Image
Publish Date: July 29, 2024
Author: Tyler Lyster
Tags: Blog - SeubertU

Navigating the Cyber Storm

By Tyler Lyster  |  Seubert’s Vice President of Operations

Risk Management and Insurance in the Wake of the CrowdStrike Outage and CDK Cyber-Attack

The digital landscape is filled with risks, and the recent CrowdStrike outage and CDK Global cyber-attack have brought to light the critical role of proactive risk management paired with robust insurance coverage in mitigating these risks. As businesses reel from the impact of these events, the insurance industry is at the forefront, assessing coverage and responding to claims.

The CrowdStrike outage, which affected millions of Microsoft devices globally, was not a deliberate cyber-attack but a software update mishap. Nonetheless, the repercussions were significant, causing operational disruptions across various sectors. The CDK ransomware attack, targeting automotive retail systems, further underscored the vulnerability of digital infrastructures. These incidents have prompted businesses to turn to their insurers for recourse, leading to a surge in business interruption claims.

For insurers and brokers, the first challenge lies in determining the extent of coverage. Cyber insurance policies are designed to cover losses from cyber events, but the nuances of the policies issued by each carrier can vary. The CrowdStrike outage presents a unique scenario where the disruption was not due to a malicious act but an unintentional software issue. This raises questions about policy triggers and the definition of a covered event.

The CDK ransomware attack, on the other hand, falls squarely within the realm of cybercrime, and businesses affected by these attacks are likely to find solace in their cyber insurance coverage (depending on specific policy wording). However, the adequacy of coverage limits and the response of insurers in the face of widespread claims will be tested. Further, businesses that depend on CDK Global for their own operations suffered serious downtime and lost profits as a result. Coverage implications for downstream parties will likely take months to sort through.

Insurers are now scrutinizing their policy wordings, exclusions, and endorsements to ensure clarity on coverage. The incidents have highlighted the need for comprehensive cyber insurance that can adapt to the evolving nature of cyber risks. Brokers must work closely with policyholders to review and update their coverage needs, ensuring that it aligns with their risk profiles and provides adequate protection. As the cyber landscape continues to mature, so does the coverage afforded by cyber insurers. New coverage terms, conditions, and exclusions arise from claims scenarios that were previously unknown.

Moreover, recent events have sparked a conversation about the need for standardized cyber insurance products. The lack of uniformity in policy wording and coverage can lead to confusion and disputes during claims. A standardized approach could help streamline the claims process and provide clearer guidance to policyholders.

In the aftermath of the CrowdStrike outage and CDK cyber-attack, the insurance industry is at a crossroads. Insurers must balance the need to provide comprehensive coverage with the constraint to manage their own risk exposure and reinsurance. Policyholders must take a proactive approach to cyber risk management, implementing robust security measures and ensuring that their insurance coverage is up to date.

As the dust settles, it is clear that the insurance industry plays a pivotal role in the cyber ecosystem. It is the safety net that allows businesses to recover and rebuild in the face of cyber adversities. However, it should be viewed as just that: A last line of defense to help an insured recover from an unforeseen and uncontrollable event.  Proactive cyber risk management strategies must encompass a comprehensive approach to cybersecurity, including the implementation of robust security protocols, regular system updates, and employee training on cyber threats.

Businesses should take a holistic approach to cybersecurity, which involves not only deploying advanced security solutions but also fostering a culture of cyber awareness among employees. Key strategies include:

  • Regular Risk Assessments: Conducting thorough and regular risk assessments to identify vulnerabilities and potential threats.
  • Incident Response Planning: Developing and testing incident response plans to ensure a swift and effective response to cyber incidents.
  • Employee Training: Providing ongoing training to employees on the latest cyber threats and best practices for prevention.
  • Investment in Technology: Investing in state-of-the-art cybersecurity technologies and services that offer real-time monitoring and threat detection.
  • Vendor Management: Rigorously vetting third-party vendors for their cybersecurity measures and ensuring they meet the organization’s security standards.
  • Cyber Insurance Review: Regularly reviewing and updating cyber insurance policies to ensure adequate coverage in the event of a cyber incident.

By implementing these strategies, businesses can enhance their cyber resilience and mitigate the impact of cyber events. Proactive cyber risk management is not just about technology; it’s about creating a mindset where every employee is aware of the risks and is equipped to act as the first line of defense against cyber threats.

Tyler Lyster is Seubert’s Vice President of Operations. He started his journey with Seubert as an Account Executive in our Commercial Lines Division and became the agency’s Vice President of Operations in 2023 with 10+ years of insurance industry. In his current role, Tyler is responsible for overseeing the development and execution of client service standards, the effectiveness and efficiencies of internal agency operations, identifying and mitigating risks, ensuring compliance, and enhancing our agency’s technologies. 

 

Contact Tyler to see how you could minimize risk.
412.223.1451  | [email protected]  |  LinkedIn

  • Business Insurance
    |
  • Cyber
    |