CrowdStrike's latest outage may cost over $1B: Who will pay?
What's the story
The worldwide Windows outage last week, dubbed the "largest IT outage in history" by a cybersecurity expert, could potentially cost more than $1 billion in damages. The fault was traced back to flawed code in a software update from cybersecurity company CrowdStrike. However, it is yet to indicate if it plans to provide compensation for the damages. Their error led to the cancellation of over 5,000 commercial airline flights globally, and disrupted businesses across various sectors including retail and healthcare.
Recovery efforts
Faulty code disrupts millions of devices
The faulty code in CrowdStrike's software update proved more challenging to fix than to cause, with systems potentially taking days to return to normal. Late on Sunday, the cybersecurity firm announced via social media that a "significant number" of the approximately 8.5 million affected devices were back online and operational. Despite apologizing for the disruption, CrowdStrike has not yet indicated if it plans to provide compensation for the damages caused by this unprecedented outage.
Legal implications
Legal protections may shield CrowdStrike from liability
Patrick Anderson, CEO of Anderson Economic Group, suggests that the costs of this disruption could easily exceed $1 billion. However, James Lewis, a researcher at the Center for Strategic and International Studies, indicates that legal protections in customer contracts might protect CrowdStrike from such fallout. He cites a recent case where software company SolarWinds won the dismissal of Securities and Exchange Commission charges, related to a Russian hack as an example.
Business impact
CrowdStrike's customer base and reputation at stake
The potential impact on CrowdStrike's customer base remains uncertain. Dan Ives from Wedbush Securities estimates that less than 5% of its customers might switch providers due to this incident. However, he warns that the reputational damage could make it difficult for CrowdStrike to win new customers. Despite this, CrowdStrike CEO George Kurtz stated that the firm is focused on fixing the ongoing issues and believes most customers have been understanding.
Industry challenges
Cybersecurity industry's centralized systems under scrutiny
The incident has raised questions about the cybersecurity industry's reliance on centralized systems. Cyber expert James Bore highlighted the vulnerability of widespread tools when things go wrong. The industry now faces the challenge of preventing another such episode and reconsidering the dominance of centralized solutions. This outage serves as a stark reminder of the potential risks associated with centralization in cybersecurity, prompting a need for reassessment and change.