The 2024 CrowdStrike Incident: Lessons Learned

In July 2024, the world witnessed one of the most significant cybersecurity incidents in recent memory. CrowdStrike, a leading cybersecurity firm, released an update to its software that inadvertently caused catastrophic failures across millions of devices worldwide and resulted in financial losses in the billions [1]. Although AllSafe IT and our clients were not affected, the incident serves as a powerful reminder of the inherent risks in our increasingly digital and interconnected world.

What Happened?

On July 19, 2024, CrowdStrike rolled out a routine update to its widely used Falcon Sensor security software. Unfortunately, this update contained a critical flaw that led to widespread system crashes [2]. Devices running the update began experiencing severe malfunctions, including boot loops and forced recovery modes. The ripple effects were felt globally, with an estimated 8.5 million Windows devices affected [3], primarily within enterprise environments.

The Impact on Businesses

The fallout from the disruption was massive, and several major industries were hit hard:

• Airlines: Delta Air Lines was one of the most prominently affected companies. The airline was forced to cancel 7,000 flights over five days, resulting in an estimated $500 million in losses [4]. Other airlines, including American and United, and airports across the globe were also affected [5].
• Financial Services: Banks and financial institutions experienced outages that disrupted financial transactions and customer services. Affected companies included Bank of America, Chase, Capital One, Wells Fargo, US Bank [6]. With so many systems down, even basic banking operations became a challenge, leading to lost revenue and customer dissatisfaction.
• Healthcare: Hospitals and healthcare providers were not spared either. System failures caused by the update potentially compromised patient care, as electronic health records became inaccessible, hospital staff were unable to badge in to secure areas, and diagnostic equipment was rendered inoperable [7]. Hospitals, including Mass General Brigham in Massachusetts [8] and Mount Nittany in Pennsylvania [9], announced that they were cancelling surgeries and other appointments due to the outage.
• Government Services: Even government services, including the United States Department of Homeland Security [10] and 911 services in several states [11], were affected. This raised concerns about the broader implications of such an incident on national security and public safety.
• The list goes on: The incident impacted many other industries, from retailers and manufacturers, to sports, media and communications [12]. Even the 2024 Paris Olympics were affected [13].

The Financial Toll

The financial impact of the CrowdStrike incident was enormous. According to estimates, Fortune 500 companies in the United States alone suffered direct losses amounting to $5.4 billion [14]. This figure only accounts for direct financial losses and does not include secondary effects such as reputational damage, lost opportunities, legal expenses, or the broader economic impact of the disruptions.

Why CrowdStrike Was Not Liable

Despite the widespread damage, CrowdStrike was not held liable for the losses incurred by its customers. CrowdStrike’s terms and conditions limit its liability to “fees paid”, which left affected companies with little recourse for compensation beyond a refund for what they paid for the software [15].

This legal protection for CrowdStrike highlights a crucial point: relying solely on a cybersecurity provider for protection without additional safeguards can leave businesses vulnerable to massive losses.

Cyber Insurance is More Important Than Ever

The CrowdStrike incident is a textbook example of why cyber insurance is essential for businesses today. While cybersecurity measures can significantly reduce the risk of incidents, no system is entirely foolproof. This is where cyber insurance comes into play. Cyber insurance can provide a financial safety net in the event of a cyber disaster, covering losses that might otherwise be catastrophic for a business.

What Cyber Insurance Covers

Cyber insurance is designed to help businesses recover from a variety of cyber-related incidents. Coverage typically includes:

• Business Interruption: Compensation for lost income due to downtime caused by a cyber incident. This can be critical for businesses that depend on continuous online operations.
• Data Breach Response: Costs associated with responding to a data breach, including notification of affected individuals, credit monitoring services, and legal expenses.
• Legal Fees and Fines: Coverage for legal defense costs and any fines or penalties resulting from a breach of data protection laws.
• Extortion Payments: Reimbursement for payments made to resolve ransomware attacks or other forms of cyber extortion.
• Repairing Damaged Systems: Costs to restore or repair systems that were damaged during a cyber incident.

How AllSafe IT Can Protect Your Business

At AllSafe IT, we believe that preparing for the unexpected is just as important as preventing it. While we work tirelessly to protect our clients from cyber threats and incidents like Crowdstrike, we also emphasize the need for comprehensive cyber insurance as part of a robust risk management strategy. By partnering with AllSafe IT, your business gains access to cutting-edge cybersecurity solutions and the expertise needed to navigate the complex world of cyber insurance.

By partnering with AllSafe IT, your business gains access to top-tier cybersecurity solutions tailored to your unique needs. We work closely with you to ensure that you have the right protections in place, including robust cyber insurance policies that can help mitigate the impact of unforeseen events.

Conclusion

The 2024 CrowdStrike incident serves as a sobering reminder of the vulnerabilities that exist even in the most secure systems. The financial and operational impacts were felt across the globe, and many companies were left to bear the brunt of these losses on their own. Having a solid cybersecurity plan in place is essential, but it's equally important to have a backup plan in the form of cyber insurance.

At AllSafe IT, we are committed to helping your business stay protected in an ever-changing digital landscape. We offer not just technology solutions but also the expertise and guidance needed to ensure your business is resilient in the face of potential threats. Reach out to us today to learn more about how we can help safeguard your operations and provide peace of mind in an increasingly uncertain world.

‍

References

1. https://fortune.com/2024/08/03/crowdstrike-outage-fortune-500-companies-5-4-billion-damages-uninsured-losses/

2. https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/

3. https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/

4. https://www.cnn.com/2024/08/08/business/delta-crowdstrike/

5. https://www.nasdaq.com/articles/airlines-and-financial-services-hit-hard-crowdstrike-outage

6. https://mashable.com/article/banks-affected-microsoft-outage-crowdstrike

7. https://www.npr.org/2024/07/21/nx-s1-5046700/the-crowdstrike-outage-disrupted-many-industries-hospitals-were-especially-vulnerable

8. https://www.cbsnews.com/boston/news/microsoft-outage-crowdstrike-mass-general-brigham-hospitals-boston/

9. https://mountnittany.org/news-stories/general-news/mount-nittany-health-impacted-by-nationwide-it-outage/

10. https://x.com/DHSgov/status/1814286042318643492?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet

11. https://www.usatoday.com/story/news/nation/2024/07/19/crowdstrike-outages-what-happened/74474725007/

12. https://www.theguardian.com/technology/article/2024/jul/19/from-trains-to-retail-how-crowdstrike-outage-caused-havoc-across-industries

13. https://www.connexionfrance.com/news/air-france-flights-and-french-tv-disrupted-in-major-microsoft-bug/669898

14. https://www.parametrixinsurance.com/in-the-news/crowdstrike-to-cost-fortune-500-5-4-billion

15. https://www.businessinsider.com/crowdstrike-terms-conditions-limits-damages-to-refund-2024-7

‍