Companies affected by an unprecedented global computer failure on Friday, such as airlinesare not necessarily covered by their cyber insurance and are exposed to having to bear the costs out of their own pockets, some experts warn.
How are computer failures covered?
The incident, caused by a faulty update to Microsoft’s Windows operating systems of an antivirus program from the American cybersecurity group CrowdStrike Falcon, was triggered on Thursday at around 19:00 GMT and does not appear to be the result of a cyberattack, i.e. a deliberately malicious act.
Cyber insurance, promoted in recent years by major global insurers“are not intended to be applied” in this case, according to François-Pierre Lani, lawyer at Derriennic Associés, contacted by AFP.
But as is often the case with insurance, coverage depends on each contract and must be analyzed on a case-by-case basis, say several experts.
Cyber insurance, which primarily covers the risks and costs associated with attacks, may include options whereby computer failures would fall within the scope of covered claims.
These options “They are not mandatory and companies do not usually hire them,” warns Quentin Charluteau, an insurance lawyer at Simmons & Simmons.
What does the insurance cover?
Compensation for affected companies can be of various types: additional operating costs or direct compensation for loss of profits.
For airlines that have had to cancel flights, such as Transavia France or the American airlines Delta, United and American Airlines, the first level is the payment of additional operating costs. The same is true for the British railway operator Govia Thameslink Railway, which has reported possible last-minute cancellations.
In such cases, the insurance covers the costs of catering and re-accommodation for clients affected by the delay or cancellation of their journeys, especially in the northern hemisphere, where many people begin or end their summer holidays.
If the incident, which is being rectified, continues for a longer period of time, the insured company may also claim operating losses. The insurer must compensate for the loss of income due to the cessation or reduction of activity.
How much will it cost?
Cyber Insurance “They are relatively expensive insurance and companies usually have to pay a high deductible,” a source from a major international broker told AFP.
As an example, the French association of risk managers, Amrae, illustrates the case of a “Big company” which, for an insurance contract that costs her an annual premium of 950,000 euros (1 million dollars), is subject to a deductible of 7.5 million euros (8.1 million dollars).
The contracts also include maximum coverage limits: above this sum set in the contract, it is once again the company’s responsibility to pay out of its own pocket.
Some large groups take out coverages of more than 100 million euros, according to Amrae.
But this amount “is exceeded very quickly in the event of a major incident” such as Friday’s failure, says a broker.
Any other possible solutions?
As soon as the computer crisis occurs, the affected companies begin “to study what they can do in contractual terms” with the providers of IT services that have failed, says lawyer Sonia Cissé, a partner at the international law firm Linklaters.
Contracts between affected companies and their faulty IT provider may include clauses on liability for service continuity, which provide for compensation.
In the case of this week’s global ruling, it seems possibleand “to seek compensation through a liability action” against CrowdStrike, explains to AFP Philippe Cotelle, administrator of Amrae and president of its cyber commission.
All the experts contacted by AFP on Friday agreed on one point: given the magnitude of the ruling and its possible financial consequences, they expect a wave of claims.
It may interest you
- Microsoft Windows global crash: what is CrowdStrike, the platform that caused the error, doing?
- Microsoft adds AI key in first change to PC keyboard in decades
- Qualcomm unveils AI-powered computer chip for 2024
Source: Gestion
Ricardo is a renowned author and journalist, known for his exceptional writing on top-news stories. He currently works as a writer at the 247 News Agency, where he is known for his ability to deliver breaking news and insightful analysis on the most pressing issues of the day.
