CrowdStrike outage spurs rethink on ‘critical’ vendors

Some want US regulators to designate tech firms that pose risks to financial stability

CrowdStrike
Sipa US/Alamy Stock Photo

CrowdStrike was not generally deemed a critical vendor by bank risk teams before last month’s outage – though some now think it perhaps should have been.

“While the assessment of criticality varies by company, CrowdStrike is often seen as a lower-tier vendor,” says a chief information security officer (Ciso) at a large global bank. “What happens with this type of security company is that we see them as utilities and never think of them going down. But in reality, they have the ability to

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to Risk.net? View our subscription options

The changing shape of risk

S&P Global Market Intelligence’s head of credit and risk solutions reveals how firms are adjusting their strategies and capabilities to embrace a more holistic view of risk

Most read articles loading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here