Pete Haas
Associate Editor
Loyola University Chicago School of Law, JD 2025
Earlier this year, CrowdStrike, a leading cybersecurity company, experienced a major outage caused by an automatic software update. This incident disrupted services globally, affecting over 8.5 million devices, including critical sectors such as healthcare and financial services. As businesses increasingly rely on third-party vendors for cybersecurity, this outage underscores the importance of managing third-party risks and ensuring digital resilience. Organizations can use this event as a valuable lesson to reassess their risk management practices and strengthen their defenses. Furthermore, the incident reveals how even highly reputed vendors are not immune to failure, stressing the need for layered defenses that safeguard against vendor disruptions at every level.
Overview of the outage and its root cause
The CrowdStrike outage was triggered by a problematic Falcon sensor update—a tool leveraging AI and machine learning to protect customer systems—released on July 19, 2024. This update contained a mismatch in template input fields, which led to widespread system crashes across the platform. Devices using the Falcon sensor began experiencing failures, which escalated rapidly as companies reliant on CrowdStrike’s security services struggled to manage their systems. The issue was exacerbated by the fact that the sensor update was automatically deployed, leaving clients with little time to react.
In response, CrowdStrike worked quickly to roll back the update and implement emergency patches to resolve the disruption. The incident also led the company to bring in third-party auditors to ensure that the underlying cause was thoroughly addressed, and future updates would not repeat the same vulnerabilities. This highlights the critical role of robust internal controls and careful testing of updates before deployment, especially when they are tied to high-stakes security systems.
Third party risk and procurement risk
The CrowdStrike outage shines a spotlight on third-party risk in today’s interconnected digital landscape. Many organizations rely heavily on external vendors for their cybersecurity infrastructure, which makes them vulnerable to disruptions when these vendors experience failures. This is precisely what happened with CrowdStrike’s global clientele, many of which are well known names, where companies dependent on its services were directly impacted by the vendor’s software flaw. Such failures expose not only security vulnerabilities but also operational and reputational risks for these clients, who may experience severe backlash when systems go offline.
Procurement risk, particularly when dealing with critical vendors like cybersecurity firms, should not be underestimated. The CrowdStrike incident underlines the need for businesses to conduct thorough due diligence during the procurement process. This includes evaluating vendors’ software development lifecycle (SDLC) processes, their incident response capabilities, and historical performance. Failing to assess these risks could leave organizations exposed to a single point of failure, with potentially severe consequences. Moreover, a comprehensive vendor risk assessment should also analyze the resilience of vendors’ supply chains and dependencies, as they may amplify the risk impact if not properly managed.
Where to focus compliance in cybersecurity for digital resilience
To enhance digital resilience and mitigate the risks exposed by the CrowdStrike outage, organizations should focus on building robust third-party risk compliance frameworks. This starts with continuous vendor assessments, including regular audits of their SDLC, backup protocols, and security measures. Ensuring that vendors meet the highest standards of operational resilience can help reduce the likelihood of a similar outage disrupting business operations.
Additionally, businesses should prioritize redundancy and failover systems to minimize the impact of vendor-related outages. As the CrowdStrike incident demonstrated, relying on a single vendor for critical services can lead to widespread disruption when that vendor experiences an issue. By diversifying vendors and implementing backup solutions, organizations can ensure that they remain operational even if one provider fails. This was especially important in the healthcare sector, where real-time services are critical for patient safety. These precautions, coupled with clear SLA agreements outlining downtime protocols, are essential in fortifying operational stability against third-party risks.
The CrowdStrike outage serves as a clear reminder that businesses must remain vigilant about third-party risks and continuously work toward strengthening their cybersecurity defenses. By integrating these lessons into their risk management practices, organizations can enhance their digital resilience and be better prepared to navigate future disruptions. In an era of increasingly automated and interconnected systems, maintaining this level of vigilance is essential to ensure that vendor relationships support rather than undermine security and resilience.