CrowdStrike Outage Learnings – Contractual Implications and Enterprise Expectations | Blog
What are the consequences of the CrowdStrike outage, and how is it affecting licensing negotiations and other key enterprise concerns? Read on for an exploration of the evolving demands enterprises are making to protect themselves from similar future events, or get in touch if you’d like to speak to an analyst on this subject.
The CrowdStrike outage: What happened, and how it impacted the enterprises
In July 2024, a faulty update to CrowdStrike’s Falcon endpoint security software caused a global IT outage, impacting 8.5 million Windows devices with Blue Screen of Death (BSOD) errors and boot loops. Though less than 1% of Windows systems were affected, the disruption significantly impacted critical services, with Fortune 500 companies alone facing estimated losses of $5.4 billion.
Both CrowdStrike and Microsoft responded swiftly by rolling back the update and deploying teams for customer assistance. Microsoft engaged hundreds of engineers and worked with cloud providers such as AWS and Google Cloud to restore systems, while CrowdStrike provided immediate workarounds. This incident highlighted the inherent risks of software updates in interconnected environments and prompted many organizations to reassess their disaster recovery and incident response plans. The fallout has reinforced the need for more rigorous safeguards in managing system updates.
How have enterprise expectations and demands changed post-outage?
The outage has shifted the dynamics in CrowdStrike’s enterprise relationships, with organizations now pressing for more stringent terms in their contracts. Affected businesses, especially those in critical sectors such as finance and healthcare, are demanding stronger guarantees and more transparent SLAs (Service-Level Agreements) from CrowdStrike and other security vendors. These demands include:
- Performance Guarantees and Penalty Clauses: Enterprises are increasingly requiring financial penalties for service disruptions. These clauses tie vendor compensation directly to the extent of operational impact caused by an outage, providing more robust protection for enterprises.
- Greater Transparency and Accountability: Enterprises are insisting on clearer reporting mechanisms, with requirements for vendors to provide detailed logs and real-time insights into their systems’ status. This push for transparency allows businesses to better assess potential vulnerabilities and ensure quick remediation when issues arise.
- Stronger Backup and Disaster Recovery Provisions: In response to the scale of the July outage, enterprises are seeking enhanced disaster recovery protocols. This includes ensuring that updates are thoroughly tested, and backout strategies are in place should something go wrong. Vendors may be required to offer more robust failover systems, ensuring minimal downtime in case of future issues.
- More Customization in Contract Terms: The one-size-fits-all approach to security services is no longer sufficient for many enterprises. Businesses are now demanding tailored SLAs, where service commitments and penalties are aligned with the specific needs of the company. For example, highly regulated industries such as healthcare and finance are negotiating stricter SLAs with faster response and/or resolution times, along with higher penalties for non-compliance.
Contractual implications and licensing pricing: The expected changes
The July outage will likely lead to significant revisions in CrowdStrike’s contractual terms, specifically regarding licensing costs and service guarantees.
- Price Reductions and Incentives: To retain clients, CrowdStrike has already offered discounts and incentives post-outage. This strategy, though temporarily cushioning the immediate impact, could lead to long-term pressures on its pricing structure. CrowdStrike is extending a Special Benefit Program, including complimentary add-on services such as an 18-month Diamond Support package at no additional cost, for select enterprises. These benefits, offered in collaboration with its technology partners, are designed to enhance enterprise retention and ensure continued customer satisfaction.
- Stricter Liability Clauses and Indemnification Terms: Another major aspect of the fallout involves liability clauses within the contracts. Post-outage, many enterprises are scrutinizing the “limitation of liability” clauses in their agreements, seeking revisions that better protect them from revenue loss, brand damage, and operational disruptions. Businesses want CrowdStrike to assume greater responsibility for any future outages, particularly those affecting mission-critical systems.
- Enhanced Service Level Agreements (SLAs): Enterprises are now seeking more robust SLAs that prioritize incident response along with uptime guarantees, as the July outage highlighted the need for more than just availability assurances. Enterprises are demanding SLAs with explicit performance metrics, faster incident resolution, and clear reporting of service health. To mitigate risks of future service disruptions, businesses are pushing for defined timelines for response and recovery, ensuring faster and more transparent action during critical service outages.
Near-future changes from CrowdStrike: Our predictions
- Enhanced Testing and Certification of Updates: To restore confidence, CrowdStrike will likely invest more in the testing and certification of its updates. Enterprises will want reassurance that any future patches are thoroughly vetted, particularly those rolled out to critical infrastructure sectors.
- Expansion of Cybersecurity Insurance Requirements: With the potential for future outages to trigger massive business interruption claims, companies may push for more comprehensive cyber insurance coverage as part of their vendor agreements. CrowdStrike could see an increase in the number of enterprises mandating cyber insurance coverage as a prerequisite for engagement.
- Proactive Enterprise Communication and Real-Time Monitoring: Expect to see CrowdStrike rolling out more proactive monitoring and communication tools, allowing enterprises to track real-time status updates during any future incidents. This will enable enterprises to better assess their risk in real-time and take necessary precautions.
Conclusion: A significant shift in the vendor-customer dynamic
The July 2024 outage at CrowdStrike has been a wake-up call for both the company and its enterprises. For CrowdStrike, it underscored the need to enhance its operational resilience and communication with customers. For enterprises, it reinforced the importance of robust contract terms that protect their business interests in the event of a service failure. While some clients might explore alternatives, most are not immediately leaving CrowdStrike. Instead, they are demanding stronger Service Level Agreements (SLAs) with a focus on faster incident response, improved communication, and transparent service health reporting.
As a result, we expect contract negotiations to become more stringent, with customers demanding greater transparency, stringent SLAs, and real financial compensation in the event of future disruptions. This will reshape the cybersecurity industry, with greater emphasis on vendor accountability and operational resilience.
For questions about the consequences of the CrowdStrike incident for your business, contact Varnit Tyagi or Prahadeesh S. For insights into other contractual and enterprise impacts to expect in 2025, join our webinar Mapping the Next: Key Priorities for 2025.