Security

CSO

CrowdStrike update blunder may cost world billions – and insurance ain't covering it all

We offer this formula instead: RND(100.0)*(10^9)


The cost of CrowdStrike's apocalyptic Falcon update that brought down millions of Windows computers last week may be in the billions of dollars, and insurance isn't covering most of that.

That's according to cloud monitoring and insurance biz Parametrix, which this week claimed that US Fortune 500 companies – of which around a fourth were impacted – took a $5.4 billion hit from CrowdStrike's broken channel file. This doesn't include losses for Microsoft; Redmond was excluded from the calculations because "they were a key player in the event."

(With a total $18 trillion annual revenue, the Fortune 500 can probably afford it.)

Parametrix says insurance might only pay out about $540 million to $1.1 billion of that hit for the Fortune 500, or between 10 and 20 percent. That's apparently "due to many companies' large risk retentions, and to low policy limits relative to the potential outage loss," according to the report.

Some industries in the Fortune 500 escaped mostly unscathed. Manufacturing, transportation (excluding airlines), and finance only experienced some tens of millions in losses total each, it's estimated, which is bad but not nearly as bad as other sectors. Retail and IT ate half a billion each total, airlines lost $860 million, and an estimated over three billion dollars was destroyed between the banking and healthcare sectors.

On a per-company basis, however, Y2K24 was by far the most expensive for airlines, which on average each lost $143 million, followed by the tech industry at $113 million each on average. According to Parametrix. Pinch of salt?

Outside the Fortune 500, cyber-analysis firm CyberCube reckoned the outage resulted in $15 billion worth of losses globally. Not bad for a single update.

The figures from CyberCube are even more dismal, saying insurance will only cover about three to ten percent of losses given the smaller companies involved.

Thankfully, CrowdStrike is working hard to make it up to its teammates and partners that sell the software and provide support for it to customers. These folks were generously offered $10 gift codes for Uber Eats, which should help pay for maybe half of someone's lunch, some of which were promptly denied due to Uber suspecting the high rate of redemption was an indication of fraud.

When asked about these Uber Eats gift cards, CrowdStrike told The Register they were for "teammates and partners" only, and not for customers.

Finally, the CEO of CrowdStrike George Kurtz claimed today 97 percent of Windows systems that crashed last week from the bad update are now back online. ®

Send us news
60 Comments

UK ICO not happy with Google's plans to allow device fingerprinting

Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more

Infosec experts divided on AI's potential to assist red teams

Yes, LLMs can do the heavy lifting. But good luck getting one to give evidence

Trump administration wants to go on cyber offensive against China

The US has never attacked Chinese critical infrastructure before, right?

Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat'

Personal and financial data probably stolen

Are your Prometheus servers and exporters secure? Probably not

Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more

Apache issues patches for critical Struts 2 RCE bug

More details released after devs allowed weeks to apply fixes

Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push

Holiday cheer comes in the form of three arrests and 27 shuttered domains

Three more vulns spotted in Ivanti CSA, all critical, one 10/10

Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker

Fully patched Cleo products under renewed 'zero-day-ish' mass attack

Thousands of servers targeted while customers wait for patches

Blue Yonder ransomware termites claim credit

Also: Mystery US firm compromised by Chinese hackers for months; Safe links that aren't; Polish spy boss arrested, and more

OpenWrt orders router firmware updates after supply chain attack scare

A couple of bugs lead to a potentially bad time

Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware

Threatened with life in prison, Kyiv charity worker gives middle finger to state spies