CrowdStrike Holdings, a key player in the cybersecurity realm, is projected to encounter 'minimal' overall liability risks following the global technology outage that occurred on July 19. Despite this reassured stance, concerns regarding the implications for new business remain a focal point, as noted by Wedbush Securities in their latest analysis released on Monday. The global outage was traced back to an update deployed by CrowdStrike for their Falcon sensors on Microsoft Windows systems.
This incident notably affected multiple sectors, including banking, healthcare, and aviation, with Delta Air Lines being one of the most prominently impacted entities. In pursuit of potential damages stemming from the outage, Delta has reportedly engaged noted attorney David Boies, adding a layer of complexity to the situation, as highlighted in Wedbush's insights. Ed Bastian, the Chief Executive Officer of Delta Air, conveyed on CNBC's 'Squawk Box' that the outage inflicted a staggering cost of $500 million on the airline.
In light of this financial hit, Delta has escalated the situation by signaling potential legal claims against CrowdStrike, detailed in a letter dated July 29 as shared by CrowdStrike's legal representative, Michael Carlinsky. He articulated in a recent correspondence to Boies that CrowdStrike 'strongly rejects' allegations of negligence concerning the incident, emphasizing that support was extended to Delta within hours after the outage was detected. Carlinsky further stated that Delta's public threat of litigation has fostered a misleading narrative, implying that CrowdStrike bears responsibility for Delta's IT decisions and responses during the outage.
The firm maintains that its liability, as per contractual obligations, is capped at an amount in the single-digit millions range, a contention supported by their legal correspondence. Furthermore, analysts from Wedbush have projected estimated losses for U.S. Fortune 500 companies affected by the outage to fall between $5 billion and $6 billion.
Building on this estimation, they suggest that the overall losses could potentially reach the $7 billion to $8 billion mark. Notably, CrowdStrike's liability risk, particularly regarding Delta, is foreseen to be around $200 million, considerably lower than anticipated. On the stock market front, CrowdStrike shares experienced a modest upswing of 1.9% on Monday, although the company has seen a decline of 13% in value since the beginning of the year.
Carlinsky expressed that while facing litigation would be an unfortunate situation, the company is prepared to respond assertively to safeguard the interests of its shareholders, employees, and stakeholders should the need arise. In a statement addressing the incident, a CrowdStrike spokesperson conveyed regret and apologies to all affected customers, highlighting that public speculation about potential meritless lawsuits against the firm, especially from a long-term partner like Delta, detracts from constructive resolutions.
The spokesperson emphasized a desire for Delta to engage cooperatively towards finding an amicable solution. In light of this unfolding situation, Delta's representatives have directed inquiries to Bastian's previous comments on CNBC regarding the financial implications of the outage. Wedbush analysts have pointed out that CrowdStrike's user contracts include favorable provisions for the company, which encompass liability limitations and a prohibition on claims for revenue losses.
Given that the outage was neither deliberate nor malicious, the analysts concluded that the risk of substantial liability or damages to CrowdStrike resulting from this incident remains minimal. Nonetheless, concerns linger regarding the potential impact on new business prospects. The analysts indicate that the incident could weaken CrowdStrike's negotiating leverage, posing risks to upsell and cross-sell opportunities.
Furthermore, adverse effects could surface during contract renewals, potentially leading to arrangements that are less favorable for CrowdStrike or resulting in discontented customers opting for competing firms. Despite these risks, a significant customer churn is deemed 'highly unlikely', due to a scarcity of competitors in the cybersecurity landscape and the high transition costs that customers would incur should they decide to switch providers..