Facing Scrutiny Over Global Outage, Cybersecurity Firm CrowdStrike On Track for Record Year of Federal Lobbying Spending

Crowdstrike , a cybersecurity firm thrust into the spotlight over a widespread outage in July that caused what is now considered the largest IT outage in history , is on track for a record year of federal lobbying spending.

The embattled cybersecurity company spent more than $360,000 on federal lobbying in the first half of 2024, according to an OpenSecrets analysis of filings that cover the period through the end of June — more than the same period in any prior year. Since the July incident, Crowdstrike has only ramped up its lobbying operation more as it faces scrutiny from lawmakers.

On Sept. 24, members of the U.S. House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection grilled CrowdStrike senior executive Adam Meyers about the July software outage that plagued customers across the globe with grounded flights , canceled surgeries and the infamous blue screen of death .

The multiday IT headache, triggered by a faulty software update , affected around 8.5 million devices globally and is estimated to have cost Fortune 500 companies $5.4 billion. This incident thrust the lesser-known CrowdStrike into the spotlight as its clientele — ranging from corporations to federal agencies — grappled with the fallout weeks and months afterward.

The incident on July 19 put CrowdStrike on the map for many outside the cybersecurity sector. Founded in 2011, the company provides threat detection, prevention, and response software to high-profile clients such as the Federal Trade Commission, American Airlines, Wells Fargo and the owners of entertainment hub Las Vegas Sphere.

Historically, CrowdStrike was best known for deploying immediate updates upon detecting threats, distributing as many as 10-12 per day to users via the Microsoft Windows Operating System.

In response to customer and partner feedback from the outage, the company has since shifted to a phased or staggered update rollout . Users can now select their preferred timing for updates: early, as scheduled, or deferred for extra-sensitive projects like important work presentations.

Meyers assured the members of Congress on the subcommittee that CrowdStrike continues to assist customers who have yet to regain full access to the company’s Falcon OS platform. He repeatedly expressed sorrow and regret on behalf of the company for the inconveniences caused by the outage, especially for those in rural areas with minimal access to IT assistance.

“We are working with customers to ensure that they have what they need to feel comfortable about working with CrowdStrike,” Meyers told the subcommittee. “We’re continuing to rebuild that trust. Trust takes years to make and seconds to break, and we understand that we broke that trust and we need to work to earn it back.”

However, now that approximately 99% of Windows sensors for its Falcon platform are up and running , Meyers noted that the company has pivoted its focus to scanning for misinformation threats, especially from actors based in Iran, North Korea, Russia and China.

The two parties looked ahead toward Election Day and beyond, considering the potential for domestic and foreign adversaries to exploit vulnerabilities similar to those exposed by the July 19 incident, which could trigger a more severe cyberattack and global crisis.

Lawmakers also engaged Meyers about the importance of building a relationship with the subcommittee to prevent future outages, whether involving CrowdStrike or a competing firm.

“[This committee] has the best intentions for our country and our allies to defend against these adversaries, some which you mentioned are trying to kill us every single day,” said Representative Tony Gonzales (R-Texas). “So that’s what we’re up against, and we need partners, and I want to make sure from a legislative standpoint we’re getting it right.”

When asked if CrowdStrike would work with the federal government and provide support and expertise in the event of another global outage—accidental or intentional—Meyers gave his word on behalf of the firm. “In the situation where there is a cyber incident, then the responsibilities change. It becomes us supporting the government: helping to understand who these threat actors are, what they’re after, and how to stop them,” he said.

“Private-public partnership is absolutely essential because this is a team sport, and we are all on the same team,” Meyers added.

The subcommittee chairman and ranking members did not immediately respond to a request for comment from OpenSecrets about CrowdStrike’s sharp increase in federal lobbying.

It’s not the first time CrowdStrike has engaged with federal officials. Historically, the company has lobbied the federal government for financial and policy support . These efforts have intensified in response to recent surges in cyber threats and CrowdStrike’s expansion as one of the world’s most popular providers of threat-monitoring software.

“CrowdStrike regularly engages with relevant government bodies around the world, including Congress, to share our unique insights about today’s extraordinary threat landscape and perspective on the dynamic policy solutions needed to protect our customers,” a CrowdStrike spokesperson told OpenSecrets. “CrowdStrike and our partners make all required filings about our engagement, which are publicly available.”

While CrowdStrike’s operations have grown in the past decade, cyber threats have become increasingly complex and challenging to counter. Meyers noted that hackers who leverage newly popular artificial intelligence tools could soon outsmart standard threat detection software.

The cybersecurity firm reported a 36% increase in total revenue in fiscal year 2024, rising to over $3 billion according to an end-of-year financial report by the company. Last year also set revenue records with the company seeing a 54% increase in revenue to $2.24 billion during its 2023 fiscal year.

As Crowdstrike’s revenue increased, so has its lobbying. The firm spent $620,000 lobbying the federal government in 2023, nearly a 90% increase from the $330,000 it spent the previous year and more than triple its spending in 2019, the first year the firm’s lobbyists reported spending.

Crowdstrike’s lobbying efforts focused on homeland security and IT defense policies and legislation. So far in 2024, CrowdStrike has lobbied federal officials and agencies for over 12% more than it did at the same point last year, targeting legislation such as the Modernizing Government Technology Reform Act and the Strengthening Agency Management and Oversight of Software Assets Act .

On July 20, one day after the incident, the company recruited the law and lobbying firm DLA Piper to handle “policies and proposals related to [the] congressional response” to the outage, according to a lobbying disclosure form .

With heightened global scrutiny following the July outage and increasing fears that malicious actors might exploit weaknesses revealed by the incident, CrowdStrike’s challenges and calls for support are likely to intensify — and with them, its lobbying efforts.

“This isn’t just a one off,” Gonzales said about the increasing risk of cyberattacks in his final line of questioning to Meyers. “The more that your team can be working with our staff as we build out meaningful responses, whether through the appropriations process or through legislation, will be very critical for us. I do worry that we’ll get it wrong, or we’ll be delayed in a response… Let’s work toward fixing this long term.”