Fitch says insurers can handle CrowdStrike incident losses

Insurers could withstand preliminary loss estimates from the recent software incident at US-based cybersecurity provider CrowdStrike, Fitch Ratings said Monday.

"The recent cybersecurity software incident at CrowdStrike is unlikely to have a material impact on global (re)insurer financial results," Fitch said in a statement.

Preliminary market estimates of global insured losses that range in the mid-to-high single-digit billion US dollars would not translate into a material impact for insurers, but they are subject to ongoing claims and litigation, according to the rating agency.

"The insurance lines most affected will be business interruption, contingent business interruption and cyber. Several smaller lines such as travel insurance, event cancellation and technology errors and omissions will also be affected," it added.

Fitch said several mechanisms will limit insured losses, including "lack of insurance coverage, high deductibles, sub-limits and time element periods for business interruption claims."

Most business interruption claims from cyber events have time element periods that range from eight to 12 hours, Fitch said, but added that industries such as hospitals and airlines will be more affected, as they require 24/7 availability and often lack robust redundancies.

After a software update caused a major IT outage globally last week, CrowdStrike saw its shares plummet an additional 13.46% on Monday on top of an 11.1% decline on Friday.