On July 19, 2024, a faulty software update from cybersecurity firm CrowdStrike caused what is broadly considered one of the most widespread IT outages in history. The update, intended for the company’s Falcon Sensor software, inadvertently crashed millions of Microsoft Windows systems globally, including those used by critical infrastructure, financial institutions and public services. In the United States, the outage disrupted airports, health care providers, banks and logistics companies, revealing the systemic risks of over-reliance on third-party cybersecurity tools. Fortunately, organizations can learn various cybersecurity lessons by reviewing the details of this incident, its impact and the contributing factors.
The Details: CrowdStrike Outage
CrowdStrike, a leading provider of endpoint protection, released a routine update to its Falcon Sensor software on July 19, 2024. This update contained a malformed content file that triggered a critical driver-level error on Microsoft Windows systems, leading to system crashes and failures to reboot. The issue stemmed from a driver parsing failure, which caused widespread “blue screen of death” errors, rendering the affected machines inoperable until they were manually repaired.
The flawed update was distributed globally without a staggered rollout or full regression testing, which significantly amplified its impact. As a result, millions of systems were affected worldwide. In the United States, the outage disrupted a wide range of sectors and services. Airports experienced widespread flight delays, causing travel chaos for thousands of passengers. Hospitals experienced critical system outages that disrupted patient care, including access to health records and imaging platforms. Banks experienced service disruptions, with some customers reporting issues accessing online banking. Even logistics companies, such as the United Parcel Service and FedEx, were impacted, highlighting the far-reaching consequences of a single software failure.
Although CrowdStrike released a fix within hours of identifying the issue, the recovery process was far from immediate. Many affected systems required manual intervention to restore functionality, which meant that the disruption continued for several days in some organizations. The incident exposed the fragility of digital infrastructure and the risks associated with centralized software dependencies, even when those tools are designed to enhance security.
The Impact: CrowdStrike Outage
The global financial impact of the outage exceeded $10 billion, according to estimates by several industry sources. Businesses in the United States incurred a wide range of costs, including emergency IT recovery, lost productivity and operational disruptions.
The CrowdStrike outage had significant and far-reaching consequences for U.S. organizations. Ramifications included the following:
Operational Disruption
The sudden and widespread nature of the outage caused immediate and severe business interruptions across multiple sectors. Organizations were forced to halt operations, cancel services or switch to manual processes, often with little warning or preparation. In sectors such as transport and health care, the disruption also had knock-on effects on public safety and service delivery, further compounding the operational strain.
Reputational Damage
Although the fault lay with a third-party provider, many organizations bore the brunt of public dissatisfaction and media scrutiny. The inability to deliver services—especially in high-trust sectors like health care and public services—eroded customer confidence and highlighted vulnerabilities in digital infrastructure. For some businesses, the incident raised questions about their preparedness and resilience, potentially affecting long-term brand perception and stakeholder trust.
Financial Losses
The global financial impact of the outage exceeded $10 billion, according to estimates by several industry sources. Businesses in the United States incurred a wide range of costs, including emergency IT recovery, lost productivity and operational disruptions. The financial burden was even more pronounced for organizations with limited continuity planning, underscoring the value of proactive risk management.
Regulatory Scrutiny
The CrowdStrike outage prompted increased awareness among U.S. cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency, which issued alerts warning organizations to remain vigilant against potential subsequent cyberthreats, such as phishing. For some organizations, the incident may have prompted closer examination of their preparedness and oversight of critical service providers. Overall, the event served as a reminder of the importance of adhering to cybersecurity best practices and frameworks, such as the National Institute of Standards and Technology’s Cybersecurity Framework and the Securities and Exchange Commission’s disclosure rules.
Lessons Learned: CrowdStrike Outage
There are several cybersecurity and operational resilience takeaways from the CrowdStrike outage. Specifically, the incident emphasized these important lessons:
The Importance of Third-party Risk Management
The outage demonstrated how a single vendor’s error can cascade across multiple sectors. Organizations must assess the resilience of their suppliers and ensure that critical third-party services are subject to rigorous oversight and contingency planning.
The Value of Staggered Rollouts & Testing
CrowdStrike’s failure to test the update against older data formats and to roll it out gradually contributed to the scale of the incident. Organizations should check that vendors follow best practices in software deployment, including regression testing and phased rollouts.
The Necessity of Operational Resilience Planning
Organizations that had mapped their critical services and tested severe-but-plausible scenarios were better equipped to respond to the outage. This incident reinforced the need for robust business continuity plans, including manual workarounds and clear communication strategies
The Role of Insurance
Although the CrowdStrike outage was not the result of a cyberattack, the scale of disruption was comparable to a major cyber event. The incident highlighted the importance of reviewing cyber insurance policies to check if they provide coverage for non-malicious outages and system failures. It also underscored the value of business interruption insurance, particularly when organizations rely on critical third-party vendors whose failures can have far-reaching operational and financial consequences.
We can help.
If you’d like additional information and resources, we’re here to help you analyze your needs and make the right coverage decisions to protect your operations from unnecessary risk. You can download a free copy of our eBook, or if you’re ready to make Cyber Liability Insurance a part of your insurance portfolio, Request a Proposal or download our Cyber & Data Breach Insurance Application and we’ll get to work for you.