The High Price of Tech Failures: CrowdStrike’s Outage Sparks Global Compensation Battles

CrowdStrike's Outage Sparks Global Banner Image
August 5, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

In the corporate world, mistakes are inevitable, but how a company responds makes all the difference. Recent years have showcased numerous examples of corporate blunders and damage control attempts that underscore the importance of timely and sensitive responses.

Toyota’s Costly Delay

Consider Toyota’s 2010 recall of 2.3 million U.S. vehicles due to a pedal defect linked to 34 deaths. Their delayed apology, issued a week later, was widely criticized as too late, highlighting the need for prompt action in crisis situations.

Charter Communications’ Insensitivity

In Alabama, after devastating tornadoes, Charter Communications advised victims to search for missing cable boxes, threatening a $212 fine for unreturned equipment. Public outrage forced Charter to retract this threat, assuring customers they wouldn’t be charged. This incident underscores the importance of empathy in crisis management.

CrowdStrike’s Global Outage

Today, CrowdStrike has become a household name, but not for the right reasons. The July 19 incident, which led to a massive tech outage affecting 8.5 million Microsoft Windows devices, has left a lasting impact. US lawmakers have called CrowdStrike CEO George Kurtz to testify on Capitol Hill, citing the “urgency and global scale of this incident.” Kurtz swiftly addressed the situation, appearing on TV and social media to clarify that the event was neither a security incident nor a cyberattack and that a fix had been implemented. He subsequently issued an apology for the disruption caused by the company’s actions.

Aviation Sector Chaos

The aviation sector was among the worst affected by the global Microsoft software outage, with airlines like IndiGo, Vistara, Akasa, and SpiceJet experiencing significant disruptions. Reports indicated that over 10,000 commercial airline flights worldwide were canceled, with hundreds more delayed or canceled in India. Insurance companies in India, such as Go Digit General Insurance and Bajaj Allianz General Insurance, agreed to pay claims if covered by policy terms.

Global statistics from Cirium showed that Australian airlines were hit second hardest after the US, with 88 out of 1453 flights canceled on July 20. The extensive impact on airlines highlights the far-reaching consequences of tech outages.

The Billion-Dollar Fallout

On June 19, a devastating cyberattack hit Chicago-based dealership software provider CDK Global, compelling the company to deactivate most of its systems serving dealership customers until July 5. This unprecedented breach led to a staggering loss exceeding $1 billion for car dealerships across the nation, as reported by Anderson Economic Group in East Lansing. Remarkably, this disruption was confined to just one sector.

The CrowdStrike outage disrupted various industries, including retail, healthcare, and package delivery, resulting in significant revenue losses and reduced productivity.

A CIO, speaking anonymously, revealed that CrowdStrike lacked adequate procedures and practices for safely deploying its service, resulting in significant losses for its clients.

Parametrix’s analysis of the CrowdStrike outage revealed direct and insured losses for Fortune 500 companies amounting to $5.4 billion, excluding Microsoft. The healthcare sector was hardest hit, followed by banking and airlines, with insured losses estimated between $0.54 billion and $1.08 billion.

Seeking Compensation

Tony Fernandes, CEO of Capital A, and Malaysia’s digital minister, Gobind Singh Deo, have urged Microsoft and CrowdStrike to compensate businesses that incurred losses during the global tech outage. Delta Air has enlisted a law firm to pursue compensation from CrowdStrike and Microsoft after being forced to cancel over 6,000 flights due to the disruption.

The Uncertain Path to Compensation

Industry experts highlight the complexities surrounding compensation claims against CrowdStrike. Standard terms and conditions limit users to refunds, only allowing them to recover what they paid to the cybersecurity firm. However, customers with bespoke Service Level Agreements (SLAs) might receive additional compensation if the SLA specifies penalties for service failures. CrowdStrike’s silence on its obligations to pay damages or refunds has added to the uncertainty, with the company potentially facing claims worldwide.

Business continuity insurance will undoubtedly be impacted.

However, this is where things can get complicated. Insurance companies will aggressively pursue CrowdStrike if they have claims to pay out, while CrowdStrike will defend against these claims.

The Reputational Damage

While financial compensation remains uncertain, the reputational damage to CrowdStrike could have long-term implications. The difficulty and cost for customers to switch to competitors, combined with the global publicity of the outage, may hinder CrowdStrike’s ability to attract new clients.

This event serves as a reminder of the complex and interconnected nature of global computing systems and their vulnerability to errors. The world learned relatively quickly that cybersecurity firm CrowdStrike was behind the crippling global tech outage on July 19. However, figuring out who will pay for the damages remains a complicated and ongoing issue.