UK financial firms are advised to strengthen their defenses against incidents similar to CrowdStrike.

October 31, London To minimize any damage on consumers and markets, British financial firms should prepare to provide business services in "severe but plausible" situations, like a worldwide tech outage, the markets regulator warned Thursday. The Financial Conduct Authority (FCA) said unregulated third-party issues were the main source of operational incidents reported between 2022 and 2023 in a statement detailing the lessons that could be drawn from the global disruption caused by U.S. cybersecurity firm CrowdStrike's poorly executed software update in July.

UK financial firms are advised to strengthen their defenses against incidents similar to CrowdStrike.

October 31, London To minimize any damage to consumers and markets, British financial firms should get ready to provide business services in "severe but plausible" situations, like a worldwide tech outage, the markets regulator warned Thursday. The Financial Conduct Authority (FCA) said unregulated third-party issues were the main source of operational incidents reported between 2022 and 2023 in a statement detailing the lessons that could be drawn from the global disruption caused by U.S. cybersecurity firm CrowdStrike's poorly executed software update in July.

The Falcon platform, a well-known fundamental technology used by CrowdStrike (CRWD.O), recognizes and reacts to vicious threats. However, an outage on July 19 affected sectors like banks, healthcare, media, and hotel chains, resulting in the cancelation of flights worldwide. The FCA reported that consumers had not been harmed after speaking with businesses about the occurrence to gauge its effects. Nonetheless, it stated that businesses had until March 2025 to ensure their resilience to such occurrences.

Companies were urged to think about several actions, such as making sure testing scenarios were sufficient, enhancing third-party risk controls, and making sure contracts explicitly outline who is responsible for service monitoring, incident notification, and updates both during and after occurrences. "We encourage all firms, regardless of how they were affected by the CrowdStrike incident, to consider these lessons, to improve their ability to respond to and recover from future disruptions," the Financial Conduct Authority stated.