Please ensure Javascript is enabled for purposes of website accessibility

People

Big things are happening at Ogier. Change is embedded in everything we do. It is redefining our talent, our ways of working, our platforms of delivery, our culture.

Expertise

Services

We have the expertise to handle the most demanding transactions. Our commercial understanding and experience of working with leading financial institutions, professional advisers and regulatory bodies means we add real value to clients’ businesses.

View all services

Employment law

Intellectual Property

Listing services

Restructuring and Insolvency

Business Services Team

Executive Team

German Desk

Accounting and Financial Reporting Services - Ogier Global

Cayman Islands AML/CFT training - Ogier Global

Corporate Services - Ogier Global

Debt Capital Markets - Ogier Global

Governance Services - Ogier Global

Investor Services - Ogier Global

Ogier Connect - Ogier Global

Private Wealth Services - Ogier Global

Real Estate Services - Ogier Global

Regulatory and Compliance Services - Ogier Global

Ogier Global

Consulting

View all Consulting

Sustainable Investment Consulting

LexTech - Technology Consultants

Business Services Team

View all Business Services Team

Sectors

Our sector approach relies on smart collaboration between teams who have a deep understanding of related businesses and industry dynamics. The specific combination of our highly informed experts helps our clients to see around corners.

View all sectors

Aviation and Marine

BVI Law in Europe and Asia

Energy and Natural Resources

Family Office

Foreign direct investment (FDI)

Funds Hub

Private Equity

Real Estate

Restructuring and Insolvency

Sustainable Investing and ESG

Technology and Web3

Trusts Advisory Group

Locations

Ogier provides practical advice on BVI, Cayman Islands, Guernsey, Irish, Jersey and Luxembourg law through our global network of offices across the Asian, Caribbean and European timezones. Ogier is the only firm to advise on this unique combination of laws.

News and insights

Keep up to date with industry insights, analysis and reviews. Find out about the work of our expert teams and subscribe to receive our newsletters straight to your inbox.

Fresh thinking, sharper opinion.

About us

We get straight to the point, managing complexity to get to the essentials. Our global network of offices covers every time zone. 

No Content Set
Exception:
Website.Models.ViewModels.Components.General.Banners.BannerComponentVm

Perspective on the CrowdStrike outage: an update on the class action lawsuit

Insight

13 August 2024

Ireland, Jersey, Guernsey

2 min read

In our recent article, we analysed the CrowdStrike outage from the perspective of potential insurance claims that could be made by businesses affected by the outage. This week, news outlets began reporting on the US cyber security firm being sued by its investors. The class action lawsuit filed in Austin, Texas, alleges that false and misleading statements were made to investors regarding the efficacy of the software platform.

Read the details of the class action lawsuit.

Material misrepresentations

The basis of the complaint, led by pension fund Plymouth County Retirement Association, is that CrowdStrike misrepresented to investors the adequacy of its Falcon software. The update to this software caused "substantial legal liability and massive reputational damages" to CrowdStrike, the lawsuit alleges. Crowdstrike's share price fell by 32% in the 12 days following the incident.

The complaint places blame on CEO George Kurtz for comments made in March 2024 that the software was "validated, tested and certified".The investors claim that this statement was false and misleading in circumstances where CrowdStrike had deficient controls in place to update its software and where such deficiency created a "substantial risk" that a major IT outage could occur.

The ultimate financial and reputational harm suffered has led its investors to seek compensatory damages arising from CrowdStrike's wrongdoing. A CrowdStrike spokesperson has stated that the company will "vigorously defend" the case. 

Insurance claims

In a recent article, we analysed the CrowdStrike outage from the perspective of potential insurance claims that could be made by businesses affected by the outage. The investor lawsuit may pique the interest of CrowdStrike users, who similarly feel that they are entitled to compensation for losses suffered as a result of the IT disruption. Many companies may, however, have likely signed up to CrowdStrike's standard terms and conditions, which limits liability to fees paid by the user.

Further proceedings

Larger companies with bespoke agreements with CrowdStrike, which do not limit liability in such a comprehensive manner, may be considering proceedings. With CrowdStrike now being pursued by its own investors, organisations around the world are likely to take notice.

US airline Delta Air Lines has already threatened litigation against CrowdStrike and Microsoft, claiming that the outage cost the company $500 million.This figure represents both lost revenue and compensation awarded to passengers affected by flight cancellations and delays.

CrowdStrike responded strongly to the threat, labelling it a "meritless" claim which creates a "misleading narrative". They have also insisted that any liability is contractually capped "at an amount in the single-digit millions” which, if true, gives some insight into the terms and conditions in place between CrowdStrike and its larger corporate users. Microsoft has claimed publicly that Delta's ageing systems caused the airline to recover slower than its airline rivals. 

Conclusion

There is much to consider for insurers and users of CrowdStrike software following the global IT outage. Insurers should examine their policy wording to assess potential exposure to events of this nature. Meanwhile, the lawsuit filed by investors could stimulate businesses to bring proceedings of their own, as threatened by Delta. The merits of such proceedings will depend on the merits of each case but a significant factor will be what liability cap was agreed with CrowdStrike.

For more information about cyber matters, contact a member of our team via their contact details below. 

About Ogier

Ogier is a professional services firm with the knowledge and expertise to handle the most demanding and complex transactions and provide expert, efficient and cost-effective services to all our clients. We regularly win awards for the quality of our client service, our work and our people.

Disclaimer

This client briefing has been prepared for clients and professional associates of Ogier. The information and expressions of opinion which it contains are not intended to be a comprehensive study or to provide legal advice and should not be treated as a substitute for specific advice concerning individual situations.

Regulatory information can be found under Legal Notice

No Content Set
Exception:
Website.Models.ViewModels.Blocks.SiteBlocks.CookiePolicySiteBlockVm