By FONSECA CARNEIRO DE CASTRO, Marina
8 May, 2025
As a result of CrowdStrike’s global IT disruption on July 19, 2024, flight displays at Denver International Airport were impacted (Royalty free image: Shutterstock)
Context
On July 19th, 2024, a massive IT outage impacted around 8.5 million Windows devices around the world, resulting in irreparable losses to different areas of business. One thing they all had in common: the same cybersecurity product running in their information technology infrastructure, CrowdStrike. The product is known for being a Next-Generation Antivirus (NGAV) that uses AI and machine learning to detect and prevent cyber threats. It’s more powerful than traditional anti-viruses that recognize threats solely through signature-based methods.
CrowdStrike identifies malicious activities through behavior-based detection, analyzing how programs interact with systems rather than relying on malware signatures. Additionally, it has Endpoint Detection and Response (EDR) capabilities providing deep visibility into security incidents. Therefore, it enables faster investigations and incident response to enhance cybersecurity. (Amorim et al, 2025, p.635). To perform all these powerful cybersecurity functions, CrowdStrike needs to operate at the kernel level of a device, namely the one that talks directly with the hardware. Usually, applications run at the user level since the kernel is the most privileged piece of code considered as the administrator/gatekeeper of the fundamental elements of the operating system. Because most of the applications run at a user level, whenever they have an outage or a bug, only the application goes down. However, when the software runs at the kernel, it shuts down the entire operating system. This is exactly what happened in the CrowdStrike 2024 outage.
Because the product is quite powerful and innovative, CrowdStrike is a dominant player in the next-gen antivirus/EDR solutions with a 50% market share and over 75% of the Fortune 500 as their clients (George, 2024). According to cloud monitoring and insurance company Parametrix, the estimation of total losses of companies impacted by the 16-hour outage was around $5.4 billion (Fung, 2024). The most affected sectors were aviation, healthcare, critical financial services, and government agencies. This crisis was considered as “the largest IT outage in history” by Troy Hunt, a renowned cybersecurity expert and creator of the widely used password-breach monitoring service HaveIBeenPwned (Ruxandra, 2024).
Events and Responses: How CrowdStrike Managed Fallout and Retained Customers After its Global IT Outage
This being a third-party crisis, in terms of events and responses, it can be analyzed at two levels. Firstly, what this outage represented for CrowdStrike as the leading cybersecurity vendor of its field, and secondly the crisis of the clients that actually suffered through the outage being obliged to delay thousands of flights, reschedule surgeries, as well as banks, public transit systems, 911 centers, and government agencies such as the Department of Homeland Security that had to deal with the impacts of the blue screen of death (Korolov, 2025).
Regarding CrowdStrike, if this was considered the largest outage in history, this was also certainly the biggest crisis within the company. Its initial losses were around $60 million. Additionally, the company’s reduced its projected annual earnings from $109 million to approximately $86 million, likely due to the costs compensating clients after the global outage. Ultimately, CrowdStrike reported its fourth quarter and fiscal year, in which net income ended up at $89.3 million, which was still aligned with what was projected.
Even though some endpoint security competitors announced gains from clients migrating their way after the incident (see Appendix A), CrowdStrike CEO George Kurtz stated in the company’s earnings call for Q3 in November 2024 that “Falcon costumers are staying with CrowdStrike as their trusted cybersecurity platform” (Kapko, 2024). The company did keep steady growth for 2025 fiscal year at the end even after the outage (Appendix B).
Two elements were crucial for CrowdStrike’s resilience over this crisis. Firstly, the company’s immediate response, proactivity and transparency towards helping clients to understand and solve the problem. Secondly, the fact that it was actually an honest mistake and people in the IT industry know that even though there were verifying action that could have been done more thoroughly, a bug in an update is an expected risk and can happen from time to time (the standards are of course different for software’s operating in the kernel level, but they are not immune).
From the client’s perspective, this was an even bigger crisis when analyzed from a distance. One of the most heavily impacted companies was Delta Air Lines, which had over 37000 devices crashed. Thousands of flights were cancelled, disrupting trips of over 1.3 million passengers. Delta estimated its losses at over $500 million and faced refund requests from more than 175.000 customers (Kowalewska, 2024). Similarly, the health care sector suffered enormous setbacks, with hospitals in the United States and the United Kingdom unable to access medical records or prescriptions. The health sector and the banking sector reported losses of $1.94 billion and $1.15 billion respectively (Fung, 2024). In practical terms, these organizations implemented manual recovery processes, activated backup systems where possible, and sought legal remedies for compensation from CrowdStrike (Speed, 2024)
CIO Insights: Lessons Learned from the CrowdStrike Crisis
For Chief Information Officers (CIOs), the immediate priority was effective communication and swift action. Mike Mainiero, CIO of the Catholic Health (health care system provider) emphasized the need to stay calm and decisive, setting a command-and-control tone while ensuring clear communication with the different teams (Shein, 2025). John Roman, CIO of the Bonadio Group, New York State Accounting Firm, highlighted the importance of a generic incident response plan, which allowed them to address any major incident effectively, not solely malware-related attacks, as do most companies when they prepare for cybersecurity related threats.
