What's in the report?
This report reflects on the CrowdStrike-inflicted global technology outage, which shows that society is at the mercy of tech vendors doing everything “right.” It has also shown that regulators, consumers, and customers will not hesitate to pursue those who cause a disruption to their business or a loss of their data for recompense.
For many in the tech sector, this has likely been a cause for concern, and perhaps even reservation as they seek to grow their organisation and capitalise on the significant opportunity that comes with our reliance on technology, and seeking efficiencies that the sector traditionally so well provides.
Rather than be concerned, this changing risk landscape gives the opportunity for the tech sector to identify, understand and capitalise on the tangible value in good risk management.
As a result, the prospect of being the “next CrowdStrike” (even the distant prospect of such) should be built into everyday values around risk management. This is because risk management can directly facilitate and build confidence with customers/consumers, enabling the organisation to explore and seize new opportunities by reducing the probability of being the next big event.
Even then, if such an event occurs, those that have an embedded, understood and practiced response and crisis management plan in place, can strongly mitigate the impact of the event, and in some cases, use it as a differentiator and a business enabler.
Key takeaways
Business and consumers will only become more dependent on, and more vulnerable to, the technologies that drive our prosperity. For the tech sector, this presents a significant opportunity that needs to be seized at a rapidly increasing rate.
If the tech sector is to survive and thrive, managing software, application, and hardware vulnerabilities need to be managed as an essential part of providing solutions. The consequences, both reputationally and fiscally for a poorly managed outage, malicious or non-malicious, are too great to ignore.
This report highlights the following considerations in detail:
The importance of understanding your client base and the reliance on your services and solutions that is documented and well communicated within the organisation will underpin a robust response to being able to mitigate the impact of a future outage.
Executives face the very real prospect of directors’ and officers’ exposure, but it is crucial to lead with a risk-based discussion before insurance.
Contracts are one of the first lines of defence in a dispute, so clear, concise language is essential.
Considerations should be given to the Limitation of liability, notification obligations, and dispute resolution.
Ensure implementation and ongoing updating of your change management and quality control program.
Introduce more staging and testing into your change processes.
To summarise
Traditionally associated with malicious events, recent events show that the tech sector must approach incident management more holistically and ensure their plans are specifically tailored for a broader remit of “incidents” and outages.
When facing an event similar to the Crowd-Strike outage, a properly constructed and implemented insurance program (specifically IT liability (PI), cyber, public and products liability (PPL), and directors & officers (D&O)) can be one of the most financially significant assets that a tech sector organisation holds. It provides certainty or reduces uncertainty by lowering the probability of a “bad outcome” following a catastrophic event.
To learn more about the exposures tech companies face, risk mitigation and incident response strategies, and the role insurance plays in protecting organisations, download our report on the right for desktop users and at the bottom for mobile users.