The July 2024 global IT outage: a wake-up call

Planes grounded, banks struggling and the Blue Screen of Death plaguing millions of devices

The global outage of IT systems on 19 July 2024 is clearly a major event for impacted businesses and the cyber insurance market. Whilst circumstances of the incident – the timing (coinciding with Asian business hours rather than Europe or U.S.), its non-malicious nature and a rapid patch delivery – may have helped to mitigate the fallout, it offers another example of the cyber insurance market supporting clients through a major event.

But how large will the loss be? And what are the long-term implications?

A large but manageable loss speaks to the cyber market’s progress in recent years 

Losses from the outage for the cyber insurance market are expected to be in the range of US$1bn, which would make this the costliest incident on record, and approximately three times the next-biggest systemic loss, 2017’s NotPetya malware outbreak (Figure 1).

Such an array of events recorded in recent years reinforces the value of cyber insurance and vindicates ambitious growth targets for the market as more companies move to buy the product. They also reaffirm the risks around single points of failure and how different sectors of the economy are now interconnected and interdependent. 

Figure 1. Affirmative cyber insured loss estimates for high-profile cyber events vs GWP for global cyber market, US$bn (original value)
Source: Howden, PCS, Barclays, Parametrix, CyberCube

* Loss development based on a range of early market estimates subject to revision. Data shows affirmative cyber only (e.g. excludes non-affirmative property losses for NotPetya).

Due to the rapid growth of the cyber market’s global premium base over the last decade (23 per cent CAGR from 2014 to 2023), it is well placed to absorb its biggest-ever loss. According to Howden data, the outage loss represents approximately 7 per cent of 2024’s estimated GWP (Figure 2). This puts it on a par with 2017’s NotPetya insured loss as a proportion of that year’s premiums.

Figure 2. Insured loss estimates for high-profile cyber events as a percentage of GWP for global cyber market
Source: Howden, PCS, Barclays, Parametrix, CyberCube

* Loss development based on a range of early market estimates subject to revision. 

As a result, the 2024 outage is likely to be an earnings event for cyber insurers. Absent further large losses, the market is still on track to achieve a sub-100 per cent combined ratio this year despite a series of other high-profile events that include Change Healthcare, Ascension, CDK and Snowflake.

Long-term implications 

The resilience of the cyber market will grow over time as it approaches the scale of other major P&C lines of business. We also expect the global outage to accelerate the market’s development on three other fronts: relevance, innovation and demand. 

Relevance 

The global IT outage has reinforced the relevance of cyber insurance not only by indemnifying losses but by also demonstrating the value of incident response services. The economic cost of the outage was contained by a rapid response from IT teams. Many cyber insurance products provide access to the expertise and resources that are critical to restoring operations and limiting damage in outages and attacks (e.g. IT, forensics, legal services, PR, etc.).

These services are particularly valuable for SMEs, as they often lack the required internal expertise and resources to bounce back quickly and safely from a crisis. At Howden, we experienced this first hand with many SME clients contacting us first in the aftermath of the outage for guidance on how to contain the fallout. Given the collective importance of SMEs (e.g. representing 52 per cent of GDP in the European Union) this really matters; cyber services have a broad role to play in protecting the economy.

The outage also reinforced the relevance of cyber insurance as a financial buffer against systemic cyber risks. These, as discussed in our 2024 assessment of the threat landscape, are increasingly likely due to rising geopolitical tensions, rapid technological advance and increasing digital interconnectedness.

As Figure 3 shows, insured losses from systemic events so far this year stand at US$1.3bn (which excludes a ransomware attack on Ascension as it primarily affects one organisation). This is more than the total for all comparable systemic events from 2017 to 2023 combined.

Figure 3. Insured loss estimates for high-profile cyber events, US$bn (original value) 
Source: Howden, PCS, Barclays, Parametrix, CyberCube

Note: Loss development for 2023/24 based on a range of early market estimates subject to revision. 

Innovation  

Carriers and brokers will respond to the unique (non-malicious) characteristics of the outage by accelerating product innovation. Prior to the incident, attention had been rightly focused on malicious cyber attacks, rather than IT failures, as the most frequent cause of systemic risk (as reaffirmed by the Change Healthcare and MOVEit incidents). Now, greater emphasis is being placed on non-malicious events – albeit with nuances by sector, with, for example, airlines more exposed than most. 

In response, the market will accelerate product innovation on two main fronts. New types of products designed to augment existing cover by offering tailored protection against downtime risk from IT failures will be launched (e.g. parametric products to facilitate rapid payments). Work in this area was already in train prior to the outage, and investment is now likely to be accelerated due to heightened risk awareness following the incident.

Second, the market is likely to continue to build out its definition and severity categorisation of systemic events. Work again here is already underway, with initiatives such as the UK’s new Cyber Monitoring Centre, launched in 2024, set to support the market as it develops products for newly categorised events. 

All of which serves to reinforce the importance of accessing high-quality broking advice to secure the most appropriate and affordable form of cover.

Demand

Another (positive) development to emerge from the outage is heightened risk awareness, and by extension additional demand for cyber insurance. Microsoft estimates that 8.5 million Windows devices were disabled by the outage.

Against this backdrop, cyber insurance has two stand-out opportunities to play an ever-greater role in building resilience. Howden analysis shows that 54 per cent of growth in cyber premiums up to 2030 will come from non-U.S. markets (25 per cent of which will be from continental Europe).

More strikingly, research from the World Economic Forum reveals that organisations with under US$250m in revenue are three times less likely to have cyber insurance than those with a top line of over US$5.5bn. This SME protection gap exacerbates a lack of IT expertise and resources to deal with major cyber events often found in the segment. 

Market-leading levels of growth will in turn drive up the cyber market’s ability to absorb losses of the quantum associated with large-scale events, assuming that pricing is sustained at levels commensurate with risks. Important progress has been made in recent years, with data showing that the cyber market is closing the delta between economic and insured losses from high-profile cyber events (Figure 4).

Figure 4. Estimated economic loss vs affirmative cyber insured loss for WannaCry, NotPetya and global IT outage 
Source: Howden, PCS, U.S. government, Barclays, Parametrix, CyberCube

The room for growth is considerable (the property market assumes 50 per cent plus of the economic loss for certain natural catastrophes in advanced economies) and we expect the global IT outage to increase risk awareness and ultimately stimulate additional demand for cyber insurance.