Jack Vines III’s Post

Guy Carpenter said it could be worse: Had the incident involved a ransomware attack, losses could have reached $2 billion. The insured losses connected to a global IT outage July 19, which a faulty CrowdStrike Falcon software update triggered, are expected to range between $300 million and $1 billion, according to a report released Friday from Guy Carpenter. The losses would have likely been much larger had the incident been malicious, according to the report. A ransomware attack involving such a widely used technology system could have ranged from $600 million to $2 billion, according to the company, which is the reinsurance brokerage business under Marsh McClennan. The insurance industry may need to reevaluate its perspective on potential risks and think less in terms of a single catastrophic “super cat” incident, but rather on the risk of mid-sized “kitty cat” incidents that take place on a more frequent, but smaller scale, Guy Carpenter said. #cyberriskmanagement #thirdpartriskmanagement #grc #cyberinsurance

The recent #cybersecurity software incident at #CrowdStrike is unlikely to have a material impact on global (re)insurer financial results. Preliminary market estimates of global insured losses that range in the mid- to high single digit billion USD would not translate into a material impact for (re)insurers, but are subject to ongoing claims and litigation. Learn more: https://ow.ly/2SvC50SHvrx #FitchRatings #Insurance #Reinsurance

The insurance industry is predicted to withstand losses following Fridays Crowdstrike incident. 2024 has seen several major technology and cyber incidents that one could consider significant. Fitch does not believe preliminary lossess will be material. The challenge will be consequential losses, ongoing claims and litigation. One wonders how the loses from this single day event will materialise going forward? The event like Not Petya was global, but unlike Not Petya it's breadth and depth of impact was significantly greater. It won't take many more incidents like United Health and Crowdstrike to make insurers wake up to digital risk in 2024. Requiring and answer that insurance alone cannot provide. Thaddeus Dziekanowski Brian D. McCarthy Veritas GRC CrowdStrike UnitedHealth Group #cybersecurity #cyberriskmanagement

Cybersecurity News (7/31/24): CrowdStrike Outage Costs U.S. Fortune 500 Businesses $5.4 Billion — How and Where Do Businesses Go to Recover Those Losses? — Can the Cybersecurity Liability Insurance Market Absorb These Losses? — Is It a National Security Risk When a “Glitch” By a Single Operator Can Upset the Economy and Multiple Industries? #crowdstrikeglitch #cyberlosses

How much more cyber insurance business could you write if your underwriting process were modernized for lower cost, better user experience, and faster processing? With EXL’s CyberXBench integrated digitized platform, you can write more business in a matter of weeks. Rates are on the rise. Competitive rates sell more. Trim your cost with CyberXBench. https://lnkd.in/gRwd6jUZ

How much more cyber insurance business could you write if your underwriting process were modernized for lower cost, better user experience, and faster processing? With EXL’s CyberXBench integrated digitized platform, you can write more business in a matter of weeks. Rates are on the rise. Competitive rates sell more. Trim your cost with CyberXBench. https://lnkd.in/gFQNJ5xC

https://lnkd.in/gzqRpSe9 "Still, despite the media hysteria and significant impact of these events, including the CrowdStrike outage, which has been called “the largest IT outage in human history,” we do not expect any to reach the levels of loss of natural catastrophe events that routinely impact the insurance industry. Our own modeling, leveraging our Active Cyber Risk Model, suggests a $0.96 billion industry-wide loss experienced by US cyber insurance policyholders at the upper bound prior to consideration of coverage limitations. Of course, any model of this event will also be highly sensitive to the least credible assumption (most likely, the share of impacted systems), which if reduced, would decrease our estimate to $0.27 billion (or lower)."

Rates have continued to drop in 2024, especially in higher excess layers due to new market capacity. Despite this, cyber insurance portfolios are performing well: the average loss ratio for the top 20 US cyber insurers in 2023 was just under 43%, according to the NAIC. Although competition has increased, underwriting discipline has remained strong. Insureds who have invested in cybersecurity, improved access management controls, and backup strategies have significantly reduced both the frequency and severity of claims. Cyber risks are becoming more manageable, and insurers’ ability to understand and select these risks is improving. However, cyber insurance penetration remains very low, especially outside the US and among small and medium-sized enterprises (SMEs). I would add the following: - Another important (continuing) trend is the increase in supply chain attacks, such as Snowflake and MOVEit, where a single event can affect a number of parties. - Despite more cyber extortion incidents, less insured companies are paying (in part due to better maturity) - The impact of AI on both attackers and defenders will become increasingly evident https://lnkd.in/erR8PdbA

How much more cyber insurance business could you write if your underwriting process were modernized for lower cost, better user experience, and faster processing? With EXL’s CyberXBench integrated digitized platform, you can write more business in a matter of weeks. Rates are on the rise. Competitive rates sell more. Trim your cost with CyberXBench. https://lnkd.in/gw98vptJ

Good (less than 1 min) read about the likely financial losses associated with the recent CrowdStrike cybersecurity event on global businesses, including the financial impact on cyber insurance carriers and reinsurers. Thank you CLM Alliance (Claims and Litigation Management Alliance) for publishing.