Expert Analysis in Crowdstrike Financial Damages Litigation
Renowned Worldwide Banking and Financial Expert Witness Don Coker examines some nuances of the imminent CrowdStrike litigation following the July 19, 2024, update in its Falcon system that resulted in a worldwide Microsoft Windows and computer system cyber disruption.
Mr. Coker has been engaged 760 times by 125 banks, FDIC, IRS, Federal Reserve, 89 of the country’s 400 largest law firms, and hundreds of others; and has testified as an expert 196 times. He is widely published and quoted in the media.
CrowdStrike reportedly admits that its update caused the cyber problems.
This article discusses two huge overarching issue areas that have to be settled through either negotiation or litigation, and which are classified generally as: (1) Causation and Foreseeability, and (2) Damages Amounts, and Who Pays.
Disclaimer: Don Coker is an Expert Witness and is not a lawyer or accountant, and does not offer legal, accounting or tax advice.
Mr. Coker has been engaged 760 times by 125 banks, FDIC, IRS, Federal Reserve, 89 of the country’s 400 largest law firms, and hundreds of others; and has testified as an expert 196 times. He is widely published and quoted in the media.
CrowdStrike reportedly admits that its update caused the cyber problems.
This article discusses two huge overarching issue areas that have to be settled through either negotiation or litigation, and which are classified generally as: (1) Causation and Foreseeability, and (2) Damages Amounts, and Who Pays.
Disclaimer: Don Coker is an Expert Witness and is not a lawyer or accountant, and does not offer legal, accounting or tax advice.
Causation and Foreseeability
We are early in the process of analyzing this situation, and I will update this article periodically as new information becomes available.
Based upon what is known so far, many questions have arisen that, in turn, raise additional questions. For example:
1. What testing did CrowdStrike perform that would detect the problem before the update was released? Wouldn’t the potential damage that could result from the system-wide release of a faulty update easily be foreseeable?
2. Did CrowdStrike warn its customers that the update might cause problems, and to do their own testing before going live with it? If not, why not?
3. Did MicroSoft do any testing of the update to see what effect it might have on its Windows operating system? Wouldn’t the same foreseeability issue mentioned for CrowdStrike also apply to MicroSoft? Had MicroSoft tested the update before releasing it, the problem possibly could have been discovered and corrected before it went live on their customers’ systems.
4. It is reported that when CrowdStrike became aware of the problem and retracted the faulty update, it did not immediately cure the problem for all users. Why? Shouldn’t an update be structured so that it could be recalled without shutting down a business?
5. Why aren’t updates structured so that they easily can be recalled after release if a problem is detected?
Certainly, there will be many more questions that arise in the coming weeks and months.
Damages Amounts and Who Pays
1. The huge numbers and diversity of CrowdStrike’s customers dictate that there will be significant Commonality and Typicality Factors in their damages claims.
2. There may be some Commonality and Typicality Factors that apply to many if not all customers. One example might be that public companies probably will file an 8-K current report, and that legal expense might be similar for most companies.
3. Some customers, as well as CrowdStrike itself, may have insurance coverage where they can file claims for Business Interruption.
4. CrowdStrike itself may also have some insurance coverage through an Errors and Omissions policy.
5. As for damages reimbursement sought by CrowdStrike’s customers, those damages will vary greatly depending on the individual circumstances. Some will be more clear than others and can simply be totaled up by comparing what would have occurred but for the faulty update event, and what actually happened after the event. The difference between the two (possibly including an adjustment for present value) is the damages.
6. A further confusing factor is that it is almost a certainty that fraudulent parties will try to horn in on this process and impersonate CrowdStrike or other parties that might be involved in the remediation process and seek confidential corporate or personal financial and identification information from victims of the cyber event.
An ironic side-note to this unfortunate situation is that companies in China and Russia are insulated against damage from the CrowdStrike situation since our government prohibits companies in those countries from buying American computer software products.
This article will be updated as new information comes to light.
© 2024 by Don Coker.
By Don Coker
Expert Website: https://www.hgexperts.com/expert-witness/don-coker-42801
Call (770) 852-2286
ABOUT THE AUTHOR: Don CokerExpert Website: https://www.hgexperts.com/expert-witness/don-coker-42801
Call (770) 852-2286
760 cases, 196 testimonies, plaintiffs & defendants. All areas of banking, mortgage banking, finance, real estate, investments, trusts, estates, business, IP, insurance, damages, embezzlement, funds and wire transfers, SWIFT.
Listed in expert databases recommended by DRI, AAJ members.
Clients: individuals, 89 of the country's top 400 law firms, 125 banks, 70 insurance cos., 90+ trusts & estates, government clients incl. IRS, FDIC, Federal Reserve, Agency for Int'l Development, United Nations, World Bank, Int'l Monetary Fund, Int'l Accounting Standards Board, Centers for Disease Control and Prevention, et al. Clients in 46 countries, work in 69 countries.
Previous officer at Citicorp and other banks now JPMorgan Chase, Bank of America, Regions, BBVA & two years as a high-level governmental bank regulator.
Copyright Don Coker
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.For specific technical or legal advice on the information provided and related topics, please contact the author.