The July 2024 CrowdStrike outage has triggered a major rethink of tech supply chains, as businesses around the world look to build IT resilience and minimise risk, research from Adaptavist, the digital transformation technology and solutions provider, today reveals. Six months on from the incident, which affected 8.5 million devices worldwide, the findings show a decisive shift in vendor relationships and a loss of confidence in traditional single-vendor approaches, with only 16.25% of respondents expressing satisfaction with their current providers.
The study - which surveyed 400 people with software development responsibilities in organisations with $10 million or more in annual revenue in the UK, US and Germany - showed the outage has fuelled fears of a supply chain incident, with 10% viewing over-reliance on single-vendor solutions as the biggest threat to their company's IT resilience. Some 42% believe that a vendor they rely on will cause a major incident, demonstrating how companies are increasingly approaching supplier relations with caution.
As a direct response to CrowdStrike, Adaptavist’s findings show that some 27% are actively diversifying their software and service providers, while 57% are considering, revealing a widescale response from organisations to mitigate risk. However, despite waning confidence, organisations aren't simply abandoning existing relationships. 37% say they are actively strengthening partnerships with current vendors, while 34.25% are increasing their reliance on open-source solutions, suggesting a sophisticated approach to risk management.
Other findings include:
Process reform signals systematic change: The incident has catalysed comprehensive reform of software management practices. 29.5% say they are much more cautious and delay updates, 30.75% are moving towards more in-house development, and around 20% plan to implement Continuous Integration/Continuous Delivery (CI/CD), stress testing (20.75%), and monitoring and visibility (19.75%) for the first time. Additionally, three-quarters (74.5%) of respondents report placing greater emphasis on vendor risk management, with 32.5% actively exploring multi-vendor solutions, and 29.75% implementing more rigorous testing protocols, indicating a systematic approach to reducing future risks.
Investment backs strategic shift: Organisations are backing this strategic evolution with significant resources. The study reveals that 79.25% have increased investment in IT infrastructure, while an unprecedented 99.5% plan to hire additional technical staff [Q9]. This investment surge suggests organisations are serious about building long-term resilience, rather than implementing temporary fixes.
Future Outlook: The research underscored how the incident has catalysed positive change, with 74% reporting improved collaboration between IT and other departments, which may explain their enthusiasm for diversification. Meanwhile, 84% are investing more money into training for existing staff, bolstering training across cybersecurity (87.5%), incident response (86%), software testing (89%), Agile, and DevOps practices training (89.25%) to plug any remaining gaps.
Jon Mort, Chief Technology Officer of Adaptavist, commented: “This research paints a complex picture of the challenges facing organisations as they work to strengthen their digital resilience. The data suggests a fundamental reshaping of the software industry's approach to vendor relationships, moving toward a model that balances the benefits of strong vendor partnerships with the resilience of diversified technology stacks. This isn't just diversification for diversification's sake - it represents a mature evolution in how organisations approach technology partnerships and risk management.
“However, this underscores a growing need for strong service management practices that provide greater visibility and insights. The next critical challenge is going to be finding the right equilibrium between people, processes, and technology. We need to empower IT teams to work with confidence - safe in the knowledge that their processes can withstand scrutiny - if we want to ensure long-term resilience and security.”
