On July 19th, 2024, a single content update from CrowdStrike, a cyber security software company, caused more than 8.5 million systems to crash, disrupting operations for days across thousands of organizations worldwide, including hundreds of Fortune 1000 companies. The CrowdStrike “glitch,” as it became known, resulted in losses estimated to be more than $5 billion. The CrowdStrike incident is estimated to cost insurers around $1.5 billion in payouts, under business interruption, cyber, and system failure coverages. It represents one of the biggest examples of the adverse impact of aggregated cyber risk accumulation. In October 2024, Delta, one of the many affected businesses in the incident, filed a lawsuit against CrowdStrike claiming that the outage was “catastrophic.” They claimed it was the result of CrowdStrike’s “forced untested updates to its customers” and led to disruption of 7,000 flights and 1.3 million customers over 5 days. The airline claimed a loss of more than $500 million.
