Skip to main content

Article

Accounting for economic losses following the global tech outage

The global tech outage caused by the CrowdStrike software update disrupted business operations for millions of companies, employees, and customers.

The global tech outage caused by the CrowdStrike software update disrupted business operations for millions of companies, employees, and customers. While many have now resumed business as usual, companies are contending with the cascading impacts of this global incident, the cyberattackers seeking to capitalise from it, and the financial implications.

The reality is that measuring the net economic impact of this event on operations will require more time as well as the perspective of hindsight, especially when analysing business income shortfalls during and immediately following the outage. For example, revenues may initially decline, but show signs of recovery once systems have come back online. This reflects a delay in recording transactions in systems, as opposed to true income losses.

In the wake of this significant global outage, businesses may be eager to measure the net economic impact as quickly as possible to better understand how they were affected, what they can claim against their insurance policies or report to key stakeholders, and what can be done to mitigate future disruptions and minimise financial losses.

However, every business is unique, and its sensitivity to income losses due to systems availability will determine the time required to demonstrate a true loss of income as well as an accurate measurement of net economic impact. During this period, some patience is required as is a thorough measurement approach.

A comprehensive approach to measuring economic loss

If your organisation has suffered an income loss due to the tech outage, or perhaps only a temporary decline rather than a permanent loss, it is critical to follow a comprehensive process to measure the true economic impact of the event.

Known as an income loss calculation or analysis, below are nine key steps risk managers and leaders can follow when setting out to accurately measure an outage-related economic loss, including the types of documentation required for the analysis.

1. Gather initial key source documentation: First, it is critical to collect all relevant documentation related to the event and its impact on the organisation. This information may include, but is not limited to:

  • Incident reports: Detailed reports documenting the event, its causes, and the resulting impact on business operations.
  • Financial records: Granular monthly operating statements and other financial records for the affected period and comparable periods.
  • Communication records: Emails, memos, meeting minutes, and other correspondence discussing the event, its consequences, and any risk mitigation efforts.
  • Contracts and agreements: Any contracts or agreements with third-party providers, vendors, or service providers that may have been affected by the event.
  • Insurance policies: Reviews of the organisation's insurance policies, specifically those related to business interruption or contingent business interruption coverage.

Cumulatively, this information offers a holistic window into your organisation’s unique documentation process, initial reaction to the event, as well as greater insights into its impact across internal teams and third parties. 

2. Identify the precise period of loss: Next, risk managers and leaders should pinpoint the specific period during which the income loss occurred.

This may include the duration of the event itself and any subsequent recovery period until business operations return to normal. This timeline may vary by business unit, but should document the following:

  • Which systems were affected
  • When systems came back online
  • When downstream operations returned to expected operating levels

Equipped with this information, companies can better understand the timeline of events pre-, mid-, and post-incident and, as a result, formulate more accurate analyses of lost income.

3. Establish a baseline: Compare the financial performance of the affected period with historical data from comparable periods. By analysing business performance during similar time frames in the past, leaders can gain insights into expected financial outcomes and identify any deviations from the norm. This establishes a baseline for assessing income loss.

In addition to historical data, it is also crucial to review and consider any pre-loss prepared management forecasts. These forecasts provide an estimate of the expected financial performance based on projected business conditions. If the actual performance during the affected period differs significantly from the forecasted expectations, it is important to understand the reasons behind the variance. It could be due to changes in business conditions, such as shifts in market dynamics, regulatory changes, or other external factors that impact your operations.

4. Calculate insured gross profit loss: Calculate the gross income loss by comparing the actual income during the affected period with the projected income based on the established baseline. This calculation should consider factors such as lost sales, reduced productivity, and any additional costs incurred due to the event.

Keep in mind that the definition of insured gross profit is not synonymous with accounting gross profit, which is recorded on the profit and loss statement. Insured gross profit refers to the financial loss incurred by a business due to an insured event, calculated by comparing the actual income during the affected period with the projected income based on the established baseline. It does not deduct any continuing fixed overheads or continuing labour costs. Consultation with a forensic accountant who specialises in insured losses is recommended to ensure accuracy in this process.

5. Consider risk mitigation efforts: Evaluate any actions taken to mitigate the impact of the event on business operations. This may include implementing temporary workarounds, engaging alternative service providers, or other measures such as the use of inventory and overtime of personnel. Document these efforts and their associated costs.

6. Deduct saved expenses: Identify any expenses that were saved or reduced because of the event. For example, if certain operations were temporarily halted, there may be savings in areas such as labour costs or utility expenses. Deduct these saved expenses from the gross income loss to gain a more accurate picture of your actual loss.

7. Consider extra and expediting expenses: Identify and document any extra expenses incurred to continue or restore normal business operations after the event. This may include costs such as temporary workers, outsourcing services, communication expenses, data recovery costs, legal fees, and more. Additionally, consider any expenses incurred to expedite the repair, replacement, or restoration of systems and costs incurred to reduce the loss.

8. Document supporting evidence: Maintain detailed documentation to support the income loss calculation. This includes all previously mentioned documentation, as well as expense reports, invoices, receipts, timesheets, and any other relevant records. These documents provide evidence of the costs incurred and support the accuracy of the income loss calculation.

9. Consult with experts: Marsh’s Forensic Accounting and Claims Services (FACS) team is uniquely positioned to support companies with insights, expertise, and assistance in accurately assessing the monetary impact and preparing the income loss calculation associated with cyber outages. To the extent claim preparation coverage exists in relevant insurance coverages, such costs also may be a recoverable expense.

Returning to business as usual with confidence

Your economic losses and recovery from the tech outage event will be unique to your organisation’s business complexities. By following the steps above and consulting with your dedicated Marsh team of client executive advisors, brokers, cyber advocates, and forensic accounting professionals, you can be confident in your recovery from this outage and begin working towards greater long-term cyber resilience.

To learn more, speak with your Marsh representative.

CrowdStrike cyber claim preparation and financial recovery

Our forensic accounting and claims specialists can help you identify financial impacts, key cost categories, and actual costs to advocate for optimal insurance recoveries.