Skip to main content

Article

Accounting for economic losses following the global tech outage

The global tech outage caused by the CrowdStrike software update disrupted business operations for millions of companies, employees, and customers.
Startup business people group at office

The global tech outage caused by the CrowdStrike software update disrupted business operations for millions of companies, employees, and customers. While many have now resumed business as usual, companies are contending with the cascading impacts of this global incident, the cyberattackers seeking to capitalize from it, and the financial implications.

The reality is that measuring the net economic impact of this event on operations will require more time as well as the perspective of hindsight, especially when analyzing business income shortfalls during and immediately following the outage. For example, revenues may initially decline, but show signs of recovery once systems have come back online. This reflects a delay in recording transactions in systems, as opposed to true income losses.

In the wake of this significant global outage, businesses may be eager to measure the net economic impact as quickly as possible to better understand how they were affected, what they can claim against their insurance policies or report to key stakeholders, and what can be done to mitigate future disruptions and minimize financial losses.

However, every business is unique, and its sensitivity to income losses due to systems availability will determine the time required to demonstrate a true loss of income as well as an accurate measurement of net economic impact. During this period, some patience is required as is a thorough measurement approach.

A comprehensive approach to measuring economic loss

If your organization has suffered an income loss due to the tech outage, or perhaps only a temporary decline rather than a permanent loss, it is critical to follow a comprehensive process to measure the true economic impact of the event.

Known as an income loss calculation or analysis, below are nine key steps risk managers and leaders can follow when setting out to accurately measure an outage-related economic loss, including the types of documentation required for the analysis.

1. Gather initial key source documentation: First, it is critical to collect all relevant documentation related to the event and its impact on the organization. This information may include, but is not limited to:

  • Incident reports: Detailed reports documenting the event, its causes, and the resulting impact on business operations.
  • Financial records: Granular monthly operating statements and other financial records for the affected period and comparable periods.
  • Communication records: Emails, memos, meeting minutes, and other correspondence discussing the event, its consequences, and any risk mitigation efforts.
  • Contracts and agreements: Any contracts or agreements with third-party providers, vendors, or service providers that may have been affected by the event.
  • Insurance policies: Reviews of the organization's insurance policies, specifically those related to business interruption or contingent business interruption coverage.

Cumulatively, this information offers a holistic window into your organization’s unique documentation process, initial reaction to the event, as well as greater insights into its impact across internal teams and third parties. 

2. Identify the precise period of loss: Next, risk managers and leaders should pinpoint the specific period during which the income loss occurred.

This may include the duration of the event itself and any subsequent recovery period until business operations return to normal. This timeline may vary by business unit, but should document the following:

  • Which systems were affected
  • When systems came back online
  • When downstream operations returned to expected operating levels

Equipped with this information, companies can better understand the timeline of events pre-, mid-, and post-incident and, as a result, formulate more accurate analyses of lost income.

3. Establish a baseline: Compare the financial performance of the affected period with historical data from comparable periods. By analyzing business performance during similar time frames in the past, leaders can gain insights into expected financial outcomes and identify any deviations from the norm. This establishes a baseline for assessing income loss.

In addition to historical data, it is also crucial to review and consider any pre-loss prepared management forecasts. These forecasts provide an estimate of the expected financial performance based on projected business conditions. If the actual performance during the affected period differs significantly from the forecasted expectations, it is important to understand the reasons behind the variance. It could be due to changes in business conditions, such as shifts in market dynamics, regulatory changes, or other external factors that impact your operations.

4. Calculate insured gross profit loss: Calculate the gross income loss by comparing the actual income during the affected period with the projected income based on the established baseline. This calculation should consider factors such as lost sales, reduced productivity, and any additional costs incurred due to the event.

Keep in mind that the definition of insured gross profit is not synonymous with accounting gross profit, which is recorded on the profit and loss statement. Insured gross profit refers to the financial loss incurred by a business due to an insured event, calculated by comparing the actual income during the affected period with the projected income based on the established baseline. It does not deduct any continuing fixed overheads or continuing labor costs. Consultation with a forensic accountant who specializes in insured losses is recommended to ensure accuracy in this process.

5. Consider risk mitigation efforts: Evaluate any actions taken to mitigate the impact of the event on business operations. This may include implementing temporary workarounds, engaging alternative service providers, or other measures such as the use of inventory and overtime of personnel. Document these efforts and their associated costs.

6. Deduct saved expenses: Identify any expenses that were saved or reduced because of the event. For example, if certain operations were temporarily halted, there may be savings in areas such as labor costs or utility expenses. Deduct these saved expenses from the gross income loss to gain a more accurate picture of your actual loss.

7. Consider extra and expediting expenses: Identify and document any extra expenses incurred to continue or restore normal business operations after the event. This may include costs such as temporary workers, outsourcing services, communication expenses, data recovery costs, legal fees, and more. Additionally, consider any expenses incurred to expedite the repair, replacement, or restoration of systems and costs incurred to reduce the loss.

8. Document supporting evidence: Maintain detailed documentation to support the income loss calculation. This includes all previously mentioned documentation, as well as expense reports, invoices, receipts, timesheets, and any other relevant records. These documents provide evidence of the costs incurred and support the accuracy of the income loss calculation.

9. Consult with experts: Marsh’s Forensic Accounting and Claims Services (FACS) team is uniquely positioned to support companies with insights, expertise, and assistance in accurately assessing the monetary impact and preparing the income loss calculation associated with cyber outages. To the extent claim preparation coverage exists in relevant insurance coverages, such costs also may be a recoverable expense.

Returning to business as usual with confidence

Your economic losses and recovery from the tech outage event will be unique to your organization’s business complexities. By following the steps above and consulting with your dedicated Marsh team of client executive advisors, brokers, cyber advocates, and forensic accounting professionals, you can be confident in your recovery from this outage and begin working towards greater long-term cyber resilience.

To learn more, speak with your Marsh representative.

Our People

Placeholder Image

Gill Collins

Head of Cyber Incident Management and Cyber Advisory, Marsh Pacific

Brylee Jaghbir

Brylee Jaghbir

Head of Cyber, Pacific

Related insights

This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors. Any modelling, analytics, or projections are subject to inherent uncertainty, and any analysis could be materially affected if any underlying assumptions, conditions, information, or factors are inaccurate or incomplete or should change. LCPA 24/422

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.”