The recent CrowdStrike outage caused chaos for millions of computer users, grounding flights, taking broadcasters off the air, and clogging up health systems. The cause? A faulty technical update that caused 8.5 million computers running Microsoft Windows to crash. CrowdStrike claimed that the outage was caused by a bug in its content validator.

This outage is reminiscent of another recent outage of major websites, including The New York Times, Amazon, and The Guardian, which was also due to a bug, this time at cloud computing company, Fastly. In both these cases, no third-party cyber-attacks were involved (at least not as far as we know). Both CrowdStrike and Fastly appear to have fallen over their own feet as a result of a failure of quality assurance around bug fixing and testing.

As an insurance executive, it’s important to establish supply chain resilience, as a business is only as strong as its weakest link. What can be done to prevent such failings in the future?

Organizations should have a register of all their third-party solution suppliers and a clear view of which are their critical providers. From a legal perspective, organizations should upgrade their critical supply agreements by applying an operational resilience lens to them. Absent specific sectoral legislation, it falls to the customer to contractually express the minimum levels of operational resilience required of a supplier.

Run joint incident simulations with critical suppliers to ensure both teams know how to collaborate and identify gaps in resilience, and are able to respond quickly to outages. These steps may not prevent outages in a supply chain, but they will put an organization in a much stronger position to deal with them when they occur.

When a systems outage occurs, determining liability can be complex. Businesses may seek to hold the supplier liable for any damages incurred. This typically involves examining the terms of the supply agreement or contract. Key factors include service level agreements (SLAs), negligence, and breach of contract.

Where outages are caused by cybersecurity incidents, these can trigger various regulatory challenges, depending on the jurisdiction and industry. Key regulatory issues include data protection laws and notification requirements. Failure to comply can result in penalties and damage to the business’s reputation.

At Riskwolf, we understand the importance of mitigating risks and establishing supply chain resilience. With our unique real-time data and dynamic risk modeling, we enable insurers to build and operate parametric insurance at scale. Simple. Reliable. Fast. Contact us today to learn more about how we can help you navigate risk and protect your business.

Source: Penningtons Manches Cooper