For those impacted, it’s a total disaster. But the good news (good-ish news?) is that this wasn’t a deliberate attack by a foreign power, or a hacktivist collective or someone like that. This was the good guys—cyber provider CrowdStrike—screwing up a security update (and watching their stock fall off a table in the aftermath).
But even if it is just a screw up, it is one for the record books, taking down everything from 911 systems to airports to millions of private businesses offline as they struggle to work from DOS-era command prompt lines to delete the killer code.
This will take time to fix—an uncomfortable, powerless position for CEOs and directors. But even here, amid the mess, there is opportunity. What should you be doing to put this crisis to use? You should be watching and evaluating and learning how your team and your technology is responding in real time. Don’t let this crisis go to waste. Focus on a few key things, perhaps, and make a list of how well you’re doing on a bunch of key points. Write them down, so you don’t forget. Here’s a non-exhaustive list to start with:
Who’s Leading? How were you informed, and by who? What was their tone, how were they handling the news? Did they have a plan or was it panic? If you weren’t impacted, did someone let you know what was happening anyway, demonstrating the correct level of situational awareness?
How’s IT Doing? This is an important day to get a real performance assessment. In response to a crisis like this—whether you are directly impacted or not—how are your IT teams performing? Are you being updated? Are they organized or is it a mad scramble? Can they talk to each other and to you effectively?
Can You Communicate? How is the quality of communication in your organization this morning? Is there communication? If impacted, do you have a non-impacted way of communicating among the senior team and with employees? If not impacted, are your teams proactively communicating about second-order implications for the company today (customers, employee concerns)?
What Are The Backups? While this disaster wasn’t a Microsoft disaster, per se, it does point to one of the biggest technology flaws in our world: Windows OS monoculture. How resilient are your IT systems proving to be in the face of a Windows-based disaster? Do you have any other operating systems in place at all to add resiliency? Has IT ever suggested that this might be an strategic risk issue, and if not, can they begin developing a plan for increased resiliency?
How Are Employees Reacting? As they wake to the news and many are unable to use their computers—or worry about using their computers—it’s a good time to assess how your workforce is handling an IT outage like this. What’s happening to your business? Total standstill? Frustration? Do they know who to call or is there just confusion? Are they able to communicate with anyone without their laptops/desktops/email? Are you able to communicate with them?
How’s Your Ecosystem? This is an important day to look upstream and downstream and all around your operations and see the impact of others on your business. What are proving to be the big vulnerabilities? What’s surprising—where didn’t you expect to see an impact that’s proving to be impactful? How are you impacting others around you, and what might the liabilities be there, both legal and for your reputation. Make a list.
What Does Insurance Cover? And what doesn’t it cover here? What’s your potential liability if your disruption impacts other businesses? Your legal team should be moving quickly to review your policies to see what you can claim in an instance like this, including potentially, the impact from other businesses being disrupted or disrupting other businesses.
What’s Plan B? Finally, this is the biggest most existential question of all: What’s the backup plan if our computers fail (or electricity goes off, or if there’s a pandemic, etc.)? If the unthinkable happens, what do we do? Did we really learn from Covid or not? And if not, how do we learn from this—whether we were directly impacted or not?
There are doubtless many other areas worth probing today, and, of course, many of us will want to start asking “how could this happen” and we’ll want to dive into strategic assessments and rethinks right away. But that can wait for Monday. Today and tomorrow are the perfect time to watch and learn and ask probing questions while your teams work to get back online. Don’t let this crisis go to waste.
Dan Bigman
Dan Bigman is Editor and Chief Content Officer of Chief Executive Group, publishers of Chief Executive, Corporate Board Member, ChiefExecutive.net, Boardmember.com and StrategicCFO360. Previously he was Managing Editor at Forbes and the founding business editor of NYTimes.com.