100 days after CrowdStrike’s nightmare scenario, things are back to normal
Doom-laden predictions of businesses abandoning the security-infrastructure provider haven’t come to fruition.
On July 18, we experienced one of the biggest screw-ups in the history of the digital era. Millions of computers worldwide running the Windows operating system didn’t turn on. The culprit: a configuration issue with the Falcon Sensor tool developed by cybersecurity provider CrowdStrike. In simplest terms, an incorrect update was automatically pushed out to users that contained a fatal fault, sending computers falling like dominos as the world woke up.
Companies in the Fortune 500 lost an estimated $5.4 billion because of the outage. CrowdStrike’s share price tanked, and some suggested the company might never recover from the reputational damage.
But 100 days on, those doom-laden predictions have not come to pass.
“Our work found little to no evidence of customers shifting away from CrowdStrike,” wrote financial analyst Andrew DeGasperi and equity research associate Ari Friedman of BNP Paribas in a recent paper. They suspect that the speed at which CrowdStrike will close new deals and renew existing ones will take a minor hit, as current or would-be clients will more carefully scrutinize what had previously been a sure bet, but they believe, ultimately, people will still ink deals with CrowdStrike.
DeGasperi and Friedman’s confidence is owed in part to the fact that CrowdStrike is still the dominant player in the end-point detection and response (EDR) sector, with an estimated 18% market share, according to research firm IDC. That puts its share of the sector two percentage points higher than the next-biggest competitor, Microsoft.
One of the reasons people chose CrowdStrike was for its reliability and speed of response to incidents. At a congressional subcommittee hearing in late September, CrowdStrike’s senior vice president of counter adversary operations said that prior to the Falcon incident, the firm was pushing out 10 to 12 updates to its systems every day. That’s now changed in light of July’s outage, with customers now able to opt in to whether they want the updates across the board.
The company’s appearance on the subcommittee helped stanch some of the potential losses, says Brian Essex at JP Morgan. “The testimony reflected positively on CrowdStrike, considering the nature of events that led to the outage, the company’s response, and CrowdStrike’s ongoing efforts to improve the resiliency of its platform and the systems it protects,” Essex wrote in a note following the hearing.
Essex believes that the company’s overall response to the incident has been a “master class in incident response.”
Not everyone is quite as rosy about CrowdStrike’s future, however. In a survey of cybersecurity-service resellers conducted by investment bank Jefferies, 25% of respondents believed the ramifications of the Falcon outage would impact new business for CrowdStrike, while 63% said it will have an impact on existing customers renewing their contracts with the company.
More significantly, CrowdStrike’s share price is now trading at around $300 a share, compared to highs of nearly $390 a share prior to the incident—although it has regained significant value from its nadir of around $220 a share immediately after the Falcon outage. (CrowdStrike declined Fast Company’s request for comment.)
That quick turnaround is a reflection of CrowdStrike’s dominance within its sector, and a recognition within the industry that similar issues could befall anyone.
Equity researchers at Scotiabank recently quizzed a chief information security officer (CISO) at a company with $10 billion in revenue that has been a CrowdStrike customer since 2016. The Falcon outage affected around 10% of the company’s computers, but it was able to return to normal operations within a week thanks to CrowdStrike’s help.
It was the firm’s first major issue with CrowdStrike, Scotiabank reported, and the financial impact was negligible compared to the cost savings CrowdStrike had given them previously. The CISO said that having its security part-provided by CrowdStrike since 2016 had helped lower the company’s overall spending on insurance by 10% to 15%, which was why they’d be sticking with CrowdStrike in the years to come. In fact, they’d agreed to spend around 10% more with CrowdStrike next year compared to this year.
They’re likely not alone, which is good news for the company as it tries to regain its standing with the general public. At the end of the day, CrowdStrike’s standing among those who bankroll its business doesn’t seem to have taken too big a hit.
ABOUT THE AUTHOR
(1)