Skip to Main Content

What Banks Can Learn From the CrowdStrike Outage

Crowd Strike Shortform Laptop 1168X660

The recent major Microsoft outage caused by a seemingly minor software glitch impacted numerous banks and is a stark reminder of the risks of over-reliance on a few key third-party vendors, writes Bloomberg Opinion columnist Paul J. Davies. Davies offers the following advice: 

  • Reduce dependency on single vendors. The CrowdStrike incident highlights the fragility of relying heavily on a small number of third-party providers. The concentration of services among a few IT providers, like cloud-computing giants, raises systemic risk concerns. Banks should diversify their third-party vendors to mitigate the risk of widespread operational disruptions.  
  • Prepare for significant financial threats. The Federal Reserve’s 2024 stress test estimated $193 billion in potential operational-risk losses, surpassing even credit-card losses. This underlines the significant financial threat posed by operational disruptions. 
  • Monitor regulatory developments related to critical vendors. Regulators are considering designating large non-financial service providers as systemically important, aiming to enforce stricter monitoring and encourage diversification. The European Central Bank’s inquiries into banks’ vendor reliance reflect a push for broader oversight. Banks should concentrate their third-party risk management resources on critical vendors, as emphasized in the latest regulatory guidance. 

A separate story from PYMNTS highlighted the necessity for banks to enhance their cybersecurity protocols in anticipation of opportunistic cybercriminals who might exploit vulnerabilities exposed during outages. Strengthening defenses against phishing attacks and fraudulent schemes is crucial. So is ensuring vendors have effective incident workaround plans. CrowdStrike's response to the incident included restoring systems and providing technical workarounds. 

Bloomberg’s Davies notes the resilience banks displayed during the COVID-19 pandemic proves the industry’s capability to adapt, but he emphasized that proactive measures are essential to prevent future crises. 

Further reading from The RMA Journal: 

The Expanding Universe of Third-Party Risk 

A High Bar for Third-Party Risk Management 

Suggestions for Enhancing Third-Party Risk Management at Community Banks 

Upcoming RMA webcast: 

Optimizing Third-Party Risk Management at Community Banks