Moody’s advises on cyber policy clarity post-CrowdStrike event

The extent and terms of coverage within individual policies will vary.

Moody’s warns that the recent global cyber incident involving CrowdStrike poses challenges for cyber insurers, as enterprises using CrowdStrike are more likely to have cyber insurance policies. 

The extent and terms of coverage within individual policies will vary, but the scale of potential losses, especially for critical industries, highlights the importance of managing cyber risk. 

Insurers will need to assess each client’s policy to establish exposure, given the non-standardized terms in the cyber insurance market, urged Moody’s in an insight titled “Navigating the Recent CrowdStrike Update Crisis”.

Whilst initial reports suggest the event was not malicious, a flawed security update from CrowdStrike mimicked a supply chain attack, causing widespread disruptions. The security patch, distributed globally, created issues typical of a cyber event where a malicious patch causes extensive problems.

This issue affected entities globally using CrowdStrike’s software, potentially leading to significant operational downtime, especially for industries that cannot afford interruptions, such as airlines and hospitals.  The incident also impacted services on Microsoft Azure, causing downstream effects on enterprises reliant on these systems.

This incident underscores several lessons for enterprises and the cyber insurance industry:

1. Rigorous testing and validation processes are essential for vendors before deploying updates.
2. Robust rollback mechanisms are necessary to revert to previous states in case of problematic updates.
3. Effective communication and support channels are crucial for troubleshooting during widespread incidents.
4. Organisations must balance the need for automatic updates with the potential risks of disruptions.
5. Clear understanding and documentation of cyber insurance policies are vital to determine coverage in such incidents.

This CrowdStrike incident serves as a reminder of the delicate balance between maintaining security and stability in the cybersecurity realm, Moody’s emphasised.

It highlights the need for enhanced protocols and safeguards to prevent similar occurrences in the future. Moody’s said it will continue to monitor developments related to this incident and provide insights into the cyber insurance marketplace.