Following Friday’s disruptive global IT outage – arguably the worst in global history – questions are beginning to be asked about who will pay for it.
Somewhat surprisingly, shares of CrowdStrike, the company at the center of the outage, fell just 11% after doubling in pre-market trading, especially considering its stock has doubled this year and was trading at such a high valuation.
This suggests investors have a fair amount of confidence that the once-Wall Street darling can repair its reputation after this disaster and, more importantly, that it won’t be liable for any damages.
There are several reasons for this:
First, immediately after a power outage it is impossible to determine the total amount of losses caused by the outage.
Secondly, even if a business or individual consumer is affected by a power outage, it is not always easy to prove that the losses they incurred were the result of the outage.
Third, there is an expectation that CrowdStrike will be covered by insurance.
Air travel loss claims
The biggest losses are likely to fall on the aviation industry, which appears to be the industry most affected.
But even here, claims for loss are likely to be unclear, particularly in the case of air passengers.
One of the key issues here is where passengers will originate and end up. The US and EU have different rules on what compensation is available. It is also unclear who passengers will be able to claim compensation from.
Refunds should usually be sought from the airline itself first, but as consumer advocacy group Which? pointed out, airlines may argue that they are not obligated to pay compensation because delays and cancellations are “extraordinary circumstances.”
This means some passengers who booked with credit cards may have to check whether they are covered for recoverable expenses, and there is likely to be some debate over whether passengers with travel insurance are eligible for trip interruption cover, which not all travel insurance policies offer.
The insurers themselves were among the biggest losers in the impact of the outage. The biggest fall in the FTSE 100 yesterday was Lloyd’s of London insurer Beazley, which provides insurance against business interruption and cyber security attacks. Rival Hiscox also saw its share price fall.
But the experience of insurers during the pandemic, particularly those criticized by small businesses in the hospitality industry for not paying out some of their business interruption claims, offers some guidance on what may happen here.
Hiscox and its competitors They argued that the language in those policies did not obligate them to pay..
Although a settlement was negotiated with the support of the courts and the Financial Conduct Authority, some companies suffered losses and it would be surprising if insurers did not learn from this case and tighten policy wording.
It is therefore not at all certain that losses incurred as a result of this event will be covered by insurance, and if they are covered, it will probably be under a cyber policy that specifically covers loss of revenue due to service interruptions of third-party providers.
This language may also refer specifically to malicious attacks against software or IT service providers, or the length of time that systems were down. Many such policies only cover losses after systems have been down for 6 to 12 hours.
Financial Services Remuneration
Another key area for compensation is likely to be the financial services sector, which does not appear to have been as heavily affected.
Some brokerages around the world, particularly in India, where markets were active at the time of the outage, are said to be facing claims for compensation from customers who suffered losses because they were unable to liquidate positions.
However, disruption to financial markets was minimal, with Jennifer McKeown, chief global economist at Capital Economics, telling clients yesterday: “Sectors that operate with strong IT support systems are likely to see only minor and short-term effects.”
“This may explain why there has been so little impact on financial markets so far. Note, for example, that the London Stock Exchange claims to have been largely unaffected.”
She said another reason the market impact has been muted is because CrowdStrike founder and CEO George Kurtz denied the possibility of a cyberattack.
read more:
Global IT outage: Solved with just a few lines of code
Who is CrowdStrike?
From banks to flights to supermarkets: A chart showing when IT outages peaked
Still, analysts expect significant damage to CrowdStrike itself, including the costs of fixing the problem and investing in repairing its reputation afterward, and the company has a notoriously large marketing budget.
“There will be economic impacts.”
“We expect this issue to have financial implications,” Keith Bachman, senior research analyst at BMO Capital Markets, told clients.
“As an example, we believe that customers will seek relief and compensation for their losses, which could include discounts and credits on both new contracts and renewals.
“So we think it could impact growth rates and cash.”
But some analysts believe the entire IT industry could benefit from the outage as customers rush to invest in business continuity preparations.
“Companies will be considering the need for incident response capabilities and backup plans,” said Sean Eyal, managing director and senior analyst covering communications, security and infrastructure software at brokerage TD Cowen.
“We envision an emergency-driven spending cycle.”
It is therefore unclear what the economic impact of this outage will be, much less who will foot the bill.
It has been noted that when notorious gun crimes occur in the United States, gun sales rise, leading to a corresponding rise in the stock prices of firearms and ammunition manufacturers.
It would be equally ironic if IT departments benefit from increased client spending following this outage.