’This is the most widespread global IT outage we have seen in 20 years of underwriting cyber risk,’ says department head

When the world was affected by a mass IT outage last Friday (19 July 2024), there were early assumptions that this was the result of a cyber attack.

The incident impacted plenty of businesses, as well as airlines and train services, with many employees waking up to the so-called “blue screen of death” and not being able to crack on with work as normal.

After investigations, however, it turned out that the incident had nothing to do with a cyber attack – instead, the chaos was caused by a faulty software update that affected Windows hosts.

Cyber security firm Crowdstrike, which rolled out the update, said that around 8.5 million Windows devices were impacted as a result, although a “significant number” were back online again promptly.

“We know our customers, partners and their IT teams are working tirelessly and we’re profoundly grateful,” it said in a LinkedIn post on Monday (22 July 2024).

“We apologise for the disruption this has created. Our focus is clear – to restore every system as soon as possible.”

Despite fixes being deployed and Crowdstrike confirming that this was not an attack, cyber insurance has still become a key talking point following the outage.

Why? Because there are already scammers taking advantage of the outage by using malicious techniques to offer device fixes, such as using fake websites.

Richard Hodson, business development director at Onda, said he noticed this trend when it first became apparent that there was an outage.

“The nefarious parts of the criminal internet operate in the shadows – they surface every now and again,” he told Insurance Times.

“One of the reasons they surface is to register domain names. The press was reporting companies that were being affected and what we were seeing was a number of domain names being registered that were similar or close to companies that had been affected.

“That immediately sent alarm bells ringing.”

Scams

Hodson added that his firm subsequently saw “how criminals were starting to capitalise and take advantage of the situation”.

He added that there had “definitely been an uptake” in scams, such as phishing, with more fake domain names being registered.

“We put out some tweets and posts on LinkedIn very early on about phishing scams,” he said.

Phishing is a scam that sees fraudsters send out emails or messages claiming to be from a reputable company in order to get victims to reveal personal information.

According to Node4’s Mid-Market IT Priorities Report 2024, published on 19 February 2024, IT decision-makers from the insurance sector said that phishing was among the 10 cyber security threats expected over the next 12 months.

Laila Khudairi, department head of cyber and enterprise risk at Tokio Marine Kiln, agreed with Hodson and warned of phishing attempts following the outage.

“This is the most widespread global IT outage we have seen in 20 years of underwriting cyber risk,” Khudairi said.

“The impact has been severe and across multiple sectors. Cyber criminals are using the outage to attempt phishing attacks via email and SMS.

“We urge our clients, and anyone affected, to remain vigilant and scrutinise suspicious emails or those which request personal details.”

Brace for impact

Due to the onset of these types of scams, as well as the general impact felt by businesses from the outage, cyber insurers should expect to see a wave of notifications in the coming days.

Khudairi said her firm was working with its clients to “assess their vulnerabilities and monitor their exposures through our scanning tools”.

She continued: “While the incident raises questions about how well tested patch updates are before a mass roll out like this, previous automatic updates have provided a timely and vital line of defence for businesses to prevent malware attacks.” 

Financial technology and insurance firm Acrisure, meanwhile, said the fallout from the outage was likely to be felt most acutely in the large and mid-market corporate arena.

It felt that losses were likely to be seen under business interruption (BI) and dependent business interruption (DBI) insuring clauses.

“Most cyber policies include triggers for malicious and non-malicious events and BI and DBI coverage typically extends to incidents at IT vendors,” Acrisure London Wholesale vice-president Tancred Lucy said.

“Some cyber policies will also contemplate DBI coverage for non-IT vendors.

“Insurers will have engaged their panel vendors to work with impacted companies to reduce insured downtime and extra expenses.”

Nigel Collins, cyber, technology and engineering lead at McLarens, added that insurers should be braced for “significant insurance claims”, with businesses’ continuity plans being affected.

“Businesses affected by the outage will likely have implemented business continuity plans to minimise the impact,” he said.

blue

The “blue screen of death” was a common sight during the outage

“But, with the reliance global business has on single point software solutions, business continuity plans will have [a] limited effect on such outages.”

Underinsurance

While insurers are going to have to be on top of their game when managing the fallout of this incident, there is the additional issue that businesses may be underinsured.

In October 2022, research from GlobalData showed that only 56.2% of medium-sized businesses, 40% of small businesses and 16.8% of micro businesses had a cyber insurance policy.

Speaking to Insurance Times in September 2023, Chris Mallett, commercial strategy manager at Clear Group, said: “The risks we know SME businesses recognise in the threat of ransomware, hacks and loss of data is not reflected in the amount of cyber coverage that they are arranging at the moment.”

Hodson said that there was a “huge gap” in the penetration of cyber policies, especially in the SME sector, where the question of “why do I need to buy another insurance policy?” was often raised.

“What happens if you arrive at your office tomorrow and all the computers are there, but you have that blue screen of death,” he added.

“Can you receive emails, can you place orders, can you do online banking?”

”You’ve got the impact to your business that you cannot operate until you have recovered and restored that.

“Why aren’t you spending money on a product which covers the way we have moved into a digital age?”