In our hyper-connected digital age, the importance of ESG criteria in guiding responsible investment decisions has never been more critical. The recent high-profile CrowdStrike incident underscores the profound social impact that system failures in IT infrastructure can have. This blog explores the significant social challenges and opportunities within this dynamic field, focusing on the importance of oversight, quality control, and the broader implications for investors.
What happened, and why is it a problem?
In July 2024, a software update from CrowdStrike caused widespread disruptions impacting Microsoft Windows systems. This issue, not the result of a cyberattack but a flaw in an update, led to significant outages worldwide. The update caused a device driver issue within Windows, resulting in the dreaded "blue screen of death" and preventing systems from reloading. The ramifications were severe, affecting businesses, governments, and individuals alike. Airports experienced flight cancellations, hospitals faced appointment disruptions, and various services were temporarily halted.
The incident also significantly impacted federal government operations in the United States, with multiple federal systems affected. Agencies like the Justice Department, State Department, and Department of Homeland Security faced substantial operational challenges. This widespread disruption underscores the critical role of IT infrastructure in maintaining essential services and the potential societal impacts when such systems fail.
The Need for Oversight and Quality Control
The CrowdStrike incident serves as a dramatic reminder of the vulnerabilities in our interconnected IT systems. It highlights the critical need for robust quality control measures and proactive risk management to prevent such disruptions. The demands of cybersecurity and IT innovation press quality assurance to its limit, often resulting in a delicate balance between rapid advancements and maintaining system reliability. Enhanced quality assurance processes are crucial, particularly for updates affecting core system components. The incident revealed gaps in software quality assurance that allowed a flawed update to be deployed. Strengthening these processes can help prevent similar incidents and ensure the reliability of critical IT systems.
While we are yet to hear the full cause of the issue, it raises important questions about the need to weigh the potential social cost and impact when things go wrong. The extensive social ramifications, from disrupted travel plans to interrupted healthcare services, highlight the societal stakes in IT infrastructure reliability.
Relevance to Investors: Financial and Non-Financial Perspectives
From a financial perspective, incidents like CrowdStrike's can result in significant losses for investors. System failures can lead to operational disruptions, lost revenue, and increased costs for affected companies. The reputational damage can also erode customer trust and market share, further impacting financial performance. It was estimated that the top 500 US companies by revenue faced nearly $5.4 billion in financial losses due to the outage, with only a fraction of these losses being covered by insurance.
From a non-financial perspective, supporting companies with strong ESG practices aligns with broader social and ethical values. Investors increasingly recognise the importance of backing companies prioritising sustainability, ethical practices, and robust governance. This not only contributes to a more stable and equitable society but also fosters long-term value creation and resilience.
It is worth noting that the act of conducting ESG research into companies provides significant benefits beyond the direct ESG considerations themselves. The insight gained through such research can be invaluable, offering a comprehensive understanding of a company's operational resilience, risk management practices, and overall governance quality. These insights can reveal potential vulnerabilities or strengths that may not be immediately apparent through traditional financial analysis alone. Therefore, ESG research serves as a crucial tool for investors seeking to make well-informed decisions, providing a broader perspective on potential investment risks and opportunities. This holistic approach not only aligns with ethical investing principles but also enhances the robustness of investment strategies.
Identifying Companies with Oversight Flaws and Engaging for Change
Investors play a crucial role in promoting better oversight and quality control in the companies they invest in. Here are key steps to identify and engage with such companies:
- Due Diligence: Conduct thorough due diligence to assess a company's ESG practices, particularly focusing on their quality control and risk management protocols.
- Engagement: Actively engage with company management to discuss identified flaws and advocate for improvements. This can involve direct dialogue, shareholder proposals, and voting on relevant resolutions.
- Collaborative Initiatives: Participate in or support collaborative initiatives and industry standards that promote best practices in ESG.
- Signals to Companies: Send clear signals to companies that strong ESG practices are a priority for investors. This can be done through investment decisions, public statements, and participation in ESG-focused investor groups.
The CrowdStrike incident is a stark reminder of the critical importance of robust oversight, quality control, and ESG considerations in IT infrastructure. The demands of cybersecurity and IT innovation continue to press quality assurance to its limit, highlighting the need for a balanced approach that considers the potential social costs when things go wrong. For investors, understanding and addressing these factors is crucial not only for mitigating financial risks but also for supporting companies that contribute to a more secure, sustainable, and socially responsible digital future. By prioritising ESG criteria and actively engaging with companies, investors can drive meaningful change and foster a resilient and trustworthy technological landscape.