Can Companies Sue Crowdstrike for Breaching IT Contracts

Author

Reads 1.3K

Women executives in a business meeting discussing strategies with charts and phone communication.
Credit: pexels.com, Women executives in a business meeting discussing strategies with charts and phone communication.

Crowdstrike is a popular cybersecurity firm that has been at the center of several high-profile IT contracts. Companies that have partnered with Crowdstrike may be wondering if they can sue the firm for breaching these contracts.

Crowdstrike's contracts often include provisions that require the company to maintain certain security standards. If Crowdstrike fails to meet these standards, it could potentially be considered a breach of contract.

The terms of the contract will play a crucial role in determining whether a company can sue Crowdstrike. For example, if the contract includes a clause that allows for termination in the event of a breach, the company may have a strong case.

Crowdstrike's contracts typically include a clause that outlines the process for resolving disputes. This could involve mediation or arbitration, rather than a lawsuit.

Additional reading: Legal Real Estate Contract

Delta vs Crowdstrike Lawsuit

Delta is suing Crowdstrike over a faulty software update that caused a massive IT outage in July 2023.

Credit: youtube.com, Delta Airlines considering suing CrowdStrike, Microsoft after heavy delays from system-wide outage

The update led to a "never-ending 'blue screen of death'" on many users' devices, forcing banks, hospitals, media groups, retailers, and delivery companies to shut down. Airports and airlines were also affected, with Delta cancelling 7,000 flights in the five days following the outage.

Delta is accusing Crowdstrike of breach of contract and negligence, claiming the company "cut corners" and "circumvented testing and certification processes" for its own benefit. Crowdstrike has countersued, saying Delta refused help during the incident.

If Delta wins the lawsuit, it could set a major precedent, encouraging other impacted Crowdstrike customers to file their own lawsuits. This could lead to a "full spectrum of problems" for IT and cyber vendors, who would need to review their contracts.

A Crowdstrike win, on the other hand, would reassert that clients are responsible for their cybersecurity posture. This could encourage companies to take more responsibility for their cybersecurity operations.

In a recent development, a court has allowed Delta to proceed with its lawsuit against Crowdstrike. The outcome of the lawsuit is still uncertain, with Crowdstrike confident that most of Delta's claims will be found to be without merit.

You might enjoy: Can Crowdstrike Be Sued

CrowdStrike Outage

Credit: youtube.com, CrowdStrike sued by shareholders over huge software outage | REUTERS

The CrowdStrike outage was a major global IT disaster that occurred on July 19 when a faulty software update caused widespread disruptions.

The update, which was pushed out to 8.5 million Windows devices, resulted in a "Blue Screen of Death" and forced companies to manually remove the faulty update, leading to extended outages and delays.

Delta Airlines was severely impacted, canceling 7,000 flights in the five days following the outage and prompting a probe from the US Department of Transportation.

CrowdStrike's internal tests failed to catch the bug in the update due to a bug in its content validator and inadequate testing procedures.

CrowdStrike is accused of breach of contract and negligence by Delta Airlines, which alleges the company "cut corners, took shortcuts and circumvented the very testing and certification processes it advertised, for its own benefit and profit".

The faulty update caused a substantial risk of serious outages, which created "substantial reputational harm and legal risk" for CrowdStrike, according to a lawsuit filed by the Plymouth County Retirement Association.

Credit: youtube.com, Local attorney believes lawsuits could follow worldwide CrowdStrike outage

The lawsuit alleges that CrowdStrike knowingly made false statements about the quality of its products and procedures, which led to stockholders being defrauded.

CrowdStrike's stock price fell by 11% on the day of the incident, and then another 13.5% on July 22 when CEO George Kurtz was called to testify before Congress.

Here are some key statistics about the CrowdStrike outage:

  • 8.5 million Windows devices were affected by the faulty update
  • Delta Airlines canceled 7,000 flights in the five days following the outage
  • CrowdStrike's stock price fell by 11% on the day of the incident
  • The outage caused a substantial risk of serious outages, creating "substantial reputational harm and legal risk" for CrowdStrike

Financial Impact

The financial impact of the CrowdStrike Falcon update outage has been staggering, with estimated losses ranging from $300 million to $1.5 billion.

Delta Airlines alone suffered losses estimated at $500,000,000 due to the cancellation of 2,200 flights.

Market analysts estimate that big enterprises have lost $5.4 billion in total due to the outage.

