CrowdStrike Faces Lawsuits Over Global Outage, Likely to Drive Up Insurance Costs

• Investors and affected organizations have sued the cybersecurity company CrowdStrike over the faulty update that caused a global outage of Windows systems.
• The CrowdStrike global IT outage will test cyber insurance companies, with expectations of losses in billions of dollars.

Following the massive global IT outage caused by a software update by cybersecurity firm CrowdStrike, new lawsuits, and insurance claims have emerged, highlighting the incident’s fallout. The outage, which affected businesses worldwide, has generated backlash and scrutiny from the insurance industry.

CrowdStrike’s software update led to a massive global IT outage of Windows devices, crippling services for multiple businesses, including high-profile companies such as Delta Airlines and prominent financial institutions. The outage lasted several days, causing widespread disruption and significant economic losses for affected businesses.

See More: EU’s Artificial Intelligence Act Comes Into Effect

Legal Repercussions

The Plymouth County Retirement Association has filed a class-action lawsuit against CrowdStrike, alleging that the company failed to disclose risks and vulnerabilities associated with its updates. The association claims it has lost financially as it was tricked into buying CrowdStrike shares. The lawsuit also claims that company executives misled investors about the reliability of its cybersecurity solutions, resulting in significant financial losses.

To account for the losses, the lawsuit states that CrowdStrike’s stock price fell by 11% on the day of the incident, which was followed by another drop of 13.5% on July 22, when Congress called the CEO for testimony, and 10% more on July 29 following news that Delta Airlines had hired an attorney to seek damages.

Customers have also initiated lawsuits against the company. For example, Delta Airlines reportedly sought damages from CrowdStrike and Microsoft, alleging significant financial and operating losses from the disruption. Other businesses are also likely to take action over similar grievances.

Insurance Claims

The CrowdStrike outage is also likely to result in various insurance claims. Businesses affected by the outage are set to seek compensation for their losses via cyber insurance policies. Such claims will drive massive insurance losses, with some estimates of the global losses going up to $10 billion.

Businesses are expected to make claims under “systems failure” provisions, which is becoming standard for cyber insurance policies because the incident is not a malicious attack. Similarly, clients of firms that used Microsoft and CrowdStrike could also file claims for losses arising from business interruption caused by the outage, and coverage will be dependent on the same criteria.

Warren Buffett has warned about the risks and costs associated with cyber insurance. The CrowdStrike incident is an example of these challenges. The large volume and scale of the claims will likely have significant implications for cyber insurance players, leading to higher premiums and more stringent underwriting criteria for the foreseeable future.

CrowdStrike’s Silver Lining

Despite the potentially significant claims, according to the cybersecurity firm’s terms and conditions, CrowdStrike doesn’t have to pay anything more than a simple refund. Consequently, if a company had a claim against CrowdStrike for downtime or lost revenue, it might only recover whatever it paid to CrowdStrike.

Takeaways

The CrowdStrike outage highlights vulnerabilities that could be present in even the most trusted cybersecurity solutions. It has also highlighted the need for continuous monitoring and assessment of risks associated with IT infrastructure and essential third-party vendors.

As the legal and financial implications of the outage become apparent, businesses and investors are watching how CrowdStrike meets these challenges. The incident is a critical reminder of the importance of good cybersecurity practices and the consequences of such lapses.

The CrowdStrike outage has disrupted businesses globally. As lawsuits and insurance claims pile up, the incident serves as a lesson for the cybersecurity industry and its clients, emphasizing the need for transparency, vigilance, and comprehensive risk management in the long term.

LATEST NEWS STORIES

• New Sitting Ducks DNS Attack Technique Puts Millions of Domains at Risk of Hijack
• DigiCert Plans to Revoke Thousands of SSL/TLS Certificates
• OpenAI Launches the Advanced Voice Mode… With a Catch
• Faulty Operation of Microsoft’s DDoS Defenses Amplified Impact of Azure Outage