Editor's note: This article originally appeared in our sister publication SC Magazine UK.
Companies should invest in operational resilience in the wake of the summer disruption caused by the CrowdStrike incident.
According to the UK's Financial Conduct Authority (FCA), third-party related issues were the leading cause of operational incidents reported to it between 2022 and 2023.
“These outages emphasise firms’ increasing dependence on unregulated third parties to deliver important business services,” a statement said. “This highlights the importance of firms continuing to become operationally resilient in line with our rules.
“We encourage all firms, regardless of how they were affected by the CrowdStrike incident, to consider these lessons, to improve their ability to respond to and recover from future disruptions.”
The CrowdStrike Falcon content update caused Microsoft users to encounter problems and crash in July, and the FCA said it “saw varying degrees of operational impact on regulated firms, with no sector more impacted than others, and minimal consumer harm.”
In that period, it engaged with firms during the incident to understand the impact on firms and the market, operational responses, and recovery.
Operational resilience
As a result, the FCA encouraged investing and following its operational resilience rules, saying this will enable users to identify market impacts, and prioritize their important business services. It claimed that businesses that had mapped their important business services, and the resources necessary to deliver these services, were able to prioritize getting key services back online to reduce the overall impact the incident had on their operations.
Also, firms who had clearly defined and tested communications strategies were able to quickly and efficiently respond to, and communicate with, customers and stakeholders.