Skip to content

CrowdStrike Outage: Understanding Business Owners’ Rights and Key Lessons

Table of Contents

In Short

  • The CrowdStrike outage highlighted potential risks for businesses relying on cybersecurity software.
  • Affected companies can explore legal remedies, such as breach of contract claims.
  • This incident highlights the importance of reviewing contracts with service providers for potential downtime.

Tips for Businesses

Review contracts with your software and cybersecurity providers to ensure that they include clear terms about service availability, downtime, and remedies for outages. Consider diversifying your providers or having backup plans to minimise disruptions when a critical service is unavailable.

On the afternoon of Friday, 26 July 2024, I had just started introducing myself during a video call when my laptop suddenly powered down without warning. As I frantically tried to reboot it, I noticed confusion spreading across the office. It was not long before we discovered that we were experiencing a global event – the largest IT outage ever recorded. The disruption, triggered by a flawed software update from cybersecurity firm CrowdStrike, led to the crash of 8.5 million Windows computers worldwide. The consequences were immediate, causing significant disruptions to businesses everywhere. This article will discuss your business’s rights and potential actions if you were impacted by the CrowdStrike outage.

Possible Options

The recent CrowdStrike outage highlights how vital connectivity is in today’s world, leaving many individuals and businesses dealing with frustration and disruptions. According to an initial report from CrowdStrike, a technical issue in a software update likely triggered the outage. As a business owner, knowing your legal and financial options is essential when network outages severely affect your operations.

Imagine this scenario: You run a small to medium business that depends heavily on internet and network connections to keep things running smoothly daily. Suddenly, an outage hits, cutting off your company’s internet and phone systems, leaving crucial tools and communication methods unavailable. In this situation, your options are limited. You could:

  • delay operations until the connection comes back;
  • try working offline, though functionality would be restricted; or
  • relocate resources to another spot with network access.

No matter your chosen method, during the outage, your business will face considerable productivity setbacks, possible project delays, and interruptions to customer or client interactions. This disruption in regular operations will likely affect your revenue, profitability, and relationships with clients or customers.

Compensation Claims

Business owners are evaluating the financial impact of the CrowdStrike outage, sparking significant discussions around compensation claims. There is already talk of class actions and potential government intervention, but compensation options for businesses are likely limited.

Crucially, when using CrowdStrike’s services, you agree to its Terms and Conditions, which aim to limit the company’s liability significantly. These include:

  • Disclaimers (Section 8.6): CrowdStrike does not guarantee uninterrupted services or the fulfilment of specific needs. These disclaimers are designed to prevent breach claims.
  • Total Liability Cap (Section 10.1): CrowdStrike caps its total liability to the fees paid for the affected product during the subscription period, potentially preventing businesses from recovering full losses.

The Terms and Conditions are governed by California law and courts. Consequently, even if these provisions did not exist, legal action would be costly for English businesses pursuing claims.

As a result, direct claims against CrowdStrike are likely to be both difficult and expensive, leaving many businesses feeling frustrated and uncertain about their options.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

Risk Management

If your business holds Business Continuity Insurance, you may be eligible to claim relief. This insurance is designed to cover costs and losses arising from disruptions to business operations, such as the recent outage. By filing a claim with your insurer, businesses with this coverage may be able to reduce some of the financial impact from the incident.

Businesses without this insurance could face greater difficulties in recovering their losses. Therefore, it may be worth consulting an insurance broker about obtaining coverage for these exceptional situations going forward.

The Crowdstrike outage has clearly reminded us of the importance of preparing for cyber incidents and the need for strong risk management strategies.

Terms and Conditions

The outage emphasises the need for thorough contract reviews between service providers and their customers.

Clear contractual terms can reduce service providers’ legal and financial risks in the event of service disruptions or outages. For example, contracts may include liability limitation clauses, force majeure clauses for uncontrollable events, and applicable law provisions.

As a customer, it is essential to understand your contract fully. Important clauses to examine include:

  • the scope of services provided;
  • service level commitments;
  • compensation if obligations are not met; and
  • rights to terminate the contract.

Stronger provisions offer better recourse options if prolonged outages severely impact operations.

Consumer Laws

The Consumer Laws do not apply to businesses in the UK. As a result, even if statutory guarantees could offer protection in this situation, they will not provide any extra protection to the majority of CrowdStrike’s UK-based customers.

Front page of publication
Privacy Notice

This Website Privacy Notice states how a business will deal with the personal information of its users.

Download Now

Key Takeaways

As one of the businesses impacted by the CrowdStrike outage, you likely faced significant inconvenience, frustration, and costs. However, CrowdStrike’s terms and conditions heavily restrict its liability, making it challenging to pursue a direct claim. For an English business, making claims against a US-based company can be both complex and costly. Instead, you might want to use your Business Continuity Insurance to seek relief through your insurer. This outage underscores the need for strong risk management strategies and a thorough review of any contracts with IT service providers before they are entered into.

If you have further questions about claims against CrowdStrike, LegalVision’s experienced disputes lawyers can assist as part of our LegalVision membership. You will have unlimited access to lawyers to answer your questions and draft and review your documents for a low monthly fee. Call us today on 0808 196 8584 or visit our membership page.

Frequently Asked Questions

I want to sue CrowdStrike for cutting off my business operations. Is this possible?

As CrowdStrike is from the United States, it would be more difficult for you as an English business to make a claim against them based on English law. If you have Business Continuity Insurance, you may seek relief via insurance instead.

How can I protect my business from future incidents like the CrowdStrike crash?

Reviewing your agreement with the service provider is an essential part of limiting negative impacts in IT outages. Ensure there are contractual ways for you to hold them accountable for failing to reach the service level commitment they agreed to. Furthermore, ensure you implement comprehensive IT risk management policies in your business.

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Harmanjot Kaur

Harmanjot Kaur

Senior Associate | View profile

Harmanjot is a Senior Associate in LegalVision’s Corporate & Commercial team. She works closely with startups, SMEs and enterprise clients to provide commercially pragmatic advice. Previously a member of our Growth team, Harmanjot harnesses her experience as a Legal Project Manager to better understand the businesses she works with and uses this knowledge when drafting and negotiating commercial arrangements for her clients.

Qualifications:  Bachelor of Laws, Bachelor of Communications, University of Technology Sydney.

Read all articles by Harmanjot

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards