Cybersecurity

Global IT outage: The cyber resilience alarm heard around the world

The July global cyber outage caused an estimated $1 billion in global costs and was a signal sent globally to invest in cyber resilience.

The global IT outage caused an estimated $1 billion in global costs. Image: REUTERS/Brian Snyder

William H. Dutton
Oxford Martin Fellow, University of Oxford
Luna Rohland
Specialist, Cyber Resilience, World Economic Forum
Share:
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

Cybersecurity

  • Last week, businesses and governments worldwide were disrupted by a major IT outage.
  • The global outage was caused by a bugged patch pushed by one of the world's largest cyber security providers and estimated to cost $1 billion.
  • The outage was a stark reminder of the importance of cyber resilience in an increasingly digital world.

Last week, one of the largest IT outages in history disrupted businesses and governments around the world.

The incident, which affected 8.5 million Microsoft Windows devices, led to widespread disruptions of airlines, banks, broadcasters, healthcare providers, retail payment terminals and cash machines globally. The cost of the outage is estimated to top $1 billion.

What caused the outage

The disruption was caused by a flawed update to a cloud-based security software of CrowdStrike, one of the global top cybersecurity companies. The update to the Falcon software triggered a malfunction that disabled parts of the computer systems and software like Microsoft Windows. Three days after the incident, CrowdStrike reported that a significant number of the devices are back online and operational.

Have you read?

Why we need cyber resilience

As the stories of the disastrous consequences of the incident are making the headlines, there is a major lesson to be learned from the outage: we need to prepare for such incidents in ways that we can maintain the resilience of our businesses and services. Whether caused by the intentional actions of an adversary or the innocent mistakes of well-intentioned actors, businesses and governments need to be resilient to cyberattacks and other cyber failures that can lead to major disruptions of business processes.

The incident highlights the need to shift our perception of cybersecurity from a mere IT issue to the broader concept of cyber resilience as an integral part of business resilience. In the face of a cyberattack, businesses should be able to recover fast from an incident and resume business as usual.

To be cyber resilient, organizations need to first and foremost identify business-critical processes and ensure the continuity of those even during cyber incidents. This has to involve continuous conversations with business leadership to ensure alignment with the overall business strategy while conducting real-time prioritization.

People stand near the blacked-out digital billboards at Times Square following a global IT outage, in New York City, U.S. July 19, 2024.
People stand near the blacked-out digital billboards at Times Square following a global IT outage, in New York City, U.S. July 19, 2024. Image: REUTERS/David 'Dee' Delgado

The ecosystem view

The July outage should also nudge us to think beyond cyber and business resilience and look at the big picture: systemic resilience. As cyber threats become more advanced, businesses increasingly rely on a few sophisticated security software providers. This reliance creates a single point of failure, where a flaw in one system can lead to global cascading effects. Balancing centralized, highly protected architectures with decentralized, lower-impact systems is a difficult challenge.

Enhancing cyber resilience

Advances in cybersecurity can prevent many disruptions, but when adversaries do succeed or accidental cyber failures happen, organizations need to make use of a toolbox of methods to be able to detect, withstand, and recover business-as-usual operations as rapidly as possible.

The World Economic Forum’s Centre for Cybersecurity is collaborating with the University of Oxford’s Global Cyber Security Capacity Centre (GCSCC) on a blueprint (Cyber Resilience Blueprint Initiative) — or compass — to support organizations across industries to advance their cyber resilience. The initiative is bringing together cybersecurity leaders from across the world to develop a common understanding of business cyber resilience and collect and systemize experience on cyber resilience tradecrafts that matter.

As online and cyber infrastructures become ever more complex, interconnected and central to all sectors of business and society, the importance of cyber resilience will only continue to rise.

Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Share:
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Spotlight on cybersecurity: 10 things you need to know in 2024

Kate Whiting

October 1, 2024

1:35

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum