this is bbc news. we'll have the headlines for you at the top of the hour, which is straight after this programme. hello and welcome to talking business. here's what's on the programme this week — crowdstrike�*s faulty software updates, not hackers has caused what's been called the largest it outage in history. thousands of flights were grounded, hospitals disrupted, and broadcasters knocked off air as millions of devices running microsoft windows crashed. but as the costs ratchet up into the billions of dollars, we'll ask whether it's the price we pay for being so reliant on digital infrastructure. i'll discuss that and more with a cyber influencer and author, and i'll talk to the boss of a global cybersecurity firm that's the ncc group. plus, what does it all say about our readiness for the latest artificial intelligence breakthroughs?

we'll speak to one boss that's helping companies bring cutting edge ai into the workplace. welcome to the programme. now, the great global it outage came not from cybercriminals, but from a company trying to protect us from them. the previously inconspicuous crowdstrike became a household name overnight, but for all the wrong reasons. we're deeply sorry for the impact that we've caused to customers, to travellers, to anyone affected by this, including our companies. let's have a quick look back at what happened on that fateful friday. here's our tech reporter, chris vallance. the global it outage started in the early hours of the morning, us time. crowdstrike, one of the most trusted names in cybersecurity, issued a minor update to its falcon sensor software. it was meant to help the security software

spot the latest hacking threats, but when it reached machines running windows, this happened. the blue screen of death, an update that was meant to protect computers, instead crashed them. across crowdstrike�*s nearly 30,000 customers, thousands upon thousands of machines were crashing. microsoft estimates that in total, 8.5 million devices running windows were disabled. airlines were grounded, medical appointments were cancelled, and even some supermarket checkouts stopped working. crowdstrike apologised and deployed a fix, but for machines that had crashed because of the bug, they had to be manually restarted in safe mode and the dodgy update deleted. it was a time consuming

logistical nightmare for companies with thousands of computers distributed far and wide. at crowdstrike. .. crowdstrike has committed to do better to check that updates when they are released don't contain problems, but the total cost of this global outage has been estimated to run into the billions of dollars. if lessons have been learned, they've certainly been learned the hard way. ok, so let's talk about some of those costs. and part of the reason this had such a big impact is because of the nature of crowdstrike customers. they include some of the biggest companies and government agencies in the world. in the us alone, amongst the fortune 500 biggest companies, excluding microsoft, the outage is reported to have cost nearly $5.5 billion. the banking and health care sector took the biggest hit, making up

nearly 60% of the total, and it costjust six airlines in the fortune 500 around $860 million. all of that adds up to a sizeable bill, and just a small proportion will be covered by cyber insurance about ten to 20%, according to the insurers parametrics, who are behind all of this data. now, that numberjust covers america's biggest companies. it doesn't include the many small and medium sized firms affected right around the world, from australia to the uk. it means the total price tag globally is likely to be much higher. and so that raises bigger questions about the relationship we all have between risk, cost and reward when it comes to how we use technology. when computers fail, many businesses have little to fall back on. given the threat posed by cyber attacks, why are firms not more resilient? this wasn't a malicious

act done by hackers seeking a ransom, it was caused by human error. but the outage highlights the huge impact that losing our tech can have on our lives and our livelihoods. so, to explore what it means for the future, i caught up with the cyber expert and founder of the in security movement, jane frankland. it's good to have you on the programme. and so here we are. the dust has settled, but let's take a look at what happened and just how surprised you were that one firm, crowdstrike, was able to cause so much chaos for so many businesses around the world. how much of a surprise was it? yeah, for me, i wasn't surprised at all. as far as i'm concerned, this has been a disaster waiting to happen. we are so reliant on technology. we have single points of failure, we are so interconnected and we are becoming more so. so the fact that this was a human error in this case and not a cyber attack, really, it was a good thing

in some in some ways, because this was a wake up call for us to actually put in place practices that we need to be doing more of. how would you assess the state of our preparedness when it comes to events like this? you know, on one hand, as we said, this was a human error fault. but when it comes to cyber attacks, we know that risk is growing. how ready are we for them? you know, we have a huge spectrum of companies out there, from micro organisations to great big enterprises. some are more prepared than others and they're doing a much betterjob. but others, you know, particularly the smaller businesses and those micro businesses which comprise so much of our economy, our global economy, it's just an afterthought, you know, in terms of security or in terms of those responses, crisis response plans. so we've got to consider this more. we've got to do what if and scenario based tests so that we have got our

playbooks, our responses in in place. responses in place. and at the same time, it strikes me lots of firms are pushing into new areas of tech and innovation. i'm thinking of things like cloud computing, but also ai. and if anything, that just opens these businesses to even greater risk, doesn't it? and yet, at the same time, it doesn't feel like they're taking the necessary precautions to protect against the downsides of these new technologies. absolutely. and we're seeing that in certain countries more than more than others. as the technologies are evolving at speed and this whole digital transformation is going on, we're not keeping up. so we must do better. it has to be top of mind for us, because we cannot have more instances like this. instances like this are becoming the new normal. and we've been saying this for years in the industry. what is the answer here? it's all well

and good saying yes, we're going to invest in more cyber security software, we're going to take that provision, you know, more seriously. but what is the day to day solution here to protect firms better? you've got to be prepared. you know, long and short of it, you have to be prepared. you have to know your risk. you have to be able to evaluate that. and you need to do this quickly. you need to do it simply. you need to make sure that the communication is there and that everybody understands that and ensure that everyone in your organisation is becoming a security ambassador, because that way they are going to become a shield for your organisation. so when we increase our cyber literacy, then we do better. we reduce our risks. use your workforce as your greatest shield. make sure your cyber security literacy is is improved. people know what to do, it is clear, it is simple and you are prepared for the what if scenarios. you know, what if this happens? you know, get creative.

like, pull people together and think about those different scenarios that can happen, happen and be wild with your imagination because that is required. jane frankland, really good to have you on the programme this week. thank you. 0k, from the big picture then to the detail, what actually needs to change day to day when it comes to boosting our digital defences? i spoke to the boss of global cyber security firm the ncc group. mike maddison, good to have you with us. nice to see you. thank you. talk to me first of all about crowdstrike. the dust has settled a little bit. we have a clearer idea of what went on and how it was resolved. were you surprised by the power of seemingly one company to take down so many others around the world? i would say not surprised, but if we reflect on the incident more broadly, it was... it, i think caught us by surprise in two ways.

the first would be the sheer scale of it. and i think if you some of the initial reports we saw was something like 600,000 customers of either crowdstrike, microsoft, being affected. and if you take it one or two degrees beyond that — millions. so the scale probably did, i think, surprise many. but what i think was most surprising and what shone a really hard light on the industry and for businesses more broadly, was actually the complexity of being able to respond to something like this and actually being able to build the sort of resilience within business operations that you would need to be able to respond to what was a very good product rolled out to a bunch of customers. so that was the thing that surprised us most. and that roll—out is what caused so many problems, wasn't it? it was a roll—out to so many machines at the same time. there was a problem with it.

and then the fix was a manual one. you had to go in and and delete a bit of code. automatic updates are an important tool in terms of ensuring that software is effective. if you don't have automatic roll—out, then obviously you're exposing organisations potentially to additional risk. you haven't fixed operational bugs or there are security vulnerabilities. so automatic roll—outs are really important. now clearly, what this has shone a light on is the importance of testing within the technology industry or the updates deployed that have been tested effectively. and actually there is mitigations in place by corporates for any potential vulnerability or any any potential hiccups. what are the fixes if something like this happens again, what have we learned to prevent either it happening again or b to fix it more quickly and not cause the disruption that we saw? i think from this incident, one of the things we've learned is just how complex our supply chains are. and i think many businesses don't really understand that. so crowdstrike, as i say, fantastic product,

but it's probably not a strategic solution within an organisation. it's not a core finance system, it's not a core hr system. so for that to be able to cause these sorts of implications is quite serious. so i think what the lessons are for businesses, for supply chains is actually you've got to understand how technology fits within your operations. i think you have to be prepared to think through scenarios so that you have the prepared plans in place, and we have to test. and i think it really does talk to a whole objective, which is about digital resilience in an interconnected world. that's fairly early days. we're seeing regulations start to come through, but it is fairly early days for a lot of organisations. so there's a lot to do around this. and we hear that word resilience a lot. what does it really mean? because these weren't small companies, you know, on small budgets that might be forgiven for sort of overlooking some of those kind of plan b's. these were huge organisations that you would expect would have a better plan in place, and they didn't. what does resilience look like?

i think it's again, this is a wake up call. i don't think we have as organisations looked at some of these things systemically. so resilience i think, is having an end to end conversation about testing, both in terms of testing the deployment of software, testing the receipt of that software, but also testing your plans to respond. a lot of organisations, they're running hot and fast. testing resilience plans is sometimes maybe second thought. we need to get a serious conversation at board level about the extent to which organisations are thinking about it, testing it, have the plans in place for it, and actually understand where key elements of this the software can impact business operations. but if an organisation came to you, mike, and said, look, we fell victim to this, it was a huge problem. we've got a massive bill. how do i make sure this doesn't happen again? where do you start on that advice?

so back to build out the scenarios and then start going through your supply chain to look at what are the points of failure and therefore what are the plans you have to have in place. do we know enough about our supply chain? organisations definitely do not know enough about their supply chains. it's incredibly complex. we are a connected world and we expect that these days. so for organisations to work through that is actually a relatively new. they've always worked in isolation. that's why i think if you look at the digital 0perational resilience act that is coming in place in the eu, it's looking at things far more systemically than maybe we've ever had to do before. but that's an evolving piece in in the digital world, which we. world, which we are. i wonder as well, when we talk a lot right now about al and the role that that will play in transforming the way that we work and live. and it feels like a very new technology. loads of organisations just getting their head around quite

how transformative it could be. they can't even have got their head around the tech itself, never mind its potential vulnerabilities. this opens up a whole new sphere of vulnerability for an organisation, doesn't it? it absolutely does. and it's a fascinating area as the speed with which technology is constantly advancing. organisations are in a rush. you could argue ai is in something of a hype cycle, but we are in a rush to adopt and they are naturally vulnerabilities you introduce as part of taking on new technologies. so we are definitely talking to more and more clients about understanding the security risks within ai. but there's more than that. there are what are the biases that they actually may be introducing? are they doubling down on actually poor processes that they may have and reinforcing problems. so actually understanding how you adopt ai is, is a really big, really big challenge for organisations. and given what you do attacks like this, problems like this must be good news. i mean it, it keeps you busier than ever, doesn't it? for us as an organisation, particularly one which i think is unique in terms

of our globalfootprint and the clients we work with, what it has highlighted is the critical importance of systems resilience in terms of business operations. so we are advising clients globally about how to deal with this. so i would never categorise this as good news. but i think in terms of organisational awareness, it certainly spurred organisations to actually respond appropriately. mike madison, chief executive of the ncc group, really good to have you here. thank you very much. cheers. staying with tech now and moving on to the latest artificial intelligence in the workplace. it promises to transform our lives, but it could also reshape our jobs. and one industry particularly exposed is consultancy. estimates suggest around half of the sector's activities are vulnerable to being replaced by ai. so just how do you keep people on board? to find out, mark ashton spoke to the chief executive

of it consultants avanade. pamela maynard, thanks for being on the show with us. so listen, let's start with crowdstrike, if we can, that recent global it outage. just talk us through how big that was for you as a company. does that still send a shiver down your spine when you think about it? it does send a shiver down my spine. i mean, for us as a company, because we're not users of crowdstrike, it didn't impact us specifically. but but where that impact was felt was with our clients. you know, we work with thousands of clients across the world. and about 20% of our clients were actually impacted. not only that, some of our employees were also impacted, actually, because they were travelling and they got caught up in all the travel and transport disruption as well. so where our effort has really gone is in helping our clients to get their it infrastructures back up and running safely and securely. so taking a step back from it, how much do you think it might damage the sort of broader industry?

it is an industry, the it world built on sort of trust, isn't it? and systems working safely effectively. so how the long term picture, really. i think what what it's done is it has helped everybody to understand the importance of having secure, resilient infrastructures. and so rather than damage, i think what it's done is put the shone the light on that, put that into focus and you'll see more effort in terms of, you know, shoring up those infrastructures, making them more resilient, more secure as a result of the lessons learned. if we can move on to ai tech. now, you've been a pioneer, if i can call you that of ai for for many, many years now, i've seen you styled as an ai first ceo, but also, on the other hand, putting people first at the centre of everything you do. how do you square that circle? i really do believe that success with al is about how you can really get your employees comfortable and trusting in al, which is why, as you think about al and where you want to go with al, where you want

to use al to deliver value in your business, you need to have people first. you need to help your employees to really get comfortable, to really be able to understand through transparency the results that are being produced by the al, to understand where the accountability is sitting in the organisation. to understand the ethical and responsible ai framework, um, under which is governing the use of ai in that business, so that again, they build that trust and we have seen that improve. and we're seeing that improve in our employee sentiment towards the generative ai tools that we're using. i suppose the fear, though, is ai will kind of take over. whether that sort of simply doing some of the tasks we do now replacing jobs or, you know, at the other end of the scale, these conspiracy theorists, it's going to sort of take over the world. how can ai, in your view, help us perform our tasks better? i totally get what you're saying in terms of that. again, that fear that al is going to overtake the world.

it isn't happening yet, right? it isn't happening. and what we're actually seeing is that, you know, ai is becoming more of a help and assistant, if you like. it's augmenting what our people are doing. it's transforming how we work. it's taking away some of the more mundane tasks, the more monotonous tasks, um, and allowing our consultants to really focus on where it matters most with our clients. so the strategic thinking, the innovation and the creative thinking, the change management around how to be successful with al versus that, you know, just the sort of monotonous development tasks that can be, you know, historically, if you like, is where our consultants will have spent their time. so it's the shift, if you like, in terms of how ai is transforming how we work. it's not upending and taking awayjobs yet. how do those conversations go, though, when you when you talk to people, how do you get sort of buy in from staff? i appreciate it's very different for each person, but there still must be that sort of fear

of the unknown that, you know, can i still be creative, innovative in myjob if i'm giving up some of this? the way in which we're doing it is because is we're deploying the technology, allowing our people to innovate and experiment with it. right? so what we've done is we've stood up a responsible ai framework, providing the transparency and the understanding of the results, making sure we're testing and we're validating ai results with humans. so one of the things we did is we run a big hackathon through the organisation, where people were experimenting with al and allowing it to surface ideas as to how we could transform how we work. and it's through that sort of experimentation that people are getting more comfortable with it. and our people are actually saying through our recent survey that they're seeing that, you know, co—pilot, for example, is actually helping them to be, you know, 40% more creative than they expected, 70% more collaborative than previously through the use of these technologies. and it's the experimentation that we're enabling in the company that's allowing that to happen. what advice would you have for leaders?

i mean, i guess there's always a danger that leaders could sort of delegate some of the slightly more menial tasks. maybe they have to ai is there a danger that people become even more distant from, say, the, you know, the shop floor, as it were? i think it's really important from an ai perspective, to work out and understand where the value is going to come from al, and focus on unlocking that value versus following the hype. there is a lot of hype out there at the moment in terms of ai and generative ai, but where's the value? you know, work out where the value take the time to work out where the value is going to come from, but from investing in al, is it going to come from enhanced customer service? is it going to come from operational efficiency? take the time to understand that. put in place a responsible ai framework. so skill your organisation in how to best use ai and therefore trust and you know uh and get comfortable with the ai. i mean everything

you're saying here suggests it will change our sort of day to day working world, won't it? i mean, you've spoken in the past about diversity. you're self personally. you know, the thoughts about fear of speaking up in meetings. how do we guard against i perhaps making it more difficult for those marginalised voices to speak out? i think ai offers the opportunity for diverse, you know, underrepresented people who are different in a way that, you know, rather than hinder, i think actually offers an opportunity. and again, one of the things that we've spotted through the use of co—pilot is for some of our neurodiverse employees. it's actually helped, co—pilot in terms of transcription, where they're able to focus more in terms of, you know, the meeting summaries, um, the that's actually helped them to participate more in meetings rather than hinder their participation. so actually, i think ai offers an opportunity for those of us

