In the wee hours of Friday, July 19, cybersecurity firm CrowdStrike pushed a security patch update to its software that caused some devices running Microsoft’s Windows operating system to crash. Because Windows and Microsoft’s Azure cloud are widely used around the world, as is CrowdStrike’s cybersecurity software, the glitch led to a massive global disruption. Airlines grounded planes because the computers that help them navigate the complexity of scheduling, display flight schedules, and monitor flight paths were not working. Hospitals cancelled emergency surgeries because equipment software failed to work. As airport workers, hospital staff and bankers arrived at their desks that morning and fired up their computer terminals, they were greeted with the dreaded “blue screen of death”. At times, the worst IT outage in history last week resembled a scene from a science-fiction movie.
The data outage exposed just how global technology systems are built these days. A small faulty code in a single software update in California can bring down operations in an array of industries around the world. The security patch update caused CrowdStrike’s software to crash the brains of the Windows operating system, known as the kernel. Restarting the computer simply caused it to crash again. That meant the offending file had to be surgically removed from each affected computer.
Because everything is interconnected through a network of computers and a common operating system using one of the three major cloud services providers — Azure, Amazon’s AWS and Google Cloud — a small problem can quickly lead to a doom loop of outages.
There is a reason why software updates and patches are installed the way they are now and why they leave whole networks exposed and vulnerable. If you have a Tesla car, you do not have to take your car to some workshop where an engineer might upload new software. Tesla sends the software over the Internet which is downloaded automatically into your car overnight. When you get into your Tesla the next morning, you are notified of the software update. As the software development lifecycle evolved, software developers moved to a continuous update delivery model and built distribution channels right into their services — removing friction in updating their products, but also expediting adverse effects when there are issues with those updates.
Over 8.5 million devices that use Microsoft’s Windows operating software were impacted by the outage on July 19. It did not affect Apple devices or those using the open-source operating software, Linux. The outage also exposed just how dominant Microsoft is, with its operating system powering much of the global business and infrastructure. Microsoft continues to expand its global dominance by aiming to become the undisputed leader in generative artificial intelligence or AI.
Insurance firms assessed the initial damage to be around US$5.4 billion ($7.3 billion). That figure is only likely to rise as damages to Microsoft, whose own operations were hit hard, are calculated. Indeed, after all the lawsuits and insurance claims are settled and regulatory fines are levied, the total cost of outage could run into the high tens of billions of dollars.
See also: Rush to ‘value up’ may be Asia stocks’ best defence against Trump
The rise and fall of CrowdStrike
You probably have already read or heard a lot in the media. Hence, I will focus on CrowdStrike, a cybersecurity firm that has until recently flown under the radar, how it has become an integral cog in the wheel of our interconnected world and what it means for its high-flying stock, as well as for the larger security sector in general, and how the world can avoid incidents like this in the future.
So, what exactly does CrowdStrike do? The Texas-based cloud-focused cybersecurity firm provides endpoint security, cyber threat intelligence and cyberattack response services. Endpoints refer to devices like smartphones, tablets, laptops, desktop PCs, servers and IoT (Internet of Things) devices. An endpoint can also be a “virtual machine”, or a computing resource that uses software instead of a physical computer to run programs and deploy apps. In the age of AI, and Nvidia’s graphic chips, virtual machines are emerging everywhere.
See also: 2024 conducive to risk-taking, but Trump brings headwinds in 2025: OCBC
Total cybersecurity software revenues worldwide are projected to reach US$186 billion this year. The market in recent years has been growing at just under 10% per year. Of the 8 billion people worldwide, over 6 billion use an Internet-connected device. Networking firm Cisco System estimates that there are 24 billion connected devices on earth, or three times the world’s population. CyberSecurity Ventures estimates that total cybercrime damage this year will surpass US$6 trillion this year. No wonder, then, global cybersecurity is such a rapidly growing business.
Every time there is a cybersecurity incident, like a website of a large corporation being hacked, shares of a handful of cybersecurity firms such as CrowdStrike, Palo Alto Network and SentinelOne see a huge spike. SentinelOne’s stock surged 22% over two days in the aftermath of last week’s outage while Palo Alto was up 6%. (Microsoft and Cisco are cybersecurity players as well in their own right. Google’s owner Alphabet Inc on July 22 called off its US$23 billion purchase of cybersecurity software start-up Wiz.) Hacks are a reminder for corporate IT managers that they need to spend more to defend against bad actors who might hack their systems to collect ransoms or just to cause disruption and chaos. Last year, victim US firms paid US$1.1 billion in ransom to assailant hackers.
CrowdStrike was co-founded by CEO George Kurtz, Dmitri Alperovitch and Gregg Marston in late 2011 to reinvent cybersecurity for the cloud era. The trio had worked for antivirus software firm McAfee. After McAfee was acquired by Intel in 2010, the trio left and struck out on their own with CrowdStrike.
