A global IT outage happened last Friday has affected one in four Fortune 500 companies, leading to an estimated collective loss of $5.4 billion, according to a new report by cyber insurer Parametrix.
The report is among the first to quantify the economic impact of the recent CrowdStrike outages, according to Reuters.
The average loss per affected company was approximately $43.6 million, with the healthcare sector suffering the most, incurring losses of around $1.9 billion. Airlines were also significantly impacted, losing about $860 million.
Parametrix’s analysis says that the total insured losses among the Fortune 500 companies range between $540 million and $1.08 billion.
The report says that all Fortune 500 airlines and about 75% of top healthcare organizations and banks experienced disruptions due to the outages, which was caused by CrowdStrike’s faulty update to its security software resulting in Blue Screen of Death error on computers run on Microsoft’s Windows operating system.
Jonatan Hatzor, CEO of Parametrix, described the incident as “the biggest accumulation event we ever saw in cyber insurance,” and said the event “travelled very fast and was very global.”
Hatzor estimated global financial losses from the outage could reach $15 billion, with global insured losses potentially amounting to $1.5 billion – $3 billion.
CrowdStrike, a Texas-based cybersecurity giant, has seen a 22% drop in its stock market value since the incident. It was valued at approximately $83 billion before the outage.
Despite only holding a 15% market share in the security software segment in 2023, CrowdStrike’s impact was substantial due to its significant presence among Fortune 500 companies, working with 298 of them.
CrowdStrike has issued multiple apologies and released a report on Wednesday detailing the failure. The root cause was a bug in an update to CrowdStrike’s Falcon platform, a cloud-based service designed to protect businesses from cyber threats. This faulty update caused 8.5 million Windows machines to crash simultaneously.
The software and IT services sector, however, was less affected, with only 21% experiencing outages, largely because many software companies use Linux, which was not impacted by CrowdStrike’s faulty update.
“This could be viewed as a silver lining, because a high impact on this sector would have resulted in an even larger ripple effect, given this sector includes some of the largest service providers in the world,” the report said.
In its postmortem report, CrowdStrike announced plans to enhance its software testing procedures and to implement gradual rollouts of updates to avoid widespread disruptions in the future.
The company also plans to publish a more comprehensive report on the outage’s causes in the coming weeks.