U.S. Fortune 500 companies excluding Microsoft are facing losses of $5.4 billion due to last week’s CrowdStrike outage, and Microsoft’s losses will add hundreds of millions more to the total. Cloud Insurance Company Parametrics Wednesday.
A global technology outage caused by a faulty update to CrowdStrike security software crashed Microsoft Windows computers on Friday, forcing airlines to delay flights and doctors to postpone surgeries.
Because many companies are taking on so much risk, cyber insurance will likely only cover 10% to 20% of losses, or about $540 million to $1.08 billion, according to Parametrics.
Parametrics CEO Jonathan Hatzoh told the Post that due to Microsoft’s size, he estimates the company’s financial losses could be in the hundreds of millions of dollars.
He said IT companies did not bear much responsibility for the outage but that they had “confussed responsibility”, making it difficult to estimate the exact losses.
“As time went on, it became clear to everyone that CrowdStrike was responsible for this incident,” he said.
Even before the outage, tech geeks knew the CrowdStrike name, but most people didn’t. But they did know Microsoft’s name, which meant the company would likely face “significant operational costs and reputational damage,” he said.
A Microsoft representative couldn’t immediately be reached for comment Wednesday.
“This is a big wake-up call for the industry,” Hatzor told The Post.
The weighted average loss for Fortune 500 companies is $44 million, but the range is wide: Most manufacturers will lose about $6 million, while airlines will lose an average of $143 million, the insurer said.
The impact of the losses is also uneven: The healthcare and banking sectors, for example, account for just 20% of Fortune 500 revenue but absorbed 57% of the combined $5.4 billion financial loss, Parametrics said.
Parametrics predicts that direct economic losses will be greatest in the healthcare industry, followed by banking and airlines.
Hatzol recommended that companies move away from reliance on physical computers and towards cloud-based systems.
“Compared to more traditional industries like healthcare and aviation, cloud companies’ recovery has been more dramatic and faster,” Hatzor said.
Hatzol said that while prevention is important, risk carriers have limited ability to control these disorders, and recommended instead focusing on mapping aggregate risks.
“Once you know which services are your primary points of failure, you can really think about and plan for redundancy,” Hatzor told the Post.
Hatzol said businesses should review their insurance policies with fresh eyes to understand how they will be covered if a future outage occurs.
About 40,000 computers in New York City were still down on Tuesday, plagued by “blue screens of death.”
City officials said the total number of devices affected by the outage jumped from 90,000 to 300,000 over the weekend.
