Preparing for the Next Worldwide Tech Outage

As tech leaders race to bring Windows systems back online after Friday’s software update by cybersecurity company CrowdStrike crashed around 8.5 million machines worldwide, experts share with CIO Journal their takeaways for preparing for the next major information technology outage.

Be familiar with how vendors develop, test and release their software

IT leaders should hold vendors deeply integrated within IT systems, such as CrowdStrike , to a “very high standard” of development, release quality and assurance, said Neil MacDonald , a Gartner vice president.

“Any security vendor has a responsibility to do extensive regression testing on all versions of Windows before an update is rolled out,” he said.

That involves asking existing vendors to explain how they write software, what testing they do and whether customers may choose how quickly to roll out an update.

“Incidents like this remind all of us in the CIO community of the importance of ensuring availability, reliability and security by prioritizing guardrails such as deployment and testing procedures and practices,” said Amy Farrow, chief information officer of IT automation and security company Infoblox.

Re-evaluate how your firm accepts software updates from ‘trusted’ vendors

While automatically accepting software updates has become the norm—and a recommended security practice—the CrowdStrike outage is a reminder to take a pause, some CIOs said.

“We still should be doing the full testing of packages and upgrades and new features,” said Paul Davis, a field chief information security officer at software development platform maker JFrog . undefined undefined Though it’s not feasible to test every update, especially for as many as hundreds of software vendors, Davis said he makes it a priority to test software patches according to their potential severity and size.

Automation, and maybe even artificial intelligence-based IT tools, can help.

“Humans are not very good at catching errors in thousands of lines of code,” said Jack Hidary, chief executive of AI and quantum company SandboxAQ. “We need AI trained to look for the interdependence of new software updates with the existing stack of software.”

Develop a disaster recovery plan

An incident rendering Windows computers unusable is similar to a natural disaster with systems knocked offline, said Gartner’s MacDonald. That’s why businesses should consider natural disaster recovery plans for maintaining the resiliency of their operations.

One way to do that is to set up a “clean room,” or an environment isolated from other systems, to use to bring critical systems back online, according to Chirag Mehta, a cybersecurity analyst at Constellation Research.

Businesses should also hold tabletop exercises to simulate risk scenarios, including IT outages and potential cyber threats, Mehta said.

Companies that back up data regularly were likely less impacted by the CrowdStrike outage, according to Victor Zyamzin, chief business officer of security company Qrator Labs. “Another suggestion for companies, and we’ve been saying that again and again for decades, is that you should have some backup procedure applied, running and regularly tested,” he said.

Review vendor and insurance contracts

For any vendor with a significant impact on company operations , MacDonald said companies can review their contracts and look for clauses indicating the vendors must provide reliable and stable software.

“That’s where you may have an advantage to say, if an update causes an outage, is there a clause in the contract that would cover that?” he said.

If it doesn’t, tech leaders can aim to negotiate a discount serving as a form of compensation at renewal time, MacDonald added.

The outage also highlights the importance of insurance in providing companies with bottom-line protection against cyber risks, said Peter Halprin, a partner with law firm Haynes Boone focused on cyber insurance.

This coverage can include protection against business income losses, such as those associated with an outage, whether caused by the insured company or a service provider, Halprin said.

Weigh the advantages and disadvantages of the various platforms

The CrowdStrike update affected only devices running Microsoft Windows-based systems , prompting fresh questions over whether enterprises should rely on Windows computers.

CrowdStrike runs on Windows devices through access to the kernel, the part of an operating system containing a computer’s core functions. That’s not the same for Apple ’s Mac operating system and Linux, which don’t allow the same level of access, said Mehta.

Some businesses have converted to Chromebooks , simple laptops developed by Alphabet -owned Google that run on the Chrome operating system . “Not all of them require deeper access to things,” Mehta said. “What are you doing on your laptop that actually requires Windows?”

For years, global companies showcased their Chinese operations as a source of robust growth. A burgeoning middle class, a stream of people moving to cities, and the creation of new services to cater to them—along with the promise of the further opening of the world’s second-largest economy—drew companies eager to tap into the action.

Then Covid hit, isolating China from much of the world. Chinese leader Xi Jinping tightened control of the economy, and U.S.-China relations hit a nadir. After decades of rapid growth, China’s economy is stuck in a rut, with increasing concerns about what will drive the next phase of its growth.

Though Chinese officials have acknowledged the sputtering economy, they have been reluctant to take more than incremental steps to reverse the trend. Making matters worse, government crackdowns on internet companies and measures to burst the country’s property bubble left households and businesses scarred.

Lowered Expectations

Now, multinational companies are taking a hard look at their Chinese operations and tempering their outlooks. Marriott International narrowed its global revenue per available room growth rate to 3% to 4%, citing continued weakness in China and expectations that demand could weaken further in the third quarter. Paris-based Kering , home to brands Gucci and Saint Laurent, posted a 22% decline in sales in the Asia-Pacific region, excluding Japan, in the first half amid weaker demand in Greater China, which includes Hong Kong and Macau.

