Share

FIRSTonline Banner

IT blockade, after the global "down" legal troubles begin for Microsoft and CrowdStrike. Who will pay the damages?

The CrowdStrike cyber blackout exposed a critical flaw in our digital security system. Uncertainties about who will pay damages and the lack of clear regulation demonstrate the urgency of reforms in the IT sector

IT blockade, after the global "down" legal troubles begin for Microsoft and CrowdStrike. Who will pay the damages?

Il global chaos triggered byFaulty software update di CrowdStrike – undoubtedly the worst in history – has highlighted the fragility of our digital “nervous system”. Canceled flights, blocked media, hospitals, banks and financial centers in crisis: everything is due to one computer failure global caused by a bug in the CrowdStrike update, the security company that many large companies rely on, including Microsoft. Even if the problem was solved, the consequences could last for days, if not weeks. The crucial question now is: who will pay the damages?

Despite the gravity of the situation, the and to investors they seem relatively confident that CrowdStrike can save its reputation and, more importantly, avoid covering compensation costs. This optimism is partly reflected in the performance of the company's stock: CrowdStrike shares, which had