Gill Collins
Head of Cyber Incident Management and Cyber Advisory, Marsh Pacific
The global tech outage caused by the CrowdStrike software update disrupted business operations for millions of companies, employees, and customers. While many have now resumed business as usual, companies are contending with the cascading impacts of this global incident, the cyberattackers seeking to capitalize from it, and the financial implications.
The reality is that measuring the net economic impact of this event on operations will require more time as well as the perspective of hindsight, especially when analyzing business income shortfalls during and immediately following the outage. For example, revenues may initially decline, but show signs of recovery once systems have come back online. This reflects a delay in recording transactions in systems, as opposed to true income losses.
In the wake of this significant global outage, businesses may be eager to measure the net economic impact as quickly as possible to better understand how they were affected, what they can claim against their insurance policies or report to key stakeholders, and what can be done to mitigate future disruptions and minimize financial losses.
However, every business is unique, and its sensitivity to income losses due to systems availability will determine the time required to demonstrate a true loss of income as well as an accurate measurement of net economic impact. During this period, some patience is required as is a thorough measurement approach.
If your organization has suffered an income loss due to the tech outage, or perhaps only a temporary decline rather than a permanent loss, it is critical to follow a comprehensive process to measure the true economic impact of the event.
Known as an income loss calculation or analysis, below are nine key steps risk managers and leaders can follow when setting out to accurately measure an outage-related economic loss, including the types of documentation required for the analysis.
1. Gather initial key source documentation: First, it is critical to collect all relevant documentation related to the event and its impact on the organization. This information may include, but is not limited to:
Cumulatively, this information offers a holistic window into your organization’s unique documentation process, initial reaction to the event, as well as greater insights into its impact across internal teams and third parties.
2. Identify the precise period of loss: Next, risk managers and leaders should pinpoint the specific period during which the income loss occurred.
This may include the duration of the event itself and any subsequent recovery period until business operations return to normal. This timeline may vary by business unit, but should document the following:
Equipped with this information, companies can better understand the timeline of events pre-, mid-, and post-incident and, as a result, formulate more accurate analyses of lost income.
3. Establish a baseline: Compare the financial performance of the affected period with historical data from comparable periods. By analyzing business performance during similar time frames in the past, leaders can gain insights into expected financial outcomes and identify any deviations from the norm. This establishes a baseline for assessing income loss.
In addition to historical data, it is also crucial to review and consider any pre-loss prepared management forecasts. These forecasts provide an estimate of the expected financial performance based on projected business conditions. If the actual performance during the affected period differs significantly from the forecasted expectations, it is important to understand the reasons behind the variance. It could be due to changes in business conditions, such as shifts in market dynamics, regulatory changes, or other external factors that impact your operations.
4. Calculate insured gross profit loss: Calculate the gross income loss by comparing the actual income during the affected period with the projected income based on the established baseline. This calculation should consider factors such as lost sales, reduced productivity, and any additional costs incurred due to the event.
Keep in mind that the definition of insured gross profit is not synonymous with accounting gross profit, which is recorded on the profit and loss statement. Insured gross profit refers to the financial loss incurred by a business due to an insured event, calculated by comparing the actual income during the affected period with the projected income based on the established baseline. It does not deduct any continuing fixed overheads or continuing labor costs. Consultation with a forensic accountant who specializes in insured losses is recommended to ensure accuracy in this process.
5. Consider risk mitigation efforts: Evaluate any actions taken to mitigate the impact of the event on business operations. This may include implementing temporary workarounds, engaging alternative service providers, or other measures such as the use of inventory and overtime of personnel. Document these efforts and their associated costs.
6. Deduct saved expenses: Identify any expenses that were saved or reduced because of the event. For example, if certain operations were temporarily halted, there may be savings in areas such as labor costs or utility expenses. Deduct these saved expenses from the gross income loss to gain a more accurate picture of your actual loss.
7. Consider extra and expediting expenses: Identify and document any extra expenses incurred to continue or restore normal business operations after the event. This may include costs such as temporary workers, outsourcing services, communication expenses, data recovery costs, legal fees, and more. Additionally, consider any expenses incurred to expedite the repair, replacement, or restoration of systems and costs incurred to reduce the loss.
8. Document supporting evidence: Maintain detailed documentation to support the income loss calculation. This includes all previously mentioned documentation, as well as expense reports, invoices, receipts, timesheets, and any other relevant records. These documents provide evidence of the costs incurred and support the accuracy of the income loss calculation.
9. Consult with experts: Marsh’s Forensic Accounting and Claims Services (FACS) team is uniquely positioned to support companies with insights, expertise, and assistance in accurately assessing the monetary impact and preparing the income loss calculation associated with cyber outages. To the extent claim preparation coverage exists in relevant insurance coverages, such costs also may be a recoverable expense.
Your economic losses and recovery from the tech outage event will be unique to your organization’s business complexities. By following the steps above and consulting with your dedicated Marsh team of client executive advisors, brokers, cyber advocates, and forensic accounting professionals, you can be confident in your recovery from this outage and begin working towards greater long-term cyber resilience.
To learn more, speak with your Marsh representative.
This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors. Any modelling, analytics, or projections are subject to inherent uncertainty, and any analysis could be materially affected if any underlying assumptions, conditions, information, or factors are inaccurate or incomplete or should change. LCPA 24/422