Miller thinks CrowdStrike likely to lead to higher cyber premiums
Outage also set to introduce more stringent terms and conditions
London market and global broker Miller told Commercial Risk that the CrowdStrike outage is likely to see cyber premiums rise and wordings tighten.
“In our view, the CrowdStrike outage is likely to lead to both an increase in cyber insurance premiums and more stringent terms and conditions, as insurers adjust to the increased perception of risk in the wake of this significant event,” said Debbie Hobbs, head of cyber, tech and media at the broker.
“Although the [cyber] market had been experiencing a softening trend with increased capacity and competition, this incident may temporarily reverse that direction,” she added.
Hobbs explained that the widespread disruption caused by the outage has highlighted the potential for large-scale systemic risks, prompting insurers to reassess their exposures.
“This reassessment could lead to an increase in premiums, particularly for policies that cover business interruption and third-party liabilities,” she added.
Hobbs said this view is supported by a “spike” in requests for long-term agreements – which lock in coverage terms, conditions, and rates for an extended period – from cyber insurance buyers since the incident.
Miller also believes that the financial losses and perceived threat associated with the CrowdStrike outage could affect reinsurance negotiations, leading to higher reinsurance rates or more restrictive terms. All of this would impact the way the primary market thinks about writing cyber, noted Hobbs.
And she feels the impact will also be felt through more restricted cyber coverage. “The incident has exposed critical vulnerabilities in even the most reputable cybersecurity firms, which may lead to more stringent policy terms and conditions in the future. This could include more rigorous requirements for policyholders to demonstrate their cybersecurity measures, as well as the introduction of new exclusions or limitations in coverage. For example, insurers might introduce exclusions related to third-party service failures or reduce the scope of coverage for systemic events,” she said.