Crisis Comms After CrowdStrike Failure
/Tech outages affected businesses worldwide, and students can analyze responses by CrowdStrike, which caused the issue.
CrowdStrike begins its statement by including what has not been affected:
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.
The message is designed to be helpful and reduce worries—and to limit the scope of the crisis. Using a similar crisis communication strategy, Microsoft limits its role in the crisis by blaming the third party and mentioning its name twice:
We are aware of a scenario in which customers experience issues with their machines causing a bug check (blue screen) due to a recent CrowdStrike update. We recommend customers to follow guidance provided by CrowdStrike.
The “blue screen of death” that people saw during this outage evokes bad memories from early Microsoft days. Although Microsoft isn’t to blame, the software and the company are likely taking a reputational hit.
CrowdStrike President and CEO George Kurtz posted on X:
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.
Users responded by asking, “Where’s the apology to users, George?” and by calling it “corporate speak.” They have a point, and Kurtz got the memo later, appearing on the Today Show and immediately saying, “We are deeply sorry.” At that time, later in the day, his main purpose was to assure people that they fixed the problem and that systems are coming back.
Kurtz emphasized the importance of CrowdStrike’s work, focusing on how updates like the one that caused the outage are essential to safety—to prevent cyberattacks. Still, how a bug in a minor update wreak such havoc? He doesn’t quite quell concerns about future issues, although he does take responsibility for the outage. Then again, he has little choice.