Pricing pressure and deflation were common themes in quarterly results. Starbucks , which helped build a coffee culture in China over the past 25 years, described it as one of its most notable international challenges as it posted a 14% decline in sales from that business. As Chinese consumers reconsidered whether to spend money on Starbucks lattes, competitors such as Luckin Coffee increased pressure on the Seattle company. Starbucks executives said in their quarterly earnings call that “unprecedented store expansion” by rivals and a price war hurt profits and caused “significant disruptions” to the operating environment.

Executive anxiety extends beyond consumer companies. Elevator maker Otis Worldwide saw new-equipment orders in China fall by double digits in the second quarter, forcing it to cut its outlook for growth out of Asia. CEO Judy Marks told analysts on a quarterly earnings call that prices in China were down roughly 10% year over year, and she doesn’t see the pricing pressure abating. The company is turning to productivity improvements and cost cutting to blunt the hit.

Add in the uncertainty created by deteriorating U.S.-China relations, and many investors are steering clear. The iShares MSCI China exchange-traded fund has lost half its value since March 2021. Recovery attempts have been short-lived. undefined undefined And now some of those concerns are creeping into the U.S. market. “A decade ago China exposure [for a global company] was a way to add revenue growth to our portfolio,” says Margaret Vitrano, co-manager of large-cap growth strategies at ClearBridge Investments in New York. Today, she notes, “we now want to manage the risk of the China exposure.”

Vitrano expects improvement in 2025, but cautions it will be slow. Uncertainty over who will win the U.S. presidential election and the prospect of higher tariffs pose additional risks for global companies.

Behind the Malaise

For now, China is inching along at roughly 5% economic growth—down from a peak of 14% in 2007 and an average of about 8% in the 10 years before the pandemic. Chinese consumers hit by job losses and continued declines in property values are rethinking spending habits. Businesses worried about policy uncertainty are reluctant to invest and hire.

The trouble goes beyond frugal consumers. Xi is changing the economy’s growth model, relying less on the infrastructure and real estate market that fueled earlier growth. That means investing aggressively in manufacturing and exports as China looks to become more self-reliant and guard against geopolitical tensions.

The shift is hurting western multinationals, with deflationary forces amid burgeoning production capacity. “We have seen the investment community mark down expectations for these companies because they will have to change tack with lower-cost products and services,” says Joseph Quinlan, head of market strategy for the chief investment office at Merrill and Bank of America Private Bank.

Another challenge for multinationals outside of China is stiffened competition as Chinese companies innovate and expand—often with the backing of the government. Local rivals are upping the ante across sectors by building on their knowledge of local consumer preferences and the ability to produce higher-quality products.

Some global multinationals are having a hard time keeping up with homegrown innovation. Auto makers including General Motors have seen sales tumble and struggled to turn profitable as Chinese car shoppers increasingly opt for electric vehicles from BYD or NIO that are similar in price to internal-combustion-engine cars from foreign auto makers.

“China’s electric-vehicle makers have by leaps and bounds surpassed the capabilities of foreign brands who have a tie to the profit pool of internal combustible engines that they don’t want to disrupt,” says Christine Phillpotts, a fund manager for Ariel Investments’ emerging markets strategies.

Chinese companies are often faster than global rivals to market with new products or tweaks. “The cycle can be half of what it is for a global multinational with subsidiaries that need to check with headquarters, do an analysis, and then refresh,” Phillpotts says.

For many companies and investors, next year remains a question mark. Ashland CEO Guillermo Novo said in an August call with analysts that the chemical company was seeing a “big change” in China, with activity slowing and competition on pricing becoming more aggressive. The company, he said, was still trying to grasp the repercussions as it has created uncertainty in its 2025 outlook.

Sticking Around

Few companies are giving up. Executives at big global consumer and retail companies show no signs of reducing investment, with most still describing China as a long-term growth market, says Dana Telsey, CEO of Telsey Advisory Group.

Starbucks executives described the long-term opportunity as “significant,” with higher growth and margin opportunities in the future as China’s population continues to move from rural to suburban areas. But they also noted that their approach is evolving and they are in the early stages of exploring strategic partnerships.

Walmart sold its stake in August in Chinese e-commerce giant JD.com for $3.6 billion after an eight-year noncompete agreement expired. Analysts expect it to pump the money into its own Sam’s Club and Walmart China operation, which have benefited from the trend toward trading down in China.

“The story isn’t over for the global companies,” Phillpotts says. “It just means the effort and investment will be greater to compete.”

Corrections & Amplifications

Joseph Quinlan is head of market strategy for the chief investment office at Merrill and Bank of America Private Bank. An earlier version of this article incorrectly used his old title.