CrowdStrike failure

Experts advise customers to review contracts

A faulty update had paralyzed 8.5 million computers worldwide.

(Bild: APA/AFP/Money SHARMA)

Following the global IT outages on Friday, experts are advising affected companies that are direct CrowdStrike customers to check their contracts with the US cybersecurity company. 

Although it is to be expected that US companies have extensive disclaimers in their contracts, whether these are valid must be examined on a case-by-case basis, said lawyer Michael Pilz. "If they don't have a valid disclaimer, the ladies and gentlemen of CrowdStrike will have to dress warmly."

These disclaimers are also partially justified in the case of IT security companies, as an anti-malware product can never offer complete protection. Furthermore, it is impossible to know what malware will be capable of in six months' time, explains Pilz from the law firm Haider/Obereder/Pilz.

Californian law
According to Philipp Zumbo from the law firm Taylor Wessing, CrowdStrike's general terms and conditions not only contain extensive disclaimers, but also the agreement that Californian law applies and that Californian courts have exclusive jurisdiction. According to Taylor Wessing in a press release, whether this has been effectively agreed must be examined separately in each individual case.

Examine claims for compensation
If affected companies have another EU company as a contractual partner that uses the CrowdStrike software (e.g. as a plug-in) for its own security software, claims for compensation should primarily be examined against this company.