The FCA has published a document setting out its insights, observations and key lessons from how firms responded to the CrowdStrike outage and their preparedness to respond to future incidents. On 19th July 2024, CrowdStrike released a Falcon content update for Microsoft Windows hosts, with a defect that caused systems to crash.
Many firms use CrowdStrike for device protection, threat intelligence and response services. CrowdStrike’s core technology, the Falcon Platform, detects and responds to malicious threats. The web page explains some general observations and provides some detailed insights into how firms across the sector responded.
- Since the beginning of 2023, the FCA has seen a continued trend of third-party related incidents. Between 2022 and 2023, third-party related issues were the leading cause of operational incidents reported to the FCA.
- Firms that had mapped their important business services, and the resources necessary to deliver these services, were able to prioritise getting key services back online to reduce the overall impact the incident had on their operations.
- Firms benefitted from having tested scenarios that were severe but plausible, including those impacting multiple important business services at the same time.
- Firms who had clearly defined and tested communications strategies were able to quickly and efficiently respond to, and communicate with, customers and stakeholders.