Markel Cyber Director on Lessons from the Crowdstrike Outage
As cyber threats continue to rise, businesses face unprecedented challenges in safeguarding their operations, data, and reputations.
The CrowdStrike Falcon IT outage in July, which impacted millions of Windows devices worldwide, underscored the risks of technological vulnerability.
This incident affected essential services across diverse sectors, from healthcare and banking to airlines and broadcasting, causing extensive business disruptions and highlighting the importance of cyber resilience.
For many organisations, the aftermath raised questions about how well-prepared they are to withstand and recover from cyber incidents, whether accidental or malicious.
But what is the best way to prepare for the worst-case scenario? To find out more, we spoke with Chris Burgess, Director of Cyber at Markel.
Lessons from the CrowdStrike outage
Reflecting on the CrowdStrike incident, Chris described it as a significant wake-up call for the cyber industry.
"The CrowdStrike/Falcon IT outage made global news headlines… after a technical update error affected around 8.5 million Microsoft Windows devices," Chris said.
This issue arose from a logic error in one of CrowdStrike’s software products, Falcon, causing severe disruptions across various sectors. Despite CrowdStrike’s swift response, the event cost impacted organisations an estimated USD$1bn.
This incident exposed the pressing need for more comprehensive regression testing among cyber vendors to identify potential bugs before releasing updates.
Chris observed that such testing could help companies mitigate risks by catching errors early, thus avoiding costly disruptions.
Following the outage, regulatory bodies have urged tighter cybersecurity controls, prompting companies to reevaluate and enhance their contingency planning to minimise downtime should similar incidents occur.
This response signifies a collective move towards a more resilient cyber environment, where preparedness is not optional but essential for business continuity.
The uptake of cyber insurance in business
Despite the evident risks, only a minority of businesses currently hold cyber insurance.
According to the latest Cyber Security Breaches Survey, a mere 43% of businesses are insured against cyber threats.
Chris highlighted two main factors influencing this trend. "Amongst larger organisations, the take-up rate is high… However, SMEs are often in a different position; they’re focused on growth and survival, which means non-mandatory insurances, such as cyber insurance, may be sidelined."
Larger organisations tend to prioritise cyber insurance because of their extensive balance sheets, shareholder interests, and reputational stakes, which may be heavily impacted in the event of a cyber incident.
SMEs, on the other hand, frequently operate with limited resources and are primarily concerned with immediate growth and stability, making cyber insurance a lower priority.
However, the cyber insurance market is evolving, and SMEs are increasingly recognising the value of such coverage.
Chris emphasised that "we need to raise awareness of the coverage available to SMEs and how cyber insurance can support their businesses in growing and protecting it from financial stress."
The benefits of cyber insurance for SMEs include access to crisis management services, such as legal advice and IT forensic support, which can prove invaluable in mitigating the effects of a cyber incident.
For many smaller businesses, these resources provide a critical safety net, allowing them to recover more effectively from cyber threats.
Protecting against black swan events and future threats
Cyber incidents like the CrowdStrike outage are often referred to as "black swan events" – unpredictable occurrences that cause significant disruption.
"A black swan event in the world of cyber refers to an event that we’ve not seen before,” says Chris. “Since the CrowdStrike incident, we’re seeing businesses becoming more dependent on the technology they use to operate."
Companies are increasingly reliant on third-party providers for services such as hosting, data processing, and storage, further amplifying their exposure to these unforeseen events.
Chris noted that cyber coverage could offer crucial protection in such scenarios. Cyber insurance policies are typically designed to cover expenses related to data breaches, including customer notification, IT restoration, and public relations efforts to repair reputational damage.
Furthermore, they cover financial losses resulting from business interruption, legal costs, and sometimes even ransom payments associated with ransomware attacks, where legally permissible.
The evolving nature of the cyber insurance market, Chris suggested, reflects a growing recognition of the need for comprehensive protection that addresses both direct and indirect consequences of cyber incidents.
Chris highlighted additional trends that companies should monitor, including the rapid pace of technological advancements, the shifting threat landscape with increasingly sophisticated attacks, and evolving regulations around data privacy and cybersecurity standards.
"The speed of technological developments… and the risks this presents to us as individuals and companies is hard to keep abreast of," he explained.
Supporting businesses in the face of threats
To aid businesses in navigating these challenges, Chris and his team at Markel have invested significantly in upskilling and training, ensuring their underwriters possess the expertise required to assess IT risks accurately.
"We recently updated our Cyber 360 product… to provide breach response services for our clients 24/7," he shared.
This comprehensive approach ensures that Markel’s clients have the resources to respond effectively to cyber incidents, offering them a robust safety net that complements their internal cybersecurity measures.
Ultimately, cyber resilience is an ongoing process that demands continuous adaptation to new threats, technologies, and regulatory demands.
Chris’s advice to businesses aiming to enhance their operational resilience is clear: "Invest in cyber coverage… to complement their approach to cyber security."
As the frequency and complexity of cyber threats grow, having both preventive measures and reactive solutions in place becomes increasingly crucial, enabling organisations to safeguard their operations, data, and reputations in an unpredictable digital landscape.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
- Why the UK’s Financial Authority Has Issued a Cyber DecreeCyber Security
- CrowdStrike & Fortinet Unite to Close Endpoint Security GapCyber Security
- Cooperation Key Theme at Microsoft Endpoint Security SummitCyber Security
- Major Insurers Urge State Support To Secure Cyber RiskCyber Security