During our crisis communication training courses we tell delegates a crisis can come in many shapes and sizes.
Not many, however, cause global chaos.
But that was the crisis faced by CrowdStrike.
The cybersecurity firm was pretty obscure outside of IT circles until Friday.
But now everyone is talking about it. A fault in its software update linked to Microsoft Windows caused delays at airports, disrupted rail travel, impacted emergency services, prevented people from making GP appointments and took down payment systems.
It also took several TV stations off air, including Sky News.
Tesla boss Elon Musk took to social media to describe it as the “Biggest IT failure ever”. And leading cybersecurity consultant Troy Hunt said: “I don’t think it’s too early to call it: this will be the largest IT outage in history.
“This is basically what we were all worried about with Y2K, except it’s actually happened this time.”
Damning stuff. And no one wants to see their crisis described as “the biggest” or “the largest”.
Media headlines will have made for equally uncomfortable reading.
‘Largest IT outage in history’ leaves world reeling CNBC
CrowdStrike shares sink as global IT outage savages systems worldwide The Register
Crowdstrike IT outage: Flight disruption to continue after Microsoft crash The Times
What is Crowdstrike? The rogue update that brought down the world: How one app is believed to have crippled Microsoft computer networks across the globe Daily Mail
Of course, there are questions for Microsoft to answer, and its name is also caught up in many of the headlines and social media posts.
It has said 8.5m Windows devices were impacted, which experts say shows it is probably the largest-ever cyber event.
And not all of them have come back up quickly.
But how has the company at the heart of this story, whose services are intended to protect against IT crashes and disruption, responded to this massive reputational crisis?
Well, its initial crisis media management response came from its CEO, George Kurtz, in a post on his personal X account.
Now, that is unusual, as it is normally a company’s owned social channels that lead crisis communication.
But there is often something to be said for the boss taking the lead during a crisis. It shows visible leadership and that the crisis response is led at the top of the organisation.
Unfortunately, the words were not great.
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…
— George Kurtz (@George_Kurtz) July 19, 2024
Mr Kurtz's initial statement didn’t acknowledge - let alone apologise - for all the disruption. In a post of almost 100 words, shouldn’t one of them have been sorry?
Surely, you would apologise for bringing down TV channels, banks and transport services. Wouldn’t you show some compassion for those impacted across the globe by the IT failure?
As we said during our recent crisis communication masterclass, ‘sorry’ should not be the hardest word to say during a crisis. It should be one of the first.
Additionally, showing compassion is essential.
So, his post should have begun with an apology, showed that he understood the impact it was having and outlined what was being done to fix it.
Mr Kurtz’s statement was also too technical. It said: “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts.” Who knows what it means?
Not everyone impacted by the crisis will have detailed technical knowledge or work in cybersecurity. They want to know why they couldn’t make a payment or why their flight was delayed. And what is being done to fix the problem.
Its technical nature makes the statement feel cold and robotic.
Crisis statements – even in the initial stages of an incident - must sound like they have been written by a human for humans.
Betting firm Coral, among those impacted by this IT failure, provided an example of what I mean.
It said: “You might have seen the news about the global technical issues affecting airlines, banks etc. Unfortunately, we’re experiencing this too. We’re working hard to resolve the issue but don’t know when it will be fixed. Thanks for being so patient and apologies for the inconvenience.”
You might have seen the news about the global technical issue affecting airlines, banks etc. unfortunately we're experiencing this too. We're working hard to resolve the issue but don't know when it will be fixed. Thanks for being so patient and apologies for the inconvenience.
— Coral Help (@CoralHelp) July 19, 2024
I’ll come back to the last few words of this statement a bit later.
But if you were betting on CrowdStrike’s response getting worse from this point, you would lose your money.
Mr Kurtz was much better during a media interview and rectified some of his social media statement mistakes.
His interview on the Today show, on the NBC channel, began with an apology.
“I want to begin by saying we are deeply sorry for the impact we have caused to customers, to travellers, to anyone affected by this, including our companies,” he said.
EXCLUSIVE: CrowdStrike founder and CEO @George_Kurtz speaks on TODAY about the major computer outages worldwide that started earlier today: “We’re deeply sorry for the impact that we’ve caused to customers, to travelers, to anyone affected by this.” pic.twitter.com/fWz6KhgrcZ
— TODAY (@TODAYshow) July 19, 2024
There were also some excellent examples of action.
“We are working with each and every customer to make sure we can bring them back online,” he said.
He added: “It is our mission to make sure every customer is fully recovered and we are not going to relent until we get every customer back to where they were.”
It was an excellent crisis interview and was widely shared among other media. As well as the apology, compassion and action, there was a clear message that the global outage was not caused by a cybersecurity incident.
Mr Kurtz even dealt with a slight choking incident without letting it distract from what he wanted to say during the interview.
We should also say he issued a second social media update later the same day that included an apology.
He said: “We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.”
Today was not a security or cyber incident. Our customers remain fully protected.
— George Kurtz (@George_Kurtz) July 19, 2024
We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can…
We are not a fan of ‘sorry for the inconvenience’ apologies (the Coral statement also used these words) – it always feels like a token gesture that attempts to play down the significance of what has happened. And bringing down IT around the world feels like a lot more than “inconvenience.”
But it is a significant step forward from the first statement.
A crisis can strike any organisation at any time. People understand things can go wrong. But they judge you on how you respond.
Media First are media and communications training specialists with more than 35 years of experience.
We have a team of trainers, each with decades of experience working as journalists, presenters, communications coaches and media trainers.
Click here to find out more about our crisis communication training courses.
