Practical advice on recovery and risk mitigation from Partners& 

Although this was not the result of a cyber-attack, the ongoing situation will lead to a rise in the number of phishing and malicious emails from bad actors posing as CrowdStrike, Microsoft, and other vendors, offering fixes and system support.  

IT Security firms have already received reports of phishing attacks targeting CrowdStrike customers, where bad actors claim to be from CrowdStrike Support. CrowdStrike has stated that they will not send unsolicited email communications.  

We advise you to stay vigilant when evaluating any communication you receive regarding this issue: 

• Do not download any updates or patches from unsolicited emails or messages 
• Verify the authenticity of any communication by directly contacting the source through official channels 
• Report any suspicious emails or messages to your support team immediately 

What to do if your business has been disrupted by the CrowdStrike issue 

The extent of the outage serves as a vivid reminder of just how interconnected and dependent we have become on computing technology. Airlines, hospitals and millions of personal computers across the planet have been affected and the disruption will inevitably lead to claims and litigation in the future. 

For guidance on how to resolve the technical issues, refer to: 

https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub

https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage

Does my cyber insurance policy cover this? 

Many businesses and organisations will be incurring significant costs as a result of this event, such as the additional expense of hiring IT people to install updates, lost productivity as employees stand idle, perhaps even cancelled orders. 

Cyber insurance is primarily designed to provide protection and support in the event of a cyber-attack (hacking, virus, ransomware, etc.) As noted earlier, this event was not a cyber-attack, but rather a software glitch or error. On the face of it therefore, you might expect cyber insurers to have dodged a bullet with this one.  

However, some cyber insurance policies contain clauses that provide cover for business interruption loss resulting from computer “systems failure”. That is to say, unexpected computer systems disruption due to a cause other than a cyber-attack. 

No two cyber policies are the same and not all policies provide this cover. Terms, conditions and exclusions may apply to,  exclude or limit payment of any claim. 

If you want to know what your cyber insurance covers, reach out to your usual Partners& adviser who will be pleased to provide further advice.  

And if you’re not yet a Partners& client, we’d more than happy to help you review the cyber insurance cover you have in place.  

Move quickly, as delays in notifying insurers could prejudice any claim you may wish to make. 

Matthew Clark, Cyber Director 

With thanks to Cowbell Insurance for contributing to this article.