Global IT Outages: Impact on Major Industries
July 23, 2024
Note: We reveal investment insights through the quotes of top business leaders.
Key Takeaways
- IT outages have significantly reduced productivity and financial stability across industries, with companies like Boeing and CVS experiencing operational disruptions and financial risks.
- Healthcare and financial services face unique challenges from IT disruptions, including impaired visibility and credit downgrades, highlighting the pervasive impact across sectors.
- Organizations are enhancing digital resilience through integrated defense strategies, proactive risk mitigation, and increased investments in threat intelligence and incident response capabilities.
- Companies are prioritizing cybersecurity initiatives, such as Microsoft's Secure Future Initiative and Google's use of Gemini, to manage and prevent IT outages.
- Ensuring regulatory compliance is crucial to mitigate risks associated with IT outages, with companies like Oracle, Google, and IBM emphasizing adherence to evolving regulations and robust security solutions.
Operational and Financial Impact on Industries
IT outages have significantly reduced productivity and financial stability across industries, with Boeing facing adverse impacts on operations and cash flows, and CVS experiencing impaired visibility and delayed claims processing due to a cyberattack on Change Healthcare.
"These factors have reduced overall productivity and adversely impacted our financial position, results of operations and cash flows." --- (BA, sec filing, 2024/Q1)
"• Visibility across the health insurance industry was significantly impaired by the cyberattack on Change Healthcare during the first quarter of 2024, which resulted in delayed receipt and processing of claims." --- (CVS, sec filing, 2024/Q1)
"These programs are ongoing, and while we believe the cost and fee estimates incorporated in the financial statements are appropriate, the technical complexity of these programs creates financial risk as additional completion costs may become necessary or scheduled delivery dates could be extended, which could trigger termination provisions or other financially significant exposure." --- (BA, sec filing, 2024/Q1)
"Like others in the industry, our visibility in the quarter was impaired by the cyber-attack on Change Healthcare." --- (CVS, earning call, 2024/Q1)
"Now I also recognize that this can be disruptive both operationally and financially." --- (BA, conference, 2024/05/23)
Sector-Specific Disruptions and Challenges
Healthcare faces stability concerns from IT disruptions, while financial services grapple with fixed income trading risks and meeting protocols. Aerospace sees credit downgrades due to operational disruptions. Each sector encounters unique challenges, highlighting the pervasive impact of IT outages across industries.
"While the final impact of the Change Healthcare disruption will not be known for several months, our most recent interim reporting suggests that our March 31st reserve balances are stable and could show modest levels of positive development, which is not incorporated into our current outlook." --- (CVS, earning call, 2024/Q1)
"You hear a lot from the non banks in terms of the disruption risk. So one, give us a sense of the disruption risk to fixed income trading for the banks." --- (JPM, event transcript, Investor Day 2024/05/20)
"Fitch also downgraded our credit rating outlook from positive to stable driven by the financial impact of unexpected operational disruptions and the potential for additional corporate actions that should enhance longer-term operations." --- (BA, sec filing, 2024/Q1)
"Now that comes at a cost. In a year where there could be a lot of disruption, where some of our peers could be making significant changes as well, where you've got the Part D changes out in the marketplace that could have various different impacts." --- (CVS, conference, 2024/05/29)
"If a technical disruption occurs that prevents us from continuing, the polls will be closed immediately, the votes received prior to the time the polls closed will be counted. The meeting will not be reconvened and the vote results will be announced publicly." --- (JPM, event transcript, 2024/05/21)
Response and Mitigation Strategies
Organizations are enhancing digital resilience through integrated defense strategies, proactive risk mitigation, and continuous asset monitoring. Emphasis on cyber threat mitigation, capacity-building, and cloud-native security platforms is crucial. Increased investments in threat intelligence and incident response capabilities are also pivotal in mitigating the impact of IT outages.
"The integration allows organizations to utilize the strength of each solution to create a more comprehensive defense strategy that will improve digital resilience. Splunk Asset and Risk Intelligence: A critical solution for the SOC of the future, designed to revolutionize proactive risk mitigation through continuous asset discovery and compliance monitoring." --- (CSCO, press release, 2024/05/06)
"They urged Alphabet to pause and consider all the risks associated with this new technology so that the company could establish risk mitigation practices. Yet our company raced forward with Bard without the appropriate guardrails in place and unfortunately shareholders felt the consequences." --- (GOOG, event transcript, 2024/06/07)
""For USAID host countries to benefit from IT modernization efforts, they must incorporate cyber threat mitigation and capacity-building into their program design and implementation," said Alice Fakir, Partner, Lead of Cybersecurity Services, U.S. Federal Market for IBM Consulting." --- (IBM, press release, 2024/07/17)
"As a result, the cloud security market has witnessed increased investments in threat intelligence, incident response capabilities, and cloud-native security platforms to enhance cyber resilience and mitigate the impact of future disruptions." --- (IBM, press release, 2024/05/23)
Role of Cybersecurity in Outage Management
Companies are prioritizing cybersecurity to manage IT outages, with initiatives like Microsoft's Secure Future Initiative and Google's use of Gemini for threat detection. Cisco leverages its assets to enhance cybersecurity, while Fortinet's National Cybersecurity Strategy emphasizes secure-by-design principles. Effective cybersecurity measures are crucial in preventing and managing IT outages.
