CrowdStrike's Catastrophe: A Botched Update Brought the World to Its Knees
Mitch Jackson, Esq.
? Coffee-fueled lawyer ?? Creator and innovator "Platforms come and go, but relationships can last a lifetime. Focus on the relationships."
What’s CrowdStrike’s liability when a routine software update from this cybersecurity giant throws the world into chaos? Imagine 3,000 US flights grounded, businesses grinding to a halt, emergency 911 systems on the fritz, and government agencies paralyzed—all because of a global computer outage.
This digital disaster rippled across the country, leaving millions stranded, disconnected, and scrambling for solutions in a world that suddenly seemed to have hit a technological reset button. The culprit? A single botched update from CrowdStrike, revealing just how fragile our tech-dependent economy is.
CrowdStrike's Liability Cap Explained
As a lawyer I began to wonder. How much money did this defective update cost consumers, businesses and the economy? Is anyone responsible for the financial losses? I did some quick digging into CrowdStrike's terms of service (TOS) agreements and this is what I found.
The TOS agreements I looked at create a strong shield, sharply limiting CrowdStrike’s liability for financial losses and business harm caused by their software. Liability is capped at the total fees paid by the customer during their subscription, meaning refunds are the maximum compensation available.
These terms exclude liability for lost profits, revenue, data, business opportunities, and various damages. Services are provided "as is" without warranties, absolving CrowdStrike from responsibility for damages caused by viruses or denial-of-service attacks. While larger companies might negotiate different terms, the standard agreements focus on limiting CrowdStrike's liability rather than compensating for broader business impacts.
What this means is that for the most part, the only thing CrowdStike is on the hook for, because of a problem it caused, is to refund customer subscription fees.
Cyber Insurance Limitations for CrowdStrike Issues
What about Cyber insurance? Will it will cover the losses?
Generally speaking, cyber insurance can be a complex safety net, especially for issues related to the CrowdStrike software case. Policies often exclude non-malicious events like software glitches or updates (that’s not a typo), which means cyber insurance might not cover business interruptions or financial losses unless a cyberattack is involved. Even when covered, waiting periods and deductibles can delay fund recovery and increase out-of-pocket costs.
Business interruption coverage usually needs to be purchased separately, and policy limits can cap payouts, often insufficient in large-scale outages. Additionally, significant software issues can trigger lawsuits and regulatory scrutiny, complicating claims and extending resolution times. To ensure adequate protection, businesses must thoroughly review their policies and consider additional coverage options.
领英推荐
Things to Think About
In light of this digital disaster, it's crucial for customers to thoroughly read and understand all terms of service agreements and the scope of their cyber insurance coverage. Additionally, moving forward customers should negotiate with service providers for additional promises and waivers of liability for harm and damages caused by the providers' own software or services. After all, being informed and proactive is key to protecting against unexpected disruptions.
Be smart. Stay safe!
Mitch Jackson, Esq. | Lawyer and Private Mediator
?? 30+ years of helping clients with law, litigation and mediation.
??? Don't miss my next post. Please ring the bell at the top of my LinkedIn profile.
?? Exciting news! My latest book, "Artificial IntelligenceI in Law: Revolutionizing Your Legal Practice with Innovative Strategies and Tools," is live. Best part? It's completely free! Read here https://mitchjackson.xyz/3/ai-in-law
??? If someone forwarded this issue to you, please consider subscribing to your own personal copy of my weekly “AI, Web3 and Metaverse Update” newsletter.
? Coffee-fueled lawyer ?? Creator and innovator "Platforms come and go, but relationships can last a lifetime. Focus on the relationships."
4 个月Update- CrowdStrike to vendors: Sorry for the global tech outage. Here’s a $10 Uber Eats voucher. So I'm guessing that's probably not going to cut it. According to experts, the outage may have cost Fortune 500 companies as much as $5.4 billion in revenues and gross profit. I wonder what will happen next?
Founder & CEO, Group 8 Security Solutions Inc. DBA Machine Learning Intelligence
4 个月Really good read.
Web Alchemy: Transforming Ideas into Code. Custom Web Development, Optimized for Google, ADA Compliant, Google Lighthouse Perfection in Under a Second. W3C Compliant. Elevated with Django Excellence!
4 个月CrowdStrike, the Cyber firm that shut down air travel, credit card payment systems, Banks, broadcast, street lights, 911, and hospitals around the globe with a single content update is the same company that lied about the Russia hack on the DNC, that set up Russiagate. A private company that was working for the Clinton campaign, that the FBI relied on (rather than do their own independent investigation) on the "hacked" DNC servers. It only emerged four years later that CrowdStrike had "no evidence" of Russian hacking. The Clinton campaign, CrowdStrike, and Mueller had all concealed this and went so far as to give false statements to Congress about it. Shawn Henry, the Chief Security Officer and President of CrowdStrike Services, joined in 2012 after retiring from the FBI.
Mitch, you keep delivering time after time. The next time I see a TOS I have a plan. Copy/paste into my AI of choice and ask for a simple explanation with the option of more details on questionable terms. Thanks No more blind approvals.
? Coffee-fueled lawyer ?? Creator and innovator "Platforms come and go, but relationships can last a lifetime. Focus on the relationships."
4 个月Saturday update from Crowdstrike https://www.crowdstrike.com/blog/technical-details-on-todays-outage/ On July 19, 2024, a CrowdStrike sensor update caused a system crash (BSOD) on Windows systems. This was self-inflicted by Crowdstrike and not a cyberattack. As a customer, the quick resolution might be appreciated, but the lack of mention of compensation for financial and goodwill losses would be disappointing. This upcoming week I'll share in this thread a few ways companies can deal with existing and future TOS liability limiting agreements, just like the Crowdstrike document I referenced in the original Friday night post above. Stay tuned.