BTN News: Last Friday, a major IT failure caused big problems for many sectors, especially airlines. This major glitch was caused by a bad update to Microsoft’s Windows systems through CrowdStrike Falcon’s antivirus program. Now, many companies are unsure if their cyber insurance will cover the costs. Experts say these companies might have to pay for the damages themselves, as cyber insurance might not help in this case.
The problem started on Thursday at 7 PM and was due to a faulty update, not a deliberate cyberattack. François-Pierre Lani, a lawyer at Derriennic Associés, said that cyber insurance policies, which have become popular recently, are usually not meant to cover such incidents. However, whether or not coverage applies depends on each specific contract and needs to be checked individually.
Cyber insurance usually covers risks and costs related to cyberattacks. However, some policies might include coverage for IT system failures. Analysts say that cyber insurance premiums are high, and companies often have large deductibles. For example, a large company might pay an annual premium of €950,000 ($1 million) with a deductible of €7.5 million ($8.1 million), according to the French risk management association Amrae. These policies also have maximum coverage limits, and companies must pay any additional costs themselves if they exceed these limits.
High Costs and Limited Coverage of Cyber Insurance Highlight Company Vulnerabilities
The recent IT failure has shown the financial risks for companies that rely on digital systems. Airlines like Transavia France, Delta, United, and American Airlines had to cancel flights, leading to extra operating costs. The British rail operator Govia Thameslink Railway also reported possible last-minute cancellations. In these cases, cyber insurance might cover extra operating costs and customer rebooking expenses.
If the problem continues, insured companies could claim lost revenues due to stopped or slowed activities. However, the high cost of cyber insurance and large deductibles mean companies must consider the benefits against the expenses. Large groups might get coverage over €100 million, but this amount can be quickly used up in a big incident, according to an industry broker.
Implications and Potential Legal Actions in the Wake of the IT Failure
The global IT failure is expected to lead to many claims. Companies will look closely at their contracts with IT service providers to see if they can get compensation for service disruptions. Lawyer Sonia Cissé from Linklaters suggests that affected companies might seek compensation through liability actions against CrowdStrike, the company linked to this week’s global outage.
Due to the size of the problem and its possible financial impact, experts expect a surge in claims. Businesses will need to handle complex insurance and legal issues to reduce losses. This situation shows the importance of strong risk management in the digital age.
In conclusion, while cyber insurance provides some protection against IT failures, the high costs and limited coverage show there are still big gaps. Companies must carefully review their policies and stay alert about their digital dependencies to avoid serious financial problems in future incidents.