Learn the right lessons from CrowdStrike: CyberCube

The CrowdStrike incident in July and its relevance to the cyber industry highlights key lessons in cybersecurity, cyber insurance, and the systemic risks posed by interconnected technologies, according to Jon Laux, vice president of analytics at CyberCube. 

Speaking to Monte Carlo Today Laux pointed out that the incident involving CrowdStrike presents valuable insights into how technology failures, even in their best-case scenario, can have broad implications for businesses and the cyber insurance industry. 

“CyberCube estimates losses from this event to be between $400 million and $1.5 billion.”

First, the CrowdStrike event underscores the importance of recognising systemic risks in the cyber world. Although it was not a malicious attack, but a software error, it demonstrated the interconnectedness of technologies and the potential for cascading effects across industries. 

Laux said that CyberCube estimates losses from this event to be between $400 million and $1.5 billion. This is significant, but the event’s relatively contained nature—thanks to CrowdStrike's rapid response and resolution within hours—showcases how much worse things could have been. 

Most companies recovered quickly, but the incident serves as a reminder of the fragility of complex digital systems. 

Different scenarios

Laux spoke of the value of “counterfactual analysis”, a method of exploring what could have happened in a cyber event and how different scenarios might have played out. By examining not just the events that occur but also potential outcomes, organisations can better prepare for future risks, he said. 

Another important lesson from this event is the significance of incident response. In the case of CrowdStrike, the company acted swiftly, halting the spread of the bug within 90 minutes and issuing recovery instructions early the next day. Despite this rapid response, some businesses experienced long recovery times. This variation in recovery emphasises the need for preparedness. 

The cyber insurance industry, according to Laux, is still in an evolving phase. While some industry players consider it immature others, such as CyberCube, focus on understanding the dynamic and fluid nature of cyber threats. Laux drew a parallel between cyber risks and climate change, both representing challenges that the insurance industry must learn to navigate in an era where risks are constantly evolving. He sees this as an opportunity for the insurance world to adapt to the realities of the information age. 

For CyberCube, the CrowdStrike incident serves as both a cautionary tale and a learning opportunity for the cyber and insurance industries.

For more news from the Rendez-Vous de Septembre (RVS) click here.

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.