CrowdStrike update blunder may cost world billions – and insurance ain't covering it all

The cost of CrowdStrike's apocalyptic Falcon update that brought down millions of Windows computers last week may be in the billions of dollars, and insurance isn't covering most of that.

That's according to cloud monitoring and insurance biz Parametrix, which this week claimed that US Fortune 500 companies – of which around a fourth were impacted – took a $5.4 billion hit from CrowdStrike's broken channel file. This doesn't include losses for Microsoft; Redmond was excluded from the calculations because "they were a key player in the event."

(With a total $18 trillion annual revenue, the Fortune 500 can probably afford it.)

Parametrix says insurance might only pay out about $540 million to $1.1 billion of that hit for the Fortune 500, or between 10 and 20 percent. That's apparently "due to many companies' large risk retentions, and to low policy limits relative to the potential outage loss," according to the report.

Some industries in the Fortune 500 escaped mostly unscathed. Manufacturing, transportation (excluding airlines), and finance only experienced some tens of millions in losses total each, it's estimated, which is bad but not nearly as bad as other sectors. Retail and IT ate half a billion each total, airlines lost $860 million, and an estimated over three billion dollars was destroyed between the banking and healthcare sectors.

On a per-company basis, however, Y2K24 was by far the most expensive for airlines, which on average each lost $143 million, followed by the tech industry at $113 million each on average. According to Parametrix. Pinch of salt?

• How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code
• The months and days before and after CrowdStrike's fatal Friday
• How a cheap barcode scanner helped fix CrowdStrike'd Windows PCs in a flash
• Firms skip security reviews of major app updates about half the time

Outside the Fortune 500, cyber-analysis firm CyberCube reckoned the outage resulted in $15 billion worth of losses globally. Not bad for a single update.

The figures from CyberCube are even more dismal, saying insurance will only cover about three to ten percent of losses given the smaller companies involved.

Thankfully, CrowdStrike is working hard to make it up to its teammates and partners that sell the software and provide support for it to customers. These folks were generously offered $10 gift codes for Uber Eats, which should help pay for maybe half of someone's lunch, some of which were promptly denied due to Uber suspecting the high rate of redemption was an indication of fraud.

When asked about these Uber Eats gift cards, CrowdStrike told The Register they were for "teammates and partners" only, and not for customers.

Finally, the CEO of CrowdStrike George Kurtz claimed today 97 percent of Windows systems that crashed last week from the bad update are now back online. ®