fitch Ratings reported that it expects several other types of insurance beyond cyber insurance to be affected by the incident, such as business interruption insurance, technology errors and omissions policies, event cancellation and travel insurance.

CrowdStrike issues apology and fix, loses stock value

Meanwhile, the firm behind the outage, Texas-based CrowdStrike, has lost around 22 percent of its stock value since the incident. It was worth around $83 billion prior to the outage and services more than half of Fortune 1000 companies, in addition to operating throughout the world. The company released a report this week explaining what went wrong and apologized for the drama. They are blaming it on an update pushed by CrowdStrike to its Falcon platform, a cloud-based service that is supposed to protect businesses from disruptions and cyber attacks. A bug in the update led to the simultaneous crash of 8.5 million Windows machines. To avoid similar problems in the future, CrowdStrike has said that it will implement better testing procedures before issuing updates and use gradual rollouts to reduce the potential for simultaneous failures like those seen last week. Although the company has already released information to help users fix impacted systems, experts maintain that getting all of the affected computers back online could take quite some time due to the need to manually weed out problematic code. The widespread disruptions caused by the incident are a sobering reminder that many of the world's top businesses and organizations are simply not prepared with proper contingency plans to handle the failure of crucial IT systems. This means that cyber criminals and other malicious actors are well positioned to cause chaos around the world. Sources for this article include: InsuranceJournal.com TheGuardian.com NYPost.com