Beyond immediate responses such as implementing the manual remediation published by CrowdStrike and Microsoft, different CIOs also mentioned the major role of proactive planning and risk management. Remi Alli, CIO of Black Wallet, a stablecoin 2.0 ecosystem management company, emphasized the need for contingency plans for all critical vendors and strengthened internal communication to mitigate panic. The consensus was that comprehensive planning, continuous communication, and the ability to adapt rapidly are crucial for minimizing the impact of future incidents and fostering resilient organizational culture around security (Shein, 2025).
Two of the aforementioned CIOs, Roman and Maniero, stated that they will remain loyal to CrowdStrike, showing empathy for what they called a quality assurance problem. As analyzed in the second section of the article, CrowdStrike’s immediate response and accompanying of their clients was highly appreciated and useful for both the internal crisis in the company (assuring client loyalty in the aftermath) and the client’s crisis who needed support from their third-party vendor. The CrowdStrike global outage served not only as a global wake-up call for organizations reliant on third-party cybersecurity providers, but also as training for when an actual malicious attack hits and companies don’t have a third-party assistant to guide them through the technical solution.
Bibliography
Amorim, V., Fernandes, A. and Filipe, V. (2025) ‘Analyzing the impact of the crowdstrike tech outage on Airport Operations and Future Resilience Strategies’, Procedia Computer Science, 256, pp. 633–640. doi:10.1016/j.procs.2025.02.161.
CrowdStrike. (2025). CrowdStrike’s total global revenue from FY2017 to FY2025 (in million U.S. dollars). Statista. Statista Inc.. Accessed: April 02, 2025. https://www.statista.com/statistics/1177767/crowdstrike-total-revenue/
Crowdstrike reports fourth quarter and fiscal year 2025 financial results (2025) CrowdStrike Holdings, Inc. Available at: https://ir.crowdstrike.com/news-releases/news-release-details/crowdstrike-reports-fourth-quarter-and-fiscal-year-2025/ (Accessed: April 2025).
Fung, B. (2024) We finally know what caused the global tech outage – and how much it cost | CNN business, CNN. Available at: https://edition.cnn.com/2024/07/24/tech/crowdstrike-outage-cost-cause/index.html.
George, A. S. (2024). When trust fails: Examining systemic risk in the digital economy from the 2024 crowdstrike outage. Partners Universal Multidisciplinary Research Journal, 1(2), 134-152.
Kapko, M. (2024) CrowdStrike avoids customer exodus after triggering global it outage, Cybersecurity Dive. Available at: https://www.cybersecuritydive.com/news/crowdstrike-retains-customers/734203/.
Khern-am-nuai, W. (2024) Key lessons learned for technology managers from CrowdStrike global it outage [Preprint]. doi:10.36227/techrxiv.172235865.52469624/v1.
Korolov, M. (2025) Case in point: Taking stock of the Crowdstrike outages, CIO. Available at: https://www.cio.com/article/3853689/case-in-point-taking-stock-of-the-crowdstrike-outages.html.
Kowalewska, A. (2024) The lasting impact of the CrowdStrike update outage, Skybox Security. Available at: https://www.skyboxsecurity.com/blog/lasting-impact-of-crowdstrike-update-outage/.
Ruxandra Iordache, R.G. (2024) Microsoft-crowdstrike issue causes ‘largest it outage in history’, CNBC. Available at: https://www.cnbc.com/2024/07/19/latest-live-updates-on-a-major-it-outage-spreading-worldwide.html.
Shein, E. (2025) Inside cios’ response to the crowdstrike outage – and the lessons they learned, CIO. Available at: https://www.cio.com/article/3480907/inside-cios-response-to-the-crowdstrike-outage-and-the-lessons-they-learned.html.
Speed, R. (2024) Angry admins share the crowdstrike outage experience, Angry admins share the CrowdStrike outage experience. Available at: https://www.theregister.com/2024/07/19/admin_crowdstrike_update_mess/.
Struta, I. (2024) Crowdstrike loses ground to competitors following incident, S&P Global Market Intelligence. Available at: https://www.spglobal.com/market-intelligence/en/news-insights/articles/2024/9/crowdstrike-loses-ground-to-competitors-following-incident-83118014.
Appendix A
Note: The compiled data suggests a slight advantage gained by CrodStrike’s competitors following the incident (Struta, 2024). However, the following revenue figures (Appendix B) indicate that client migration was not significant enough to challenge CrowdStrike’s position as market leader.
Appendix B
Note: Although there were setbacks in previously projected income, CrowdStrike remained profitable in 2024 despite the global outage. The 2025 fiscal year projections did not account for potential lawsuits and future liabilities, but they did include initial direct expenditures following the crisis. (Crowdstrike, 2025)