Unlike its peers at the time, the company took a different approach leveraging the network effect of crowdsourced data applied to modern security through technologies such as AI, cloud computing, and graph databases. With its antivirus Falcon platform, CrowdStrike created what it describes as the first cloud native, multi-tenant, intelligent security solution capable of protecting workloads across on-premise, virtualised, and cloud-based environments running on a variety of endpoints. Because it leverages the network effect of crowdsourced data and is one of the few cybersecurity firms that is actively deploying AI to fight off hackers and defend corporate websites, CrowdStrike has catapulted to the top of the league.
CrowdStrike currently has 29,000 corporate or institutional customers including 300 of the Fortune 500 companies. At the stock’s peak two weeks ago, CrowdStrike’s market capitalisation touched US$95 billion, almost matching the most valuable cybersecurity firm, Palo Alto Network.
The high-flying cybersecurity firm has enjoyed tremendous luck just when it needed it. You might have heard of some of the wilder American right-wing conspiracy theories. Among them: In 2016, the then-five-year-old CrowdStrike was used by the Ukrainian government to hack into the US Democratic National Committee’s servers and frame Russia for the crime to undermine Donald Trump in that year’s presidential election against Hillary Clinton. It was a fanciful theory but it provided a ton of free publicity for CrowdStrike, at the time just an up-and-coming cybersecurity start-up.
Fighting cybercrime will be a huge business over the next 10 years. In technology, one or two large players tend to dominate the entire segments like Google in search, Meta Platform in social media or Amazon.com in e-commerce.
Sink your teeth into in-depth insights from our contributors, and dive into financial and economic trends
CrowdStrike’s stock may have stabilised in recent days but the worst is not yet over for the cybersecurity giant. Clearly, more headline risk is ahead. Over the next few months, there will be Congressional hearings, regulatory fines, even criminal charges, not to mention a ton of civil suits from companies impacted by the July 19 outage.
The cockroach theory
Reputational damage can be long-lasting. In recent years, commercial aircraft maker Boeing, social media behemoth Meta Platform, pharmaceutical giant Johnson & Johnson and Mexican fast food chain Chipotle Mexican Grill have seen their stock take a beating after reputational damage to their brands.
Take Boeing, which has still not recovered from its own crisis following two crashes, a door falling off mid-air and many other incidents. Billionaire investor and Berkshire Hathaway CEO Warren Buffett was reportedly urged by investment bankers to buy into the beaten-down Boeing shares after the two crashes in 2018 and 2019. At the height of the pandemic, in March 2020, Boeing’s stock had fallen below US$ 80 from its peak of US$390 a year earlier. Yet, Buffett did not budge. The Oracle of Omaha has a theory that there is seldom just one cockroach in one place. “You see a cockroach in your kitchen; as the days go by, you meet his relatives….” As it turned out, Boeing’s kitchen had too many cockroaches.
Chipotle, however, has fared much better. Unlike other quick-service restaurant peers McDonald’s and Kentucky Fried Chicken — which thaw frozen food at its outlets — Chipotle uses fresh food, including meat. That led to foodborne illness outbreaks at many of its restaurants in 2015.
Chipotle’s stock plunged 70% between 2015 and 2018. Its restaurants were closed for months. It was forced to pay a US$25 million fine. Even when outlets reopened, nobody wanted to buy anything edible sold by Chipotle. Then, billionaire activist investor Bill Ackman showed up. He built a small stake in the beleaguered restaurant chain. I remember watching a TV clip of Ackman chomping on a Chipotle burrito. That image changed Chipotle’s fortunes. If Chipotle’s food was good enough for a billionaire like Ackman to eat, the restaurant had cleaned up its act.
In 2018, before Ackman got involved, Chipotle stock was split-adjusted to US$6 a share.The Mexican quick-service food chain shares peaked in mid-June at around US$69 a share — an increase of more than 11-fold over a six-year period, the sort that only a handful of hot tech stocks can match. Chipotle shares then fell by 24%, but on July 24 it posted stellar earnings, beating Wall Street estimates which helped trigger a rebound.
It is unlikely that CrowdStrike will be the next Chipotle. Cybersecurity business is all about trust. It will take many months, probably years, before CrowdStrike is able to start crawling out of the hole it now finds itself in. Revenues grew 36% over the past year and analysts were expecting 33% growth over the next year. It is likely that the incident will impact revenue growth for the next several quarters. But Crowdstrike’s business model and its ability to use AI to power its crowd-sourced platform in fighting cyberattacks will eventually attract new users.
“We think this market reaction is overly punitive, especially considering that the update doesn’t represent a breach of CrowdStrike’s security apparatus,” says Malik Ahmed Khan, an analyst for Morningstar. “The current pullback represents a good buying opportunity for long-term investors looking for high-quality security software exposure,” he notes.
For a start-up that went from zero to US$96 billion in 12 years, digging itself out of a mess might be arduous but not an impossible task.
Assif Shameen is a technology and business writer based in North America
