by: Deverick Holmes, Operational Resilience Consultant, and Mackenzie Clark Senior Computational Social Scientist
This report details the global outage involving CrowdStrike, highlighting the incident’s domestic and international impact on trade and business operations. Interos has provided a detailed timeline of events and recommended steps customers should take here.
Summary
CrowdStrike was involved in a global IT outage that has highlighted the vulnerability of interconnected global supply chains. The outage impacted 674,620 direct customer relationships of CrowdStrike and Microsoft, and over 49 million indirectly, according to Interos data. While the U.S. was the most affected country, with 41% of impacted entities, the disruption was also felt at major ports and air freight hubs in Europe and Asia. Ports from New York to Los Angeles and Rotterdam reported temporary shutdowns, while air freight suffered the hardest blow, with thousands of flights grounded or delayed. The outage exacerbates existing supply chain challenges amid rising global demand and freight prices, highlighting the potential long-term implications for global trade and finance.
Another Global Trade Disruption
The interconnected nature of global supply chains means international trade will experience ripple effects due to even temporary shutdowns. This comes as freight prices skyrocket and shipping demand rise. When using Interos data to understand how expansive the trickle-down effects of the outage are, the results are striking.
Interos analyzed the extended supply chains of both CrowdStrike and Microsoft, whose Microsoft 365 systems were disrupted as part of a CrowdStrike update, leading to outages for Microsoft users across the world. When examining the direct customer relationships (Tier 1) of both Microsoft and CrowdStrike, Interos was able to identify 674,620 customer relationships. When expanding the scope of impact to include the customers of Microsoft and CrowdStrike’s customers (Tier 2), the number of customer relationships identified by Interos data grows to over 28 million, and when going one step further (Tier 3), that figure increases to over 49 million customer relationships.
The outage has had varying levels of impact across Union Pacific’s freight network while Ports from New York to Houston and Los Angeles reported temporary container terminal shutdowns overnight but were mostly operational by early morning. Rotterdam, the largest port in Europe, said some companies operating at its terminal were impacted. On average, the port at Rotterdam handles approximately 1.3 million tons of cargo daily. This includes a diverse range of goods such as containers, bulk commodities (like crude oil, coal, and iron ore), and various other cargo types. In addition, UK ports of Felixstowe and Tilbury have all been confirmed to be suffering from major IT outages while similar issues were reported at ports in Poland and Asia.
Air freight was hit the hardest, with many global airlines grounding flights and the complex air cargo system facing a recovery period that could last days or weeks. Thousands of flights were grounded or delayed at the world’s largest air freight hubs in Europe, Asia, and North America. These hubs are critical nodes in the international logistics network, handling vast quantities of cargo daily. The grounding of these flights may lead to trickle down delays in the movement of goods, impacting various industries. The semiconductor supply chain, for example, relies heavily on air freight to transport finished products from manufacturing centers in the EU and Asia to markets in the U.S., has been particularly affected. This new issue for the global supply chain comes amid a rise in global demand and prices, driven by the ongoing conflict in the Red Sea and climate change impacting trade routes, with shipments up 13% year-over-year in June, while air freight supply has only increased by 3%, already causing higher costs for shippers due to limited capacity. As it may take days or weeks for airfreight companies to fully bring their systems back on-line this will only exacerbate the ongoing supply chain hurdles facing the global market.
Interos Data Shows U.S. & European Entities Highly Impacted
According to data from Interos, the outage potentially impacted 674,476 entities globally, with 280,760, or 41%, of these being in the United States. Given that the U.S. is a major economic engine for global trade, this outage may have significant short-term implications for international commerce and finance.
Interos data would also indicate that European countries are highly exposed to this event. Within the top ten countries listed in the chart above, several are in Europe: the United Kingdom, Germany, Italy, France, Spain, The Netherlands. Combined, these countries account for 186,749 of entities, or 27.68%. While this does not account for the entire European continent, this figure underscores the global nature of this outage.
U.S. companies whose systems remain down are exposed to increased cyber risks. When systems are offline or experiencing disruptions, it becomes harder to implement standard security protocols and monitor for potential threats. This downtime can create vulnerabilities that cybercriminals may exploit, such as weakened defenses, unpatched software, and delayed security updates.
U.S. consumers have reported issues with declined credit card transactions, disrupting personal and business activities. Additionally, U.S. airlines, which play a crucial role in facilitating cross-border business, have experienced widespread cancellations and delays. This disruption in airline operations could lead to delays in business meetings, shipments, and other critical economic activities, further exacerbating the impact on global trade. With critical systems and data at risk, these companies face a heightened possibility of cyberattacks, including data breaches, ransomware attacks, and unauthorized access. Moreover, the inability to detect and respond to threats in real-time during such outages can exacerbate the potential damage, leading to significant financial losses, reputational harm, or regulatory consequences.
According to reports, CrowdStrike is utilized by 82 percent of U.S. state governments and 48 percent of the largest U.S. cities. Given its widespread adoption, a prolonged outage of CrowdStrike’s services could severely impact municipalities’ ability to maintain essential cybersecurity defenses. These state and municipal entities rely heavily on CrowdStrike Falcon’s advanced threat detection and real-time monitoring to protect sensitive data and critical infrastructure from cyber threats. Without these protections, municipalities could experience increased vulnerability to cyberattacks, such as ransomware, data breaches, and unauthorized access, potentially compromising public safety, emergency response systems, and the security of citizen information.
Furthermore, the disruption could hinder the ability of these governments to deliver public services effectively. Key functions such as water treatment facilities, public transportation systems, and healthcare services, which increasingly depend on digital infrastructure, could be at risk.
In addition to local municipalities, CrowdStrike is used by many prominent organizations across various sectors. Various U.S. government agencies, including parts of the Department of Defense and intelligence agencies, rely on CrowdStrike for its advanced threat detection. Major financial institutions across the U.S. and EU such as Goldman Sachs, Bank of America, and Santander also use CrowdStrike to protect their sensitive data, and giant retailers like Walmart and Target, as well as energy companies such as ExxonMobil and Exelon, also depend on CrowdStrike to defend against cyber threats and protect critical infrastructure. The system is particularly preferred by high-profile organizations worldwide for its ease of use and robust security features.
Outage Spans Multiple Industries
The direct effects of this outage also span a broad range of industries. While impacts to airlines and banks have been the most widely reported on, Interos data shows that companies in the professional services, wholesale, and various manufacturing industries make up the bulk of companies that are potentially experiencing disruptions.
Of those directly supplied by Microsoft or CrowdStrike, companies in the Professional, Scientific, and Technical Services industry make up almost 7% of customers, followed closely by companies in the Merchant Wholesalers industry, at almost 5% of customers, and the Administrative and Support Services industry, at over 3% of customers.
In total, Interos identified companies spanning almost 1,200 unique industries that are directly supplied by Microsoft or CrowdStrike. From the telecommunications industry, to hospitals, utilities providers, and even postal services, virtually no industry was left unaffected by this outage. These types of disruptions cause delays in critical infrastructure and the delivery of products services, leaving businesses and consumers across the world without access to key services or goods.
Interos’ data shows ongoing supply chain disruptions cost enterprises $100 million in annual losses on average. The company’s critical risk intelligence platform helps companies mitigate the financial impacts of multi-tier risks by continuously mapping and monitoring extended supply chains at speed and scale.
Learn how you can manage risk by exception, at scale. Speak to an expert today.