A global tech outage on Friday traced back to cybersecurity firm CrowdStrike, has raised questions about who will bear the financial burden of the damages, which could surpass $1 billion.
Described by one cybersecurity expert as potentially the “largest IT outage in history,” the incident caused the cancellation of over 5,000 commercial airline flights worldwide. It disrupted many businesses from retail to package deliveries and hospitals, resulting in significant revenue losses, decreased productivity, and increased labor costs.
The outage was triggered by faulty code in a CrowdStrike software update. Despite their apology, CrowdStrike has not indicated whether they will compensate affected customers. When asked about this, the company did not address the issue of compensation.
Experts predict demands for compensation and potential lawsuits. “If you’re a lawyer for CrowdStrike, you’re probably not going to enjoy the rest of your summer,” said Dan Ives, a tech analyst at Wedbush Securities.
Billion-Dollar Consequences
While exact costs are still uncertain, Patrick Anderson, CEO of Anderson Economic Group, estimates the financial impact could easily top $1 billion. Anderson referenced a previous hack of CDK Global, which serves US car dealerships, as a benchmark, noting that while that incident was industry-specific, the recent outage has broader implications.
“This outage is affecting far more consumers and businesses, leading to significant out-of-pocket costs,” Anderson said. Airlines, in particular, face substantial losses from canceled flights and increased labor and fuel costs due to delays.
Despite CrowdStrike’s prominent position in the cybersecurity industry, with annual revenues just under $4 billion, the financial hit could be severe. However, legal protections in customer contracts might shield CrowdStrike from liability. James Lewis of the Center for Strategic and International Studies suggested, “I would guess that the contracts protect them.”
Lewis pointed to a recent case where a judge dismissed SEC charges against SolarWinds following a Russian hack, suggesting that similar protections might apply to CrowdStrike.
Customer Retention Uncertain
The impact on CrowdStrike’s customer base remains unclear. Dan Ives from Wedbush Securities estimates that less than 5% of customers might seek alternatives. “CrowdStrike is so entrenched that switching would be a gamble,” he noted. The real challenge for CrowdStrike could be the reputational damage, which might hinder new customer acquisition.
“Today, CrowdStrike has become a household name, but not in a good way. This will take time to settle down,” Ives remarked.
CrowdStrike CEO George Kurtz, in an interview on CNBC, emphasized the company’s focus on resolving the issues and expressed optimism about customer understanding. “My goal right now is to make sure every customer is back up and running,” he said.
Despite Kurtz’s assurances, competitors may use the incident to attract CrowdStrike’s clients. “It’s a very competitive business. Rivals will be quick to claim this has never happened to them,” said Eric O’Neill, a cybersecurity expert and former FBI counterintelligence operative. He added, “CrowdStrike is an excellent company doing important work. I hope they survive this. If they don’t, the only winner will be the cybercriminals.”
