Delta CEO - protecting shareholders and customers?
Following on from the global IT outage that started with a failed Crowdstrike Falcon content update, Delta Airlines was severely impacted for significantly longer than its competitors. It appears the main issue was the crew tracking system which took many days to recover.
The heat has been on the CEO of Delta, Ed Bastian ever since. The U.S. Department of Transport is now investigating whether Delta looked after their customers sufficiently. Delta have now reportedly hired legal eagles to look at going after Crowdstrike and Microsoft. Ed Bastian himself is quoted as saying “We have no choice,” Bastian told CNBC. “We have to protect our shareholders, we have to protect our customers (and) our employees for the damage, not just the cost but the reputational damage.”
I can't imagine on what grounds Microsoft could be legally forced to compensate Delta. Yes the Windows operating system broke as a result of the Crowdstrike update, but that is not a new potential issue with Windows which by design hosts many 3rd party software components. It is well known that Windows can break and Delta should have been prepared for that event via its business continuity plans. This is basic corporate risk management for any publicly listed organisation.
It does appear that Crowdstrike might have a case to answer re negligence, due to them experiencing a "two fault syndrome" where there were actually not one, but two things that went wrong. Crowdstrike have apparently learnt from the mistakes of others about crisis management. They put their hand up quickly and said "we did it". Best practice now would be to "over compensate" on making good with those impacted. Time will tell what that looks like. A crisis of this nature is a good time to actually enhance reputations by handling the crisis well.
The Delta CEO by poking chests and complaining vehemently about the performance of others, is attempting to divert attention away from the failures inside of Delta. A classic head fake and perhaps understandable, it is his job to do so. However if he really ends up in court with Crowdstrike I reckon he will come off second best, with his own reputation taking a hit. The lack of preparedness to recover the crew tracking system in a timely manner is not excusable in this day and age. The scenario where any key technology system is impacted by a major outage, is a basic risk scenario and should have been contemplated by Deltas internal risk management function. The risk register should have an entry detailing such a scenario and would have been approved by the Board and possibly reviewed by external auditors. Effective controls to mitigate the impact of such an outage should have been in place. They clearly were found wanting. Who is responsible for the consequential impact after the initial Crowdstrike failure, will likely be up for debate.
Suprisingly, Southwest Airlines suffered a similar outage in 2022 due to you guessed it, the crew scheduling system being out of service. This would have been a high visibility free corporate risk management lesson for Delta. Surely the Delta CEO then asked internally about what was the risk of their key internal systems going down? Lesson not learnt?
领英推荐
It appears that there is alignment between the Delta CEOs personal and business goals here. He is not just fighting for the reputation of his company, but he is fighting for his own reputation also. The potential problem is, how will the Delta shareholders see this? Time will tell.
Last, Delta has an abundance of smart people working on their business mission. I wonder if Delta has a blind spot around on the ground technology risk, given their appropriately high focus on the safety of it's customers when in the air and on the apron?
So What? If you are in a role responsble for organizational risk management or responsible for the performance of part or all of your organsation, the questions to consider are as follows.
You might be forgiven for the unforeseeable, but not for the lessons from others that go unheeded.
Technology Advisor, Wine Advisor (Retail), Italian Wine Ambassador
3 个月Ed Elson Scott Galloway guys I just saw your ProfGMarkets update on this topic re Delta. I liked your points about market concentration etc. but you missed a key insight on this story, see my article above, Delta shoud have been ready to recover from this kind of outage. As to not being able to break up with Crowdstrike...speaking as a former Crowdstrike customer, Delta could turn off Crowdstrike in a heartbeat, as easy as that. The problem is Crowdstrike works, it's best of breed, Delta are under cyber attack all day every day and they can't afford the risk of not running Crowdstrike. Cyber security services like Crowdstrike are not a commodity. That recent outage is nothing compared to what a successful cyber attack on an airline can look like. Love your show, young dogs and old dogs having a well analysed laugh ?? ?? #profgmarkets
Professional Editor & Resume Writer | Specializing in Executive Biographies & LinkedIn Profile Optimization
3 个月Peter Bourke The Delta Airlines IT outage underscores the crucial need for robust digital infrastructure. It's a timely reminder for all industries to safeguard their tech systems.
Excellent write-up Peter Bourke. An interesting read.