Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Fortune
Fortune
Christiaan Hetzner

CrowdStrike CSO blasts own failure as stock plummets: ‘The confidence we built in drips over the years was lost in buckets within hours, and it was a gut punch’

CrowdStrike founder and CEO George Kurtz (Credit: Michael Short—Bloomberg via Getty Images)

When your cybersecurity firm tasked with guarding against harmful malware unleashes the biggest global IT outage in history, there’s really nowhere to hide. So Shawn Henry cut straight to the chase. 

“On Friday we failed you, and for that I’m deeply sorry,” began the post, written by CrowdStrike’s chief security officer. 

An update pushed out from the cloud just hours before the work week came to an end caused Windows-based computer systems to crash, boot up and crash again in an endless loop punctuated only by the so-called BSOD, or Blue Screen of Death. 

Key industries around the world that used Crowdstrike’s Falcon software—like aviation, banking, and health care—were paralyzed for hours if not days. Delta Airlines is still reeling, cancelling hundreds of flights on Monday and leaving passengers stranded for days on end.

“The confidence we built in drips over the years was lost in buckets within hours, and it was a gut punch,” Henry continued. “We let down the very people we committed to protect, and to say we’re devastated is a huge understatement."

The genuine contrition expressed differed notably from the message coming from CEO and founder George Kurtz, whose company's stock has already lost roughly a quarter of its value as investors await word of possible lawsuits.

Kurtz’s initial statement on Friday appeared so sanitized that customers could have been forgiven for thinking the problem might have lain elsewhere. Since there was no direct acknowledgement of CrowdStrike’s culpability, there was not so much as a curt word of apology

His reaction came as somewhat of a surprise. In theory Kurtz should have some practice in crisis communications, since he served as the chief technology officer for McAfee at the time when it, too, knocked out millions of computers worldwide in 2010.

Now, U.S. House leaders are calling Kurtz to testify before Congress to explain the software update fiasco.

Businesses most affected were those providing critical services

For some customers, the words of his CSO come too little too late. 

“We just deleted Crowdstrike from all our systems,” Elon Musk posted on Friday, though he wasn't clear whether he was talking about one or all of his businesses. 

In terms of lost economic output, it’s hard to precisely measure the havoc his software firm visited upon the world. Microsoft estimated just 8.5 million Windows devices, or less than 1% of all machines, were affected at the end of the day. The problem was the concentration of industries relying on CrowdStrike’s Falcon software.

“While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services,” Microsoft said on Saturday.

Investors have since flocked to smaller rival SentinelOne, whose stock has gained more than 20% since Friday. The CrowdStrike debacle may have also factored into cybersecurity firm Wiz now passing on a reported deal to be acquired by Google parent Alphabet, reportedly worth $23 billion.

Upon seeing the pullback in CrowdStrike, analysts at Deutsche Bank sought to rush out a quick broker note identifying it as a short-term buying opportunity for such a high-quality stock. 

“However,” it added, “we were ironically unable to publish our original research note due to the outage itself.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.