Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

CrowdStrike outage could cost Fortune 500 companies US$5.4bn

Cloud insurance firm estimates that a quarter of all Fortune 500 companies were impacted by the CrowdStrike Falcon update bug.

user icon David Hollingworth
Thu, 25 Jul 2024
CrowdStrike outage could cost Fortune 500 companies US$5.4bn
expand image

Cloud and supply chain insurer Parametrix has released a report into the staggering costs of last week’s CrowdStrike outage.

According to Parametrix, the outage caused disruptions to 25 per cent of Fortune 500 companies, and the resulting financial losses could well be as high as US$5.4 billion. This figure excludes Microsoft as Parametrics considers it to “be a key player in the event”.

The healthcare sector looks set to have the greatest losses, followed by the banking sector and airline industry.

============
============

In terms of impact, Parametrix said the sectors that suffered the most disruption were airlines – with the entire industry affected – healthcare, and banking, which each suffered a near 75 per cent impact rate. The retail sector was next, with a 43 per cent impact rate, followed closely by transportation at 40 per cent.

The least impacted sector was manufacturing, with only 5 per cent of Fortune 500 companies in the sector impacted.

Insured losses are estimated to be between US$0.54 billion and $1.08 billion.

Parametrix was able to come to its conclusions based on real-time monitoring of the service status of more than 6,000 “leading technology businesses” and a total of 54 billion data points.

“Our analysis of the CrowdStrike outage shows not only the possible extent of a systemic cyber loss event but also its boundaries,” Jonathan Hatzor, co-founder and CEO of Parametrix, said in a statement. “It tells us more about the ways that insurers and reinsurers can diversify their cyber risk portfolios to minimise the potential impacts of systemic cyber risk. However, our analysis does not show the whole diversification picture. A cyber insurer focused on very large companies will certainly suffer a much greater CrowdStrike loss relative to premium than one with a large SME book.”

Hatzor concluded with some advice for the insurance industry.

“Prevention is important, but risk carriers have limited control over event occurrences and service-provider practices,” Hatzor said.

“The industry should focus on controllable areas, like mapping and managing aggregation risk. By understanding these points, we can evaluate key exposures and mitigate both malicious and non-malicious threats. This proactive approach enables better underwriting decisions and effective risk-transfer solutions to manage systemic risk.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.