Companies should invest in operational resilience in the wake of the summer disruption, caused by the Crowdstrike incident.

According to the FCA, third-party related issues were the leading cause of operational incidents reported to it between 2022 and 2023. “These outages emphasise firms’ increasing dependence on unregulated third parties to deliver important business services,” a statement said. “This highlights the importance of firms continuing to become operationally resilient in line with our rules.

“We encourage all firms, regardless of how they were affected by the CrowdStrike incident, to consider these lessons, to improve their ability to respond to and recover from future disruptions.”

The Crowdstrike Falcon content update caused Microsoft users to encounter problems and crash in July, and the FCA said it “saw varying degrees of operational impact on regulated firms, with no sector more impacted than others, and minimal consumer harm.”

In that period, it engaged with firms during the incident to understand the impact on firms and the market, operational responses, and recovery. 

Operational resilience

As a result, the FCA encouraged investing and following its operational resilience rules, saying this will enable users to identify market impacts, and prioritise their important business services. It claimed that businesses that had mapped their important business services, and the resources necessary to deliver these services, were able to prioritise getting key services back online to reduce the overall impact the incident had on their operations.

Also, firms who had clearly defined and tested communications strategies were able to quickly and efficiently respond to, and communicate with, customers and stakeholders.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.