This is a significant amount of money, and it's no wonder that companies are exploring litigation pathways to get some of it back.

Readers also liked: Duty of Due Care

Impact on Companies

A Delta win in the lawsuit would create a full spectrum of problems for companies, where IT and cyber vendors start urgently reviewing their contracts to protect themselves against liability. This would likely lead to additional disclaimers and safeguards being added to contracts.

Three business executives in suits collaborating around dual monitors in a modern office setting.
Credit: pexels.com, Three business executives in suits collaborating around dual monitors in a modern office setting.

If Delta prevails, cyber firms would be held to a higher standard of care, putting vendors in the legal firing line, even if a client is not following best practice. This could result in increased costs for companies.

Conversely, a Crowdstrike win would reassert that clients are responsible for their cybersecurity posture and encourage companies to take more responsibility for their cybersecurity operations.

Economic Impact

The economic impact of the CrowdStrike Falcon update outage has been staggering, with estimated losses ranging from $300 million to $1.5 billion. Market analysts estimate that big enterprises have lost a whopping $5.4 billion.

Delta Airlines alone has lost a significant $500 million due to the cancellation of 2,200 flights. The company is seeking compensation from CrowdStrike and Microsoft, which is already hiring a law firm to pursue the matter.

The losses are not just limited to Delta Airlines, with many other organizations affected by the outage. The estimated insured losses are expected to fall within the range of $300 million to $1 billion.

Contract Lessons

Credit: youtube.com, Businesses unlikely to recoup losses from CrowdStrike global outage: Lawyer | ABC News

Clear contract language is key to avoiding disputes. The contract must clearly define what the vendor has agreed to do, when it will do it, and how much it will cost, as stated by Brad Frazer, a partner at Hawley Troxell.

A statement of work clause is essential for measuring vendor performance. It's much easier to sue someone if you've got a statement of work, said Frazer.

Negotiating the highest liability limit possible with a vendor is critical, but it's unlikely to cover damages as severe as Delta's. A $100,000 agreement wouldn't make sense if the potential liability were $20 million.

The liability limit can be a ceiling that's difficult to exceed. Morvareed Salehpour, head of Salehpour Legal, described hitting that ceiling while trying to get more money for a client.

Indemnification is another crucial contract negotiation. It makes the vendor responsible for lawsuits filed against the customer because of a vendor-caused outage or security breach.

Without indemnification, customers might walk away from a deal. If they don't give me indemnification, then I might walk away, said Frazer.

If this caught your attention, see: Unfair Terms in Irish Contract Law

Bad Update Leads to Outage

Credit: youtube.com, How An Update Destroyed the Economy | The CrowdStrike Outage

A bad update can have devastating consequences, as seen in the case of CrowdStrike's faulty Falcon sensor update on July 19. This update caused an out-of-bounds memory read when processed by Falcon, leading to the operating system crashing with a Blue Screen of Death (BSOD).

The update slipped past CrowdStrike's internal tests due to a bug in its content validator and inadequate testing procedures. This resulted in the update being received by 8,500,000 Windows devices, potentially causing catastrophic, costly, and even dangerous IT outages.

The update caused an IT outage that lasted for days, with some companies taking days to resume normal operations. This was due to the need for staff to remove the faulty update manually, leading to extended outages and delays.

The faulty update had a significant impact on several companies, including airports, hospitals, government organizations, and financial firms. Delta Airlines, for example, cancelled 7,000 flights in the five days following the outage, making it the airline's worst-performing period.

Credit: youtube.com, CrowdStrike CEO: ‘We know what the issue is’ and are resolving it

Here's a list of some of the companies that were impacted by the CrowdStrike outage:

  • Airports
  • Hospitals
  • Government organizations
  • Financial firms
  • Media groups
  • Retailers
  • Delivery companies
  • Manufacturers
  • Delta Airlines

Delta Airlines is suing CrowdStrike over the outage, accusing the company of breach of contract and negligence. The airline alleges that CrowdStrike "caused a global catastrophe" by cutting corners and taking shortcuts in its testing and certification processes.

Lisa Ullrich

Senior Copy Editor

Lisa Ullrich is a meticulous and detail-oriented copy editor with a passion for precision. With a keen eye for grammar and syntax, she has honed her skills in refining complex ideas and presenting them in a clear and concise manner. Lisa's expertise spans a wide range of topics, from finance and economics to technology and culture.

Love What You Read? Stay Updated!

Join our community for insights, tips, and more.