蜜豆视频

A routine software update recently cascaded into one of the biggest IT outages, incapacitating companies around the world: thousands of flights were cancelled, employees were unable to log on to their computers, hospital surgeries were postponed, and television channels went off air. What happened on 19 July was a stark reminder that IT and data center outages may have painful consequences for modern societies.

At 6:09 a.m. CET on Friday, 19 July 2024, the cybersecurity provider CrowdStrike Inc. released a content configuration update for the Windows sensor. This configuration triggered a logic error resulting in a crash of the Windows system and blue screens on impacted computers. Apple and Linux operating systems were not affected.

Around 80 minutes later, the company identified the issue, isolated it, and reverted the update. The systems coming online after this time, or those that did not connect during this time window, were not impacted. According to CrowdStrike, the problem was 鈥渘ot the result of or related to a cyberattack鈥�. In total, approximately 8.5 million devices (less than one percent of all Windows machines) were impacted.

On Thursday, 25 July, more than 97% of the 8.5 million impacted devices were back online and operational.

Shortly after the IT outage, regulators raised the alarm that malicious websites were claiming to fix glitches in an attempt to exploit the incident. According to the Financial Times, hackers were trying to conduct malicious activities such as the distribution of a Zip archive file that appeared to be targeting CrowdStrike users based in Latin America.²聽 An assessment by the supply-chain risk resilience company Interos claimed that the CrowdStrike outage had a direct impact on 674,620 customer relationships and an indirect one on more than 49 million.³

There is no doubt that the digitization of our society and the interconnectivity of the global IT system brought immense benefits in terms of efficiency gains. At the same time, however, the connectivity also created vulnerabilities in the systems we have learnt to depend heavily upon, a risk that may have catastrophic consequences when not mitigated properly, as shown by the outage caused by CrowdStrike. Even though 鈥渙nly鈥� less than one percent of all Windows machines were affected by the outage, the broad economic and societal implications reflect the fragility of the world鈥檚 internet infrastructure. It seems that governments and companies have acted on the assumption that cyber resilience is important but not urgent at all.⁴

We believe that avoiding such incidents in the future must remain a priority for operators of mission-critical digital infrastructure. According to a survey conducted by Uptime institute, the biggest cause of significant site outages are on-site power problems, followed by cooling failures, software/IT system errors and network issues (Chart 1). Interestingly, although outage rates seem to have gradually been falling in recent years, the frequency of problems at third-party providers (e.g., software-as-a-service, hosting and cloud providers) has been rising, which may reflect greater use of cloud computing.

Chart 1: Leading causes of significant outages

The role of third-party providers in critical corporate IT is likely to increase. In our view, no IT architecture is fail-safe, and many recorded failures can be attributed to the difficulties of managing complex software, data, and networks.

White outages continue to occur, only a small proportion are serious or severe. As of 2023, the impact of the majority of data center and IT outages worldwide was evaluated to be negligible or minimal, 27% of them had a significant impact on organizations, 6% were evaluated as serious, and 4% were categorized as severe (Chart 2).

Chart 2: The level of severity of the most significant data center and IT downtime worldwide as of 2023

Source: Statista (2024), , accessed on 1.8.2024.

Aging hardware, out-of-date software, inconsistent backups, and poor IT security practices are often cited as the main reasons for outages, which are also becoming more expensive.

According to a 2014 study by Gartner Research, the downtime cost per minute was USD 5,600,⁵ while in 2016, the Ponemon Institute raised that number to nearly USD 9,000 per minute.⁶ In 2022, Information Technology Intelligence Consulting published a survey on server reliability that put the cost of IT downtime at a minimum of USD 5,000 a minute. About 44% of those polled put costs at USD 16,700 per server/per minute or at approximately USD 1 million per hour. Interestingly, in the same study, 76% of respondents cited security and data breaches as the greatest threat to server, application, data center, network edge and cloud ecosystem stability and reliability.⁷

In our view the biggest reasons for the increasing costs of outages (next to inflation, cost of labor, replacement parts) is the growing dependence of our society on digital services and data centers. The loss of a critical IT service often immediately translates into disrupted businesses and lost revenues.

In our opinion, the need to protect critical IT infrastructure is of utmost importance, as it is now the Achilles heel of our digital society. IT security spending is likely to increase in the wake of the failed update at CrowdStrike, forcing customers to rethink their dependence on just one IT security provider.

As the digitization of our society progresses, enhancing the resilience of IT security infrastructure and ensuring its quick recovery from potential disruptions should become a priority, it is therefore important that governments and private enterprises intensify their efforts to ensure robustness of critical IT infrastructure. As a result, attractive investment opportunities are likely to arise particularly in the area of agentless security (which eliminates the need for software on the endpoints and utilizes existing infrastructure for real-time monitoring and protection) and systems ensuring resilience of critical IT infrastructure.

¹ CrowdStrike (2024): , accessed on 1.8.2024.
² Financial Times (2024): Scammers are exploiting IT outage, warn watchdogs, in: Financial Times, 22.07.2024, p. 6.
³ Interos (2024): Interos Analyzes Supply Chain Impacts of Massive CrowdStrike Outage, , accessed on 31.7.2024.
⁴ IT outages seem to happen rather frequently. For a selected list of past examples, see e.g. Invgate (2024): 8 Crowdstrike IT Outage Stats To understand How it Affected the World, 23.07.2024, , accessed on 1.8.2024.
⁵ Gartner (2014): Increase Availability Through Best-in-Class Benchmarking and by Targeting Causes of Downtime, 26.09.2014, URL: , 2.8.2024.
⁶ Source: The Ponemon Institute (2016): Cost of Data Center Outages, January 2016, URL: , 2.8.2024.
⁷ Source: ITIC (2022): Security, Data Breaches Top Cause of Downtime in 2022, April 8th 2022, URL: , 2.8.2024.