-
Lawyers are seeking angry investors to take part in class action lawsuits
-
But CrowdStrike's customers may face a tougher time seeking compensation for losses
-
Analysts said ripple impacts could include revisions to vendor and enterprise security practices
Lawyers are gearing up to kick cloud cybersecurity company CrowdStrike (CRWD:NASDAQ) while it’s down, soliciting claims from investors angry about the impact last week’s outage had on their stock in the company. But customers may face a tougher road to recouping revenue lost during the blackout (or, should we say, "blue-out").
At least half a dozen law firms posted notices soliciting participants in class action securities lawsuits. These included New York City-based Pomerantz LLP and Bronstein, Gewirtz & Grossman, LLC, both of which are known for representing investor interests in court. Pomerantz, for instance, was recently named lead counsel in a case against Alphabet which alleges Google misled investors about the sustainability of its revenue trajectory.
As Dell’Oro Group Senior Research Director Mauricio Sanchez put it, enterprising law firms are “smelling blood” in the water. And the sharks are circling.
The firms did not immediately respond to a request for comment about what exactly they’re looking for in terms of claims. However, CrowdStrike’s stock has plunged more than 25% since news of the outage broke, falling from a share price of around $345 on July 18, 2024, at 8:00 PM ET, to approximately $270 Tuesday, July 23 in the morning.
Customers could be out of luck
While investors can look to law firms to make their case, CrowdStrike customers could have a tougher time securing compensation for damages incurred during the outage thanks to CrowdStrike’s terms and conditions.
These explicitly state “neither party shall be liable to the other party…for any lost profits, revenue, or savings, lost business opportunities, lost data, or special, incidental, consequential, or punitive damages, even if such party has been advised of the possibility of such damages or losses or such damages or losses were reasonably foreseeable.”
Sanchez said it’s not likely that CrowdStrike will have much to pay – in dollars, at least.
“While it will be a miserable summer for CrowdStrike lawyers, as they defend themselves from customers with torches and pitchforks, I don’t see CrowdStrike having to pay much, if any, compensation,” he said. “Between customer agreements that are biased in favor of CrowdStrike, and the precedence of SolarWinds and its CISO recently beating back the SEC’s lawsuit, I think Crowdstrike will live for another day.”
He added the bigger issue for CrowdStrike’s future is keeping existing customer — and closing new customers
“I can’t imagine being a Crowdstrike salesperson trying to close a new customer,” Sanchez said. “Crowdstrike has become a household name for all the wrong reasons. It’s going to take time to rebuild the lost trust.”
Supply chain ripples
According to an analysis by supply chain risk company Interos, the CrowdStrike outage impacted a whopping 674,620 direct enterprise customers of either Microsoft or CrowdStrike, with 41% of those in the U.S. and another 27% in Europe.
The indirect impact footprint was exponentially larger, reaching some 49 million customers. The outage took down entities across industries including banking, transportation, healthcare and government.
While many were surprised by the extent of CrowdStrike’s reach, they shouldn’t have been. Gartner data showed CrowdStrike was the second largest endpoint protection platform vendor – behind Microsoft itself – in 2023, with a 14.7% market share. That put it well ahead of the likes of Trelix (6.6%), Trend Micro (3.9%) and Sophos (3.7%).
Gartner Senior Director Analyst Jon Amato told Fierce that the impacts of the outage will extend beyond the immediate remediation efforts.
“I think the big thing is that we’re going to start to see a far greater emphasis on quality assurance – not just from the vendor side, but also in the form of enterprise buyers demanding quality assurance process documentation and even (perhaps) some form of paper trail to ensure that the QA process was complied with,” he told Fierce. “That, coupled with a ‘trust but verify’ approach to roll outs of not only new agent versions, but also security content.”
He concluded “Rolling out security versions in a staged manner has been somewhat commonplace in the industry for many years, but as it was a corrupted channel file (in essence, a signature file) that was the final trigger for this global outage, I think we’ll see staged rollouts of security content becoming commonplace as well.”