I think a good remedy would be to completely remove "normal procedure" as a defense against liability. Our legal standard should defend people who break protocols if they know they will result in harm, and prosecute people who don't, or prosecute the people who make the protocols in those cases. Law should supercede corporate policy, not treat it as a form of law

So the problem really isn't CrowdStrike or any computer at all, but dumb policy or regulation?

That's not how liability works. There is no "I followed some written procedure when it didn't make sense to do so" defense to malpractice claims.