September 26, 2024
6 Cybersecurity Coverages To Help Mitigate a “CrowdStrike” Outage
The CrowdStrike outage, significant though it was, could have been much more severe if it had been the result of malicious intent. The event underscores how critical it is for companies to carry comprehensive cybersecurity insurance that includes these key components:
- Business Interruption Coverage: for lost income and operational expenses incurred due to a cyber incident. It’s crucial for policies to include both direct business interruption and contingent business interruption, which covers losses resulting from disruptions to third-party services or suppliers.
- Incident Response Coverage: to cover the costs associated with responding to a cyber incident, including forensic investigations, legal fees, public relations efforts, and notification costs for affected individuals.
- Data Restoration and Systems Recovery: to pay for the costs associated with restoring and recovering data and systems impacted by the cyber event. Given the nature of the CrowdStrike incident, where systems were rendered inoperable, this type of coverage would be vital.
- Cyber Liability Coverage: to protect against third-party claims arising from a cyber incident, including lawsuits and regulatory fines. This is essential for covering the legal liabilities and costs associated with data breaches or other cyber incidents.
- Coverage for Non-Malicious Events: As the CrowdStrike incident was caused by a non-malicious software update, it’s crucial for policies to cover a wide range of incidents, including those that are not the result of deliberate attacks. Ensuring the policy language is broad enough to encompass such events can provide necessary protection.
- Third-Party Coverage: Given that many companies rely on external vendors and service providers, it’s important to have coverage that addresses incidents stemming from third-party failures. This includes coverage for financial losses due to disruptions caused by third-party service providers.
When companies include these comprehensive elements in their cybersecurity insurance policies, they can be better equipped to manage and mitigate the financial impacts of incidents like the CrowdStrike outage.