And all for lack of a nail…
There is a poem that describes how something seemingly small can have a tremendous impact if ignored.
There are variants dating back to the 13th century, and one version appears in Benjamin Franklin's “Poor Richard's Almanac,” but many people may have heard it read like this:
Related: CrowdStrike shares plunge after update triggers global cyber chaos
“For lack of a horse, the rider was lost; for lack of a rider, the battle was lost; for lack of a battle, the kingdom was lost; and all for lack of a nail.”
We've come a long way from relying on horseshoe nails to now placing our trust in technology to hold our world together.
That faith took a serious hit on July 19 when cybersecurity firm CrowdStrike (CRWD) distributed a faulty update to its Falcon Sensor security software, causing widespread problems with Microsoft Windows computers running the software.
The incident has been described as the largest service disruption in the history of information technology and affected airlines, banks, hotels, hospitals and government services.
Shutterstock
Companies exchange accusations
The global financial damage was estimated at at least $10 billion and the insurer… Parametrix said than US Fortune 500 companies, excluding Microsoft (MSFT) will face financial losses of $5.4 billion due to the blackout, with airlines, healthcare and banking sectors the hardest hit.
Naturally, the incident was followed by accusations and finger-pointing.
Related: Analysts reset CrowdStrike stock price target following global outage
Delta Air Lines (DAL) said in a regulatory submission that the “CrowdStrike-induced outage” disrupted the airline’s operations, causing around 7,000 flight cancellations in five days.
“An operational disruption of this length and magnitude is unacceptable, and our customers and employees deserve better,” Delta Chief Executive Ed Bastian said in a statement. “Since the incident, our people have returned the operation to an industry-leading position that is consistent with the level of performance our customers expect from Delta.”
“We are filing lawsuits against CrowdStrike and Microsoft to recover damages resulting from the outage, totaling at least $500 million.”
Delta said that for the September quarter, the direct impact on revenue from the incident is estimated at $380 million, driven primarily by refunding customers for canceled flights and providing compensation to customers in the form of cash and SkyMiles.
Non-fuel expenses associated with the technology-induced service disruption and subsequent operational recovery are estimated at $170 million. Fuel expenses are estimated to be $50 million lower as a result of the cancellations, the document said.
Appearing in CNBC's Squawk BoxBastian said Delta had “no choice” but to file the suit and described Microsoft as “probably the most fragile platform.”
In response, CrowdStrike’s legal team said that “Delta will have to explain to the public, its shareholders, and ultimately the jury why CrowdStrike took responsibility for its actions quickly, transparently, and constructively, while Delta did not.”
Microsoft attorney Mark Cheffo reportedly told Delta that “our preliminary review suggests that Delta, unlike its competitors, has apparently failed to modernize its IT infrastructure, either for the benefit of its customers or for its pilots and flight attendants.”
Meanwhile, on August 6, a group of travelers filed a lawsuit against Delta, alleging that the airline's failure to quickly recover from the CrowdStrike service outage had a “disastrous” impact that left them not only stranded but also out of thousands of dollars.
Passengers also alleged that Delta “rejected or ignored” requests for refunds for canceled or delayed flights and lost luggage, and even refused to provide them with various vouchers for the inconvenience. The lawsuit seeks class-action status.
Analyst: 'Heavyweights will bounce back'
CrowdStrike's stock price fell immediately after the incident and Forbes reported at the time George Kurtz, the company's chief executive, saw his net worth drop by about $300 million.
The company's shares are down 3.72% so far this year and are trading up 2.2% at $245.82 at last check.
- Sony's Bungie criticized for layoffs after CEO spends millions
- Nvidia shares fall amid doubts over key chip
- Analysts adjust Palantir stock price target ahead of earnings
And despite all the bad press, some analysts say CrowdStrike will recover from the incident and see an opportunity for investors amid the chaos.
Stifel lowered its price target on CrowdStrike to $300 from $400 and affirmed a buy rating on the stock ahead of the company's second-quarter report, due out Aug. 28.
A lot has happened since CrowdStrike's botched July 19 update, raising a number of questions about the potential impact on the quarter, pipeline, fiscal 2025 guidance, competitive positioning, medium-term growth opportunities and risk of legal liabilities, the firm said.
Stifel said its survey and its controls “suggest a punch in the face, but this heavyweight will bounce back,” the analyst added.
Earlier this week, Piper Sandler analyst Rob Owens upgraded CrowdStrike from neutral to overweight with a price target of $290, down from $310.
While the scale of the disruption caused by CrowdStrike is unprecedented, historically, disruptions and breaches have had modest impacts on cyber business fundamentals, Owens said.
The analyst said that while the short-term news cycle will likely revolve around litigation and settlements, congressional testimony and the ensuing number cuts leading up to and during the second-quarter report, the ramifications of the event “will likely be rather short-lived and of negligible cost.”
With stocks falling sharply over the month, Piper says investors should build opportunistic positions at current levels.
Related: Veteran fund manager sees world of trouble ahead for stocks
