We finally know what caused the global tech outage - and how much it cost | CNN Business (2024)

We finally know what caused the global tech outage - and how much it cost | CNN Business (1)

After multiple cancelled flights to Washington D.C., Delta Airlines passengers Patty (L) and Alice Crump get ticketing assistance from an agent at Hartsfield-Jackson Atlanta International Airport.

CNN

Insurers have begun calculating the financial damage caused by last week’s devastating CrowdStrike software glitch that crashed computers, canceled flights and disrupted hospitals all around the globe — and the picture isn’t pretty.

What’s been described as the largest IT outage in history will costFortune 500 companies alone more than $5 billion in direct losses, according to one insurer’s analysis of the incident published Wednesday.

The new figures put into stark relief how a single automated software update brought much of the global economy to a sudden halt — revealing the world’s overwhelming dependence on a key cybersecurity company — and what it will take to recover.

Theestimates come the same day that CrowdStrike issued a preliminary report on how it inadvertently caused the widespread IT meltdown. It is the most detailed technical analysis to date of the outage.

Businesses are scrambling to recover – especially Delta Air Lines. Delta is still dealing with fallout from the glitch, as thousands of flights have been canceled. The Department of Transportation is investigating.

Numerous Fortune 500 companies use CrowdStrike’s cybersecurity software to detect and block hacking threats. But when CrowdStrike issued an update last week to its signature cybersecurity software, known as Falcon, millions of computers around the world running Microsoft Windows crashed because of the way that the update interacted with Windows.

The health care and banking sectors were the hardest hit by CrowdStrike’s mishap, with estimated losses of $1.94 billion and $1.15 billion, respectively, said Parametrix, the cloud monitoring and insurance firm behind Wednesday’s analysis.

Fortune 500 airlines such as American and United were the next most affected, losing a collective $860 million, Parametrix said.

All told, the outage may have cost Fortune 500 companies as much as $5.4 billion in revenues and gross profit, Parametrix said, not counting any secondary losses that may be attributed to lost productivity or reputational damage. Only a small portion, around 10% to 20%, may be covered by cybersecurity insurance policies, Parametrix added.

Fitch Ratings, one of the largest US credit ratings agencies, said Monday that the types of insurance likely to see the most claims stemming from the outage include business interruption insurance, travel insurance and event cancellation insurance.

“This incident highlights a growing risk of single points of failure,” Fitch said in a blog post, warning that such single points of failure “are likely to increase as companies seek consolidation to take advantage of scale and expertise, resulting in fewer vendors with higher market shares.”

The eye-popping damage estimates underscore how a preventable mistake at one of the world’s most dominant cybersecurity firms has had cascading effects for the global economy — and may prompt more calls for CrowdStrike to be held accountable.

What went wrong

On Wednesday, CrowdStrike released a report outlining the initial results of its investigation into the incident, which involved a file that helps CrowdStrike’s security platform look for signs of malicious hacking on customer devices.

The company routinely tests its software updates before pushing them out to customers, CrowdStrike said in the report. But on July 19, a bug in CrowdStrike’s cloud-based testing system —specifically,the part that runs validation checks on new updates prior to release — ended up allowing the software to be pushed out “despite containing problematic content data.”

The bad release was published just after midnight Eastern time on July 19, and rolled back an hour and a half later, at 1:27 a.m. Eastern, CrowdStrike said. But by then millions of computers had already automatically downloaded the faulty update. The issue affected only Windows devices, not Mac or Linux machines, and only those that were switched on and able to receive updates during those early morning hours.

Thanks to the timing of the incident, organizations in Europe and Asia “had more of their work day affected by the outage, unlike the Americas,” Fitch wrote in its blog post.

When Windows devices using CrowdStrike’s cybersecurity tools tried to access the flawed file, it caused an “out-of-bounds memory read” that “could not be gracefully handled, resulting in a Windows operating system crash,” CrowdStrike said.

That’s the Blue Screen of Death that many people reported seeing on their machines, and that only a manual intervention to delete the bad file could fix — a slow, painstaking process when you consider that as many as 8.5 million individual devices will need to be reset this way.

That figure is small as a percentage of the wider Windows ecosystem, said Microsoft — a company that played no direct role in the outage. Still, Microsoft said in a blog post, it “demonstrates the interconnected nature of our broad ecosystem.”

CrowdStrike said that the testing and validation system that approved the bad software update had appeared to function normally for other releases made earlier in the year. But it pledged Wednesday to keep software glitches like last week’s from happening again, and to publicly release a more detailed analysis when it becomes available.

The company added that it is developing a new check for its validation system “to guard against this type of problematic content from being deployed in the future.”

And CrowdStrike said it also plans to move to a staggered approach to releasing content updates so that not everyone receives the same update at once, and to give customers more fine-grained control over when the updates are installed.

