Moreover, experts say this kind of software error will almost certainly occur again. “We should expect it to happen again, and you need to protect against it,” Ranjan Singh, chief product officer at Kaseya, tells CSO. “There are humans involved in the entire chain of development, so invariably, there’s always room for error. But it’s our job to make sure that we go to the ends of the earth and figure out how to prevent something like this, especially in critical products.”

ForAllSecure’s Brumley says this kind of incident will “absolutely” happen again. “Huge” industry consolidation with fewer and fewer vendors will mean that “more and more people will be affected when the next big software error occurs,” he says. Security workforces that are stretched thin will only worsen the industry’s ability to respond next time. “I think people are getting tired of security, and especially with the markets changing, there’s been a huge security workforce reduction,” he says.

Time to revisit disaster recovery plans

One risk management component that CISOs should revisit now is disaster recovery. “I think a lot of companies probably got to run their disaster recovery process during the CrowdStrike outage, but not willingly, not voluntarily,” Christine Gadsby, CISO of BlackBerry, tells CSO.