CrowdStrike is facing a lawsuit from shareholders who claim the company made “false and misleading” statements about its software testing processes.

The allegations suggest these statements contributed to a recent global IT outage, which CrowdStrike attributes to a single sensor error. In response to the issue, CrowdStrike has announced plans to provide customers with more control over similar software updates in the future.

Public Response to CrowdStrike’s Compensation Offer

Delta Air Lines, one of the companies most severely impacted by the outage, has accused CrowdStrike of “negligence.” The airline claims it was forced to cancel thousands of flights due to the incident, resulting in estimated losses of at least $500 million (£392 million). Delta’s pursuit of damages reflects the broader financial and operational disruptions caused by the outage.

In an attempt to address customer dissatisfaction, CrowdStrike offered a $10 apology voucher to those affected by the outage. However, this gesture has been widely criticised by the public, lawmakers, and industry experts, who view the compensation as inadequate given the scale of the disruption. Some have even referred to the incident as “the largest IT outage in history.”

Calls for Enhanced Cybersecurity Measures

Alina Timofeeva, an expert in cybersecurity, has highlighted the recent CrowdStrike outage as a wake-up call for both businesses and governments. She draws parallels between this incident and other significant cyber events, such as attacks from hostile states and the Post Office scandal, underscoring the need for stronger cybersecurity measures and greater operational resilience.

Timofeeva advocates for increased government involvement in promoting cybersecurity and media literacy. She emphasises the importance of integrating cybersecurity into national infrastructure and education, arguing that this will help create a more cyber-resilient society. Additionally, she calls for greater transparency from technology companies, which have a substantial impact on daily life, and urges support for small and medium-sized businesses in building resilience.

To foster a culture of security, Timofeeva recommends that company boards include members specifically responsible for cybersecurity and operational resilience. She believes this accountability is crucial for ensuring strategic oversight and enhancing operational resilience frameworks. Senior management, in her view, must prioritise critical services and enforce a “secure and resilient by design” approach within their organisations.

Alignment Between CIOs and CROs for Effective Risk Management

The global IT outage has highlighted the risks associated with the interconnected nature of modern IT systems. Timofeeva stresses the importance of close alignment between Chief Information Officers (CIOs) and Chief Risk Officers (CROs) to ensure a proportionate response to such incidents. She also advocates for mandatory reporting of cyber breaches and regular board-level discussions on cyber risk, both within organisations and among critical third-party partners.

As the situation around the CrowdStrike lawsuit and the Microsoft outage continues to evolve, it serves as a stark reminder of the vulnerabilities inherent in global IT infrastructure. The responses from affected companies, shareholders, and cybersecurity experts will likely shape future approaches to operational resilience and cybersecurity governance.