Table of Contents
In Short
- The CrowdStrike outage highlighted potential risks for businesses relying on cybersecurity software.
- Affected companies can explore legal remedies, such as breach of contract claims.
- This incident highlights the importance of reviewing contracts with service providers for potential downtime.
Tips for Businesses
Review contracts with your software and cybersecurity providers to ensure that they include clear terms about service availability, downtime, and remedies for outages. Consider diversifying your providers or having backup plans to minimise disruptions when a critical service is unavailable.
On the afternoon of Friday, 26 July 2024, I had just started introducing myself during a video call when my laptop suddenly powered down without warning. As I frantically tried to reboot it, I noticed confusion spreading across the office. It was not long before we discovered that we were experiencing a global event – the largest IT outage ever recorded. The disruption, triggered by a flawed software update from cybersecurity firm CrowdStrike, led to the crash of 8.5 million Windows computers worldwide. The consequences were immediate, causing significant disruptions to businesses everywhere. This article will discuss your business’s rights and potential actions if you were impacted by the CrowdStrike outage.
Possible Options
The recent CrowdStrike outage highlights how vital connectivity is in today’s world, leaving many individuals and businesses dealing with frustration and disruptions. According to an initial report from CrowdStrike, a technical issue in a software update likely triggered the outage. As a business owner, knowing your legal and financial options is essential when network outages severely affect your operations.
Imagine this scenario: You run a small to medium business that depends heavily on internet and network connections to keep things running smoothly daily. Suddenly, an outage hits, cutting off your company’s internet and phone systems, leaving crucial tools and communication methods unavailable. In this situation, your options are limited. You could:
- delay operations until the connection comes back;
- try working offline, though functionality would be restricted; or
- relocate resources to another spot with network access.
No matter your chosen method, during the outage, your business will face considerable productivity setbacks, possible project delays, and interruptions to customer or client interactions. This disruption in regular operations will likely affect your revenue, profitability, and relationships with clients or customers.
Compensation Claims
Business owners are evaluating the financial impact of the CrowdStrike outage, sparking significant discussions around compensation claims. There is already talk of class actions and potential government intervention, but compensation options for businesses are likely limited.
Crucially, when using CrowdStrike’s services, you agree to its Terms and Conditions, which aim to limit the company’s liability significantly. These include:
- Disclaimers (Section 8.6): CrowdStrike does not guarantee uninterrupted services or the fulfilment of specific needs. These disclaimers are designed to prevent breach claims.
- Total Liability Cap (Section 10.1): CrowdStrike caps its total liability to the fees paid for the affected product during the subscription period, potentially preventing businesses from recovering full losses.
The Terms and Conditions are governed by California law and courts. Consequently, even if these provisions did not exist, legal action would be costly for English businesses pursuing claims.
As a result, direct claims against CrowdStrike are likely to be both difficult and expensive, leaving many businesses feeling frustrated and uncertain about their options.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
Risk Management
If your business holds Business Continuity Insurance, you may be eligible to claim relief. This insurance is designed to cover costs and losses arising from disruptions to business operations, such as the recent outage. By filing a claim with your insurer, businesses with this coverage may be able to reduce some of the financial impact from the incident.
Businesses without this insurance could face greater difficulties in recovering their losses. Therefore, it may be worth consulting an insurance broker about obtaining coverage for these exceptional situations going forward.
Terms and Conditions
The outage emphasises the need for thorough contract reviews between service providers and their customers.
Clear contractual terms can reduce service providers’ legal and financial risks in the event of service disruptions or outages. For example, contracts may include liability limitation clauses, force majeure clauses for uncontrollable events, and applicable law provisions.
As a customer, it is essential to understand your contract fully. Important clauses to examine include:
- the scope of services provided;
- service level commitments;
- compensation if obligations are not met; and
- rights to terminate the contract.
Stronger provisions offer better recourse options if prolonged outages severely impact operations.
Consumer Laws
The Consumer Laws do not apply to businesses in the UK. As a result, even if statutory guarantees could offer protection in this situation, they will not provide any extra protection to the majority of CrowdStrike’s UK-based customers.
This Website Privacy Notice states how a business will deal with the personal information of its users.
Key Takeaways
As one of the businesses impacted by the CrowdStrike outage, you likely faced significant inconvenience, frustration, and costs. However, CrowdStrike’s terms and conditions heavily restrict its liability, making it challenging to pursue a direct claim. For an English business, making claims against a US-based company can be both complex and costly. Instead, you might want to use your Business Continuity Insurance to seek relief through your insurer. This outage underscores the need for strong risk management strategies and a thorough review of any contracts with IT service providers before they are entered into.
If you have further questions about claims against CrowdStrike, LegalVision’s experienced disputes lawyers can assist as part of our LegalVision membership. You will have unlimited access to lawyers to answer your questions and draft and review your documents for a low monthly fee. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
As CrowdStrike is from the United States, it would be more difficult for you as an English business to make a claim against them based on English law. If you have Business Continuity Insurance, you may seek relief via insurance instead.
Reviewing your agreement with the service provider is an essential part of limiting negative impacts in IT outages. Ensure there are contractual ways for you to hold them accountable for failing to reach the service level commitment they agreed to. Furthermore, ensure you implement comprehensive IT risk management policies in your business.
We appreciate your feedback – your submission has been successfully received.