Technology has a funny way of either being our best friend or our worst enemy, doesn’t it? We rely on some sort of technology for almost every operational task to run our businesses and make each day a successful one. It is almost an afterthought, until…well, it isn’t. The last few weeks have shown how strong that technological dependence is within the global economy and the dramatic consequences an outage, or a shutdown, can have downstream.
First it was the CDK Global ransomware attack that forced the service provider to shut down its systems for almost two weeks. During this downtime, automotive dealerships couldn’t access CDK’s dealer management system (DMS) and forced many to revert to pen-and-paper and 3rd party software workarounds.
To shed some light on how integrated CDK can be for a dealership, this software is used by six of the largest dealerships in the country and is used for
- Dealership Management Systems
- Customer relationship management tools
- Third–party software integration
- End–of–month financial accounting processes.
During a crucial summer sales period, it is estimated that the outage resulted in a $1.02 BILLION loss for dealerships nationwide, which doesn’t include CDK’s own losses (per Anderson Economic Group study).
It can be argued that the CDK example is too specific to be applicable to other economic sectors. The most recent incident that occurred last week with Crowdstrike and Microsoft is a great example of a counterargument. This coding error caused the shutdown across multiple industries, including Healthcare, Airline Travel, Banking and Media. To help those who were affected, I wanted to provide some assistance of how your insureds can navigate this incident and what to be aware of moving forward:
Global IT Meltdown: Crowdstrike Software Update Causes Widespread Outages.
While it is too soon to tell what financial impact this outage will have on the financial outlook of a business, it’s just another reminder that a business has potential exposure to losses that are outside of their control. I encourage you to provide this information to your insureds and to remind them that, even with the proper risk management plans in place, some threats are outside of their control. The best way to manage this risk is to transfer some of this risk to a cyber policy that will offer Dependent/Contingent Business Interruption coverage. These examples can also be a good reminder of the hazards that await those insureds who have declined to purchase a cyber policy or those who are among the few who have chosen not to renew.