British Computer Society’s Alina Timofeeva said that the Crowdstrike situation proved that you need more than one partner.
She highlights that the outages caused by a CrowdStrike update have far-reaching effects beyond the initial chaos.
Timofeeva said the incident underscores the risks associated with technology and the lack of customer awareness about them. The global ripple effect demonstrates the market’s interconnectivity and risk concentration.
She said that large software vendors like CrowdStrike can significantly impact the global economic system and millions of customers when they fail. She stresses the importance of companies, governments, and regulators being mindful of the systemic risks of relying on a single primary provider. Future failures by cloud giants like Amazon, Microsoft, or Google could have even more extensive impacts.
“From the governments’ perspective we need to start monitoring in detail the impact of this interconnected state, and identify the future events that could start small but become much bigger. This would help us build the nation’s resilience and ability to respond to similar events,” she said,
Timofeeva believes real disruption is about empowerment, enabling customers to navigate change and uncertainty safely. Clear, transparent, and timely communication is essential during crises to maintain trust. Companies should communicate the immediate impact and recovery steps and long-term measures to prevent future issues.
She anticipates that strategic communication will be necessary at company and government levels to mitigate future risks. The recent events should prompt employers to invest in robust disaster recovery plans, tested across various scenarios. Regulators will likely focus more on operational resilience across data, technology, people, and processes.
“It is essential to prioritise material services like payroll and payments. While DORA implementation is underway, more is needed for all sectors. Timofeeva expects tighter regulations and increased regulatory scrutiny to ensure companies prioritise safety and security over cost and efficiency,” Timofeeva said.
She does not foresee new regulations but anticipates stricter adherence to existing ones. Compliance varies, and companies must fully comply with key risks and control frameworks. The outage was a technological failure and impacted operations and customers. Companies must have comprehensive recovery plans and be able to restore services quickly to maintain customer trust.
