Some Legal Perspectives on the CrowdStrike Outage

In July 2024 a routine configuration update made by anti-malware vendor CrowdStrike to its Falcon Sensor platform contained a bug that caused catastrophic failures to the Windows machines running it, resulting in worldwide outages at airlines, banks, and hospitals. Preliminary estimates of damages exceeding $5 billion have been publicized, with that figure likely to go much higher. This outage raises some important legal questions, perhaps the most important of which is: Who’s liable? The answers may surprise you. In this session, a panel of cybersecurity attorneys will conduct a deep dive into this event and explain who is (and isn’t) liable and for how much. They will also explain how liability for software functions in the U.S. as well as globally, and what InfoSec professionals should know when negotiating software licensing agreements. Takeaways include: · An understanding of the legal regime for determining liability for software bugs and failures · A guide for determining when a software outage becomes a reportable breach · A strategy for minimizing legal harm to your organization when software fails