In my professional world this is a ten alarm fire. Crowdstrike provides EDR (endpoint detection and response) software. Basically the first line of defense against the bad guys. From what I've read the problem today stemmed from a flawed update sent out to every machine their software defends. (including all of the machines managed by my employer, including my own work computer which is still not functional.) The news has reported the obvious companies that suffered. Airlines, healthcare, retailers that use it on their point of sale systems, 911 call centers, etc. The lost revenue and extra expenses companies have suffered are likely in the billions, especially once one considers all the losses associated with the airlines who couldn't put planes in the sky. Crowdstrike will be on the hook for all of that if this was truly a flawed software update. They are big enough that they likely carry a technology errors and omissions tower of insurance with somewhere between $500 million and a billion in limits spread over many layers and insurance companies. This disaster may well eat through all of that. My employer, as well as every other cyber insurer, will undoubtedly get a lot of notices of claim from insureds that use them as a result. Theoretically those will all be subrogated against Crowdstrike's insurance unless there isn't enough insurance there to cover everything. This could very well be a bankrupting event for them.
Reply With Quote
Originally Posted by jp1
