Skip to content

CrowdStrike Outage: Navigating Business Owners’ Rights and Lessons Learnt

On Friday afternoon, 26 July 2024, I was just introducing myself on a video conference when my laptop stopped working and shut down. Whilst scrambling to restart my laptop, I looked around the office, and many of my colleagues were in the same state of confusion. We would soon come to know that we were part of a worldwide event described as the largest IT outage in history. The incident, caused by a faulty software update from cybersecurity company CrowdStrike, resulted in 8.5 million Windows computers crashing globally. The impact was immediate, with widespread business interruption ensuing. This article will explore your business’s rights and options if it was affected by the CrowdStrike outage.

Possible Options

The CrowdStrike outage demonstrates the significance of connectivity in today’s world, with many individuals and businesses facing frustration and inconvenience. A preliminary report from CrowdStrike suggests a flawed technical update caused the outage. Regardless, you, as the business owner, will want to understand your legal and financial options when network disruptions such as this one significantly impact your operations.

Consider the following hypothetical. You are a small to medium business that relies heavily on internet and network connectivity for daily operations. The outage disrupts your company’s internet and phone systems, rendering essential tools and communication channels inaccessible. In this case, there are limited actions you can take, including: 

  • postponing operations until connectivity was restored; 
  • attempting to work offline with limited functionality; or 
  • diverting resources to an alternative location with network access. 

Regardless of the approach taken, your business experiences significant productivity losses, potential project delays, and disruptions to client or customer interactions for the duration of the outage. This interruption to normal business operations likely impacts revenues, profitability, and client/customer relationships. 

Compensation Claims

Business owners are assessing the financial impact of the Crowdstrike outage, and there has been much discussion about compensation claims. Already, there is talk of class actions and government intervention; however, financial compensation options for businesses are likely limited. 

Importantly, in using CrowdStrike’s services, you are subject to its Terms and Conditions, which aim to significantly curb the company’s liability exposure. They include, for example: 

  • Disclaimers (Section 8.6): CrowdStrike does not guarantee uninterrupted services or fulfilment of particular needs. These disclaimers aim to make breach claims impossible.
  • A total liability cap (Section 10.1): CrowdStrike restricts its total liability to fees paid for the affected product during that subscription period. This potentially restricts businesses from claiming recovery of their full losses.

Even if these limits were not in place, the Terms and Conditions are subject to California state law and courts. As a result, legal action would be expensive for Australian businesses that make a claim.

The combined effect of the above means that direct claims against CrowdStrike would be difficult and costly. This has left many businesses feeling frustrated and uncertain about their recourse options.

Continue reading this article below the form
Loading form

Australian Consumer Law

It is important to note that the Australian Consumer Law (ACL) provides statutory guarantees that prevent standard contract terms from being invalidated. The ACL allows consumers to seek refunds, replacements, or compensation for service failures, potentially overriding CrowdStrike’s liability limits. However, it can be challenging to make claims against CrowdStrike, a United States-based company under the ACL in Australia. 

Risk Management

If your business has taken Business Continuity Insurance, you may be able to claim some relief. This type of insurance is designed to cover the costs and losses associated with disruptions to business operations, such as the recent outage. By filing a claim with your insurer, businesses with this coverage may be able to mitigate some of the financial fallout from the incident.

For businesses without such insurance, the road to recovery may be more challenging. As a result, you may consider consulting an insurance broker about obtaining insurance for these unprecedented circumstances. 

The Crowdstrike outage has served as a stark reminder of the importance of being prepared for cyber incidents of this nature, and the need for robust risk management strategies.

Terms and Conditions

The outage also highlights the importance of carefully reviewing contracts for both service providers and their customers.

For service providers, having clear contract terms can limit your legal and financial exposure if service disruptions or outages occur. For instance, there may be liability limitation clauses, force majeure clauses for uncontrollable events, and specification of applicable laws

As the customer of a service provider, you should thoroughly understand your contracts. Key clauses to review include:

  • the scope of services promised;
  • service level commitments;
  • compensation if obligations are not met; and 
  • rights to terminate the agreement. 

Having stronger provisions can provide options for recourse if prolonged outages significantly impact operations.

Front page of publication
2024 Key Data and Privacy Developments

The Australian Government is changing the law to protect consumer privacy after a series of high-profile data breaches and to bring the law into line with the safer and more protective laws in other regions. This fact sheet outlines what is expected in 2024.

Download Now

Key Takeaways

As one of many businesses affected by the CrowdStrike outage, you may have experienced significant inconvenience, frustration, and costs. However, CrowdStrike’s terms and conditions significantly limit its liability exposure, making it difficult for you to make a direct claim against it. While the Australian Consumer Law could potentially override CrowdStrike’s liability limits, it would be challenging to make claims against a United States company. Instead, consider employing your Business Continuity Insurance to claim some relief through your insurer. Overall, the outage highlights the importance of implementing robust risk management strategies and carefully reviewing contracts with IT service providers.

If you have further questions about claims against CrowdStrike, our experienced litigation lawyers can assist as part of our LegalVision membership. You will have unlimited access to lawyers to answer your questions and draft and review your documents for a low monthly fee. Call us today on 1800 485 742 or visit our membership page.

Frequently Asked Questions

I want to sue CrowdStrike for cutting off my business operations. Is this possible?

As CrowdStrike is from the United States, it would be more difficult for you as an Australian business to make a claim against them based on Australian law. If you have Business Continuity Insurance, you may consider seeking relief via insurance instead.

How can I protect my business from future incidents like the CrowdStrike crash?

An essential part of limiting negative impacts in IT outages is reviewing your agreement with the service provider. Ensure there are contractual ways for you to hold them accountable for failing to reach the service level commitment they agreed to. Furthermore, ensure you implement comprehensive IT risk management policies in your business.

Register for our free webinars

ACCC Merger Reforms: Key Takeaways for Executives and Legal Counsel

Online
Understand how the ACCC’s merger reforms impact your legal strategy. Register for our free webinar.
Register Now

Ask an Employment Lawyer: Contracts, Performance and Navigating Dismissals

Online
Ask an employment lawyer your contract, performance and dismissal questions in our free webinar. Register today.
Register Now

Stop Chasing Unpaid Invoices: Payment Terms That Actually Work

Online
Stop chasing late payments with stronger terms and protections. Register for our free webinar.
Register Now

Managing Psychosocial Risks: Employer and Legal Counsel Responsibilities

Online
Protect your business by managing workplace psychosocial risks. Register for our free webinar.
Register Now
See more webinars >
Rebecca Wood

Rebecca Wood

Practice Group Leader | View profile

Rebecca is the Practice Group Leader of LegalVision’s Disputes and Litigation team. With an exceptional professional background, including tenure at numerous prestigious international law firms, Rebecca brings an unrivalled level of expertise and insight to her role.

Qualifications: Bachelor of Laws, Graduate Diploma of Legal Practice, University of Wollongong.

Read all articles by Rebecca

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards