A global IT outage caused by a faulty CrowdStrike update is expected to lead to billions in insurance claims.

Airlines were forced to cancel flights, retailers were unable to process payments, and hospitals canceled operations after the update caused Windows systems to blue screen of death.

CrowdStrike Blue Screen
– Creative Commons

Microsoft estimates that some 8.5 million Windows devices were brought down by the update.

Insurance broker Aon called the outage “the most important” cyber insurance loss event since the NotPetya malware attacks of 2017.

Derek Kilmer, a professional liability broker at Burns & Wilcox, told The Financial Times that he expected an insured loss upwards of $1 billion, but said that it “could be much higher."

Will Davies, head of insurance at PA Consulting, added that insurers would see “hundreds, if not thousands of claims due to the outage” with estimated claims running into the billions. 

“There also remains the potential for property damage claims as well,” Timothy Wirth, an executive general adjuster at claims management group Sedgwick, said to the FT. “In the event that hardware may have been damaged or corrupted."

The amount and likelihood of payouts may be tied to how quickly services resumed - with some policies not covering downtime below 12 or 6 hours. It is also not clear if the outage would be classed as a cyber attack, given that it was not a traditional attack.