Technology has transformed our world in unprecedented ways. It has accelerated globalization, fostered innovation, and created new economic opportunities. However, it has also introduced complex risks that can disrupt socio-economic stability. Our interconnected technological ecosystem has become both a strength and a vulnerability. The recent Crowdstrike incident on July 19, 2024, is a stark reminder of this duality. A faulty software update from Crowdstrike's Falcon agent caused widespread disruptions, impacting individual systems and the entire world. This article explores the incident and its far-reaching implications. It highlights the importance of considering extended socio-economic impacts as a crucial factor in risk analysis and quantification. Risk management frameworks should not be just inward-facing but must include outward-facing factors such as socio-economic impacts. At OPTIMAS^®.AI Inc research labs, our thought leadership has already pioneered the Business Technology Exposure and Resilience (BTER^®) framework, incorporating these broader considerations. This approach will soon be open-sourced to help organizations adopt inward and outward-facing risk management strategies.

What Happened?

The Crowdstrike incident on July 19, 2024, involved a faulty software update to the Falcon agent, causing Windows systems to crash with Blue Screen of Death (BSOD) errors. Systems primarily experienced crashes and became unbootable without manual intervention. This incident affected services across various sectors, including airlines, banks, and healthcare systems, causing significant operational downtime and widespread inconvenience. The ripple effects were felt globally, highlighting the fragility of our interconnected technology infrastructure.

Why It Matters?

Traditional cyber risk quantification often focuses on the direct impact on the affected organizations. Whether it's Crowdstrike, Microsoft, or their customers, the approach remains largely inward-looking. Each entity assesses the cyber risk from its own perspective without fully accounting for the broader implications. This incident, however, underscores the importance of understanding the interdependence within our technological ecosystem. The interconnected nature of these systems means that a single point of failure can have wide-ranging socio-economic impacts. Therefore, it is crucial to incorporate socio-economic factors into risk analysis models to fully grasp and mitigate these broader implications.

Real Case Study

On July 19, 2024, a senior executive of OPTIMAS^®.AI Inc personally experienced the chaos caused by this incident. Needing to travel from Los Angeles to Raleigh-Durham, what should have been a 4-hour flight turned into a 72-hour ordeal involving multiple flight cancellations, over 36 hours of wait time across various airports, untraceable baggage, and significant trauma, stress, and fatigue. In total, our executive lost 3 productive days.

According to public records, a leading US airline cancelled 4000 flights. With an average passenger load factor of 84% and 200 seats per flight, approximately 672,000 passengers were affected. Assuming each passenger lost an average of 2.4 days, this incident resulted in a total of 1,612,800 lost days, which translates to 38,707,200 lost hours. This widespread disruption had severe personal and professional impacts, causing missed personal commitments like educational, academic, and sporting events, as well as business commitments.

This real-life example highlights the extensive socio-economic repercussions of such incidents, affecting not just individuals but also businesses and services connected to the affected sectors.