"We launched our Secure Future Initiative last fall for this reason, bringing together every part of the company to advance cybersecurity protection, and we are doubling down on this very important work, putting security above all else, before all other features and investments." --- (MSFT, earning call, 2024/Q3)
"And what are you leveraging? As a leading networking and security company, what are you leveraging out of all your assets in order to improve your position in cybersecurity?" --- (CSCO, conference, 2024/05/07)
"Cybersecurity analysts are using Gemini to help spot threats, summarize intelligence, and take action against attacks, helping companies like American Family Insurance aggregate and analyze security data in seconds instead of days." --- (GOOG, earning call, 2024/Q1)
"The National Cybersecurity Strategy focuses on "secure-by-design" and "secure-by-default," shifting #cybersecurity responsibilities to capable organizations." --- (FTNT, Twitter post, 2024/06/01)
"The outage was quickly linked to a software update issued on Microsoft Windows systems by the cybersecurity company CrowdStrike." --- (MSFT, press release, 2024/07/21)
Technological Advancements to Prevent IT Outages
AI-driven technology, secure access, and interoperability initiatives are key advancements being adopted by major tech companies like Oracle, Microsoft, Cisco, IBM, and Amazon to prevent IT outages. These efforts focus on training, security, integration, and comprehensive protection against evolving threats.
"We want to make sure that when we put AI driven technology out there that it's been trained on the appropriate number of interactions or so they want to make sure that they have more clarity and information." --- (ORCL, conference, 2024/06/05)
"And it was a little bit chaotic. I think the next couple of years, we're going to start to see both companies embracing obviously AI much greater for productivity inside of their company, but really you need to do it in a very secure way." --- (MSFT, conference, 2024/06/06)
"Most of them don't have a SOC or they're just starting out building a SOC. For secure access, you usually see organizations because of the simplicity and ability to integrate with the rest of the security cloud, they're using us quite a bit. And then this our secure access capability also ties in with all of the technology that" --- (CSCO, event transcript, 2024/06/04)
"Similarly, technology integrations and interoperability initiatives between vendors enable seamless integration of security solutions across diverse cloud environments, ensuring comprehensive protection against evolving threats." --- (IBM, press release, 2024/05/23)
"We continue to invest heavily in technologies, resources, training and programs that aim to reduce and eliminate risks for our employees, partners and communities." --- (AMZN, AGM, 2024/05/22)
Regulatory and Compliance Considerations
Ensuring regulatory compliance is crucial to mitigate risks associated with IT outages. Companies like Oracle, Google, and IBM emphasize the importance of adhering to evolving regulations, investing in robust security solutions, and maintaining centralized oversight to prevent compliance violations and safeguard against cyber threats.
"Regulatory Compliance and Future-Readiness: Meeting Regulations: Helps clients comply with new and evolving regulatory standards for quantum-resistant encryption and data protection. Future-Proof Solutions: Prepares businesses for future quantum-computing advancements with robust and scalable security solutions." --- (ORCL, press release, 2024/07/09)
"As the regulatory landscape continues to evolve globally, failure to comply with relevant regulation may lead to significant risk to the company." --- (GOOG, event transcript, 2024/06/07)
"As a result, investments in cloud security solutions become a strategic imperative to safeguard sensitive data, ensure regulatory compliance, and protect against evolving cyber threats." --- (IBM, press release, 2024/05/23)
"All services, not just some services and they get to deploy it any way they want, and they get the security or the regulatory requirements, sovereignty may be very critical." --- (ORCL, earning call, 2024/Q4)
"This lack of centralized oversight increases the risk of security gaps, misconfigurations, and unauthorized access, leaving organizations vulnerable to cyber threats and compliance violations." --- (IBM, press release, 2024/05/23)
Long-Term Implications for Industries
Global IT outages could significantly impact industries reliant on technology providers, as highlighted by JPMorgan Chase. The financial services sector, for instance, depends on continuous technological advancements and AI from providers like FIS and Fiserv. Additionally, the payments business's resilience underscores the critical need for robust IT infrastructure to ensure uninterrupted global money movement.
"So I'm not saying here that economies of scale is important to everyone. You can run a single branch or 4 branches and run a very profitable business because you are very good and you're relying on other people providing technology to you as FIS or Fiserv or something like that, they remember they're going to be providing over time AI and other products and services." --- (JPM, conference, 2024/05/29)
"Jeremy Barnum: Well, I think one of the things about payments businesses is that in some sense, I mean, recession proof is probably the wrong word, and in any case we're not dealing with a recession, but we're talking fundamentally about moving money through pipes around the world, and that's a thing that people need to do more or less no matter what." --- (JPM, earning call, 2024/Q1)