who are different. it's again, up to, you know, organisations, governments, etc. to putting the right processes and governance to enable that diverse opportunity to really be realised. and a lot of this, if i can just ask you about the sort of wider market, a lot of this driven by the sort of popularity of big tech now and i'm thinking america, the big us growth stocks, the magnificent seven and now nvidia sort of muscling in aren't they. there are different views on this that this is just going to carry on and on and on. or maybe we'll get a sort of a correction or a pause for breath or a sort of rebalancing. where do you sort of stand on the the short term where we're heading in the next few months? in the next few months, last year? there has been such a surge in terms of this interest in al, and you'll know as well in terms of the hype cycles that happen. and maybe we're at one of those places now where organisations are stepping back and actually considering are we really getting the

return on investment from al? are we going to see the return on investment? this ai landscape is so busy, where do i start? so it doesn't surprise me what's happening at the moment. and i do think organisations are really trying to understand their why in terms of ai. pamela maynard, ceo of avanade, thank you so much for coming on the show. thank you. it's been a delight to be here. well, that's all for this week. i hope you enjoyed the show. don't forget, you can keep up to date with all the latest on the global economy on the bbc website, or on the smartphone app. thanks for watching. we'll see you very soon. bye— bye. hello there. for part two of the weekend,

it looks like low pressure will be affecting more north—western parts of the country, whereas further south, thanks to the ridge of high pressure, we should see a lot of dry and settled weather. quite a bit of cloud around on sunday, but some sunny spells here and there and conditions turning wetter and windier thanks to this area of low pressure across northern ireland and western scotland as we go through the day. but much of central and eastern scotland, england and wales, quite a bit of cloud, like i mentioned, but also some sunny breaks here and there, and pleasantly warm — high teens to low 20s from north to south across the country. now, it'll be turning windier and wetter across the north—west of the uk as we head through sunday night, the rain really starting to pile into northern ireland, certainly across scotland, western scotland seeing most of that rain. some of the rain could be quite heavy, perhaps even thundery in a few places. but we'll be drawing up some warm and muggy air, so by monday morning, areas starting off with temperatures around the mid—teens. for monday, we have this area of low pressure almost in situ to the north—west of the uk, with this weather front bringing further heavy rain

to the north and west. we're scooping up this very warm and humid air from the near continent. so a wet, windy day to come for northern and western scotland, some heavy rain at times, could see some disruption across western scotland. for parts of eastern scotland, certainly england and wales, it'll stay mostly dry, with some spells of sunshine and feeling warm and humid, mid to high 20s in celsius. warm and muggy across scotland. tuesday night, we see that weather front crossing the country. some of the rain could be heavy, maybe thundery on it, even as it pushes towards eastern areas. it'll take its time to clear the south—east on tuesday, so rather cloudy, some spots of rain. behind it, the air turns fresher again with plenty of sunshine, a few showers for western scotland and northern ireland. temperatures 19 to 2a or 25 degrees, so those values coming back down again with lower humidity. as we move out to tuesday into wednesday, low pressure affects the northern half of the country again. stronger winds, outbreaks of rain, higher pressure towards the south. so again, it's going to be a blustery day on wednesday for scotland, maybe the far north—west of england, northern ireland, with a few showers.

further south, tending to stay dry with variable cloud coming and going and some spells of sunshine. again, low to mid 20s in the south, high teens, low 20s in the north. and as we end the week, we hold on to that theme, with low pressure always bringing more cloud and rain at times to the north of the uk. higher pressure continues to bring more settled and warmer conditions further south.

live from washington,

this is bbc news. hezbollah says it has launched dozens of rockets at israel. that's as the uk and us urge their citizens to leave lebanon because of fears of an all out war. bricks and bottles have been thrown at police as far—right rallies turned violent in england and northern ireland. hello, i'm carl nasman. we begin with some developing news. hezbollah says it has launched "dozens" of rockets toward israel from southern lebanon. the israeli military has about 30 rockets were fired into northern israel, one. most were intercepted and others landed intercepted and others landed in open areas and there were no casualties.