Subscribe

CrowdStrike Explains Just What the Heck Happened

CrowdStrike offered a candid assessment of what led to the largest outage of the computer age, affecting 8.5 million computers.

Photo of an error screen message at an airport due to Crowdstrike global outage
Photo by Reivax via CC BY 2.0

Sign up for smart news, insights, and analysis on the biggest financial stories of the day.

Brian Boyle The Daily Upside

Brian Boyle

There’s a thin line between an explanation and an excuse, and as the company that crashed around 8.5 million computers around the world, CrowdStrike is very much hoping its mea culpa is taken as something closer to the former.

On Wednesday, the cybersecurity colossus offered a candid assessment of what led to the largest outage of the computer age. And, as the world reboots, the winners (they really do exist) and losers from the entire debacle are becoming clearer.

Strike Out

To put the incident report CrowdStrike published Wednesday into layman’s terms: because of a bug, its internal testing software failed to identify the faulty code in a software update that it pushed to millions of devices. Basically, a bug kept its bug-detecting system from working. To keep that from happening again, CrowdStrike said it will add testing layers and roll out updates in phases. Experts in cybersecurity say there’s a balance between too much and not enough testing, but we now know what can happen when there’s too little. 

Still, pain from the widespread disruption — particularly to systems reliant on Microsoft products — will vary:

  • Not including Microsoft, the outage will likely cost US Fortune 500 companies around $5.4 billion, according to projections from insurer Parametrix. Banks and healthcare systems will likely be the most impacted. 
  • Still, insurance firms will likely only be on the hook for around $1 billion of those losses, per Parametrix. According to a Fitch Ratings report, “​​lack of insurance coverage, high deductibles, sublimits and time element periods for business interruption claims” will limit insured losses.

“Although standard cyber insurance covers cloud downtime due to security failure, operational failure or system failure of the insured’s own operations, it typically does not cover downtime due to non-malicious cyber events at a third-party network service provider,” Loretta Worters, a spokesperson at the Insurance Information Institute, told Reuters.

Wiz Kids: Another low-key winner: Wiz, the Israeli cybersecurity startup that walked away from acquisition talks with Google to instead pursue an IPO on its own. Per a Bloomberg report on Tuesday, the CrowdStrike outage led the firm to assess it was worth more than the $23 billion Google offered. Crisis, meet opportunity.

Smart, actionable news trusted by millions.

Our flagship newsletter delivers smart news and analysis on finance, and investing — all for free

Recent News

Sign Up for The Daily Upside to Unlock This Article
Sharp news & analysis on finance, economics, and investing.