CNN’s Sean Lyngaas contributed to this report

We finally know what caused the global tech outage - and how much it cost | CNN Business (2024)

FAQs

We finally know what caused the global tech outage - and how much it cost | CNN Business? ›

Costs from the global outage could top $1 billion – but who pays the bill is harder to understand. The world learned relatively quickly that cybersecurity firm CrowdStrike

CrowdStrike
CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services.
https://en.wikipedia.org › wiki › CrowdStrike
was behind a crippling global tech outage on Friday. But figuring out who will pay the bill for the damages could take a lot longer.

How much money was lost because of CrowdStrike? ›

According to data from Parametrix, the global IT outage linked to CrowdStrike is likely to have caused at least $5.40 billion in direct financial losses for Fortune 500 companies, excluding Microsoft. Cyber insurance is expected to cover only 10% to 20% of these losses.

How much did the CrowdStrike outage cost? ›

CrowdStrike outage will cost Fortune 500 companies $5.4 billion in damages.

What day did the CrowdStrike outage happen? ›

On July 19, 2024, as a result of a faulty update to CrowdStrike Falcon sensor configuration for Windows systems, intended to enhance security by targeting newly observed malicious activities, there was an inadvertent logic error that led to widespread system crashes and blue screens of death (BSOD) on affected machines ...

Who owns the most CrowdStrike stock? ›

According to the latest TipRanks data, approximately 48.28% of CrowdStrike Holdings (CRWD) stock is held by retail investors. Who owns the most shares of CrowdStrike Holdings (CRWD)? Vanguard owns the most shares of CrowdStrike Holdings (CRWD).

What is CrowdStrike cost of debt? ›

As of Apr. 2024, CrowdStrike Holdings's interest expense (positive number) was $25.88 Mil. Its total Book Value of Debt (D) is $793.142 Mil. Cost of Debt = 25.88 / 793.142 = 3.263%.

Does the US government use CrowdStrike? ›

Crowdstrike is in wide use across federal agencies and it is a key vendor on the governmentwide Continuous Diagnostics and Mitigation cybersecurity support services contract.

Who owns CrowdStrike company? ›

Who owns CrowdStrike? The company was founded by former McAfee employee George Kurtz in 2012. Its ownership structure is a mix of individual investors, institutions and retail. The company's stock is broken down into two large investor categories.

How much cash does CrowdStrike have on hand? ›

Cash on Hand as of April 2024 : $3.70 B.

Why did CrowdStrike drop so much? ›

Key Points. CrowdStrike stock hit an all-time high at the beginning of July, but a software defect sent shares cratering. The company could be forced to pay for damages, and it might lose out on new business, which is why investors are selling.

Is CrowdStrike an Israeli company? ›

Beyond the business rivalry, CrowdStrike is part of an exit strategy for many Israeli cybersecurity startups. The American company, which has a $4 billion reserve and wants to expand its solution portfolio, has become a target for Israeli venture capital funds looking for a buyer for their offerings.

Who is behind CrowdStrike? ›

CrowdStrike was co-founded in 2011 by George Kurtz (CEO), Dmitri Alperovitch (former CTO), and Gregg Marston (CFO, retired).

How much money is CrowdStrike worth? ›

As of August 2024 CrowdStrike has a market cap of $58.53 Billion. This makes CrowdStrike the world's 307th most valuable company by market cap according to our data.

How much of the market does CrowdStrike have? ›

CrowdStrike is certainly big. The company is second only to Microsoft in terms of endpoint protection market share. Gartner says Microsoft owns 40.2% of the market while CrowdStrike is second with 14.7%. Yet CrowdStrike's market share is concentrated with big enterprises, according to Canalys Chief Analyst Jay McBain.

What is CrowdStrike revenue yearly? ›

CrowdStrike had revenue of $921.04M in the quarter ending April 30, 2024, with 32.99% growth. This brings the company's revenue in the last twelve months to $3.28B, up 34.26% year-over-year. In the fiscal year ending January 31, 2024, CrowdStrike had annual revenue of $3.06B with 36.33% growth.

Top Articles
Latest Posts
Article information

Author: Carmelo Roob

Last Updated:

Views: 5315

Rating: 4.4 / 5 (45 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Carmelo Roob

Birthday: 1995-01-09

Address: Apt. 915 481 Sipes Cliff, New Gonzalobury, CO 80176

Phone: +6773780339780

Job: Sales Executive

Hobby: Gaming, Jogging, Rugby, Video gaming, Handball, Ice skating, Web surfing

Introduction: My name is Carmelo Roob, I am a modern, handsome, delightful, comfortable, attractive, vast, good person who loves writing and wants to share my knowledge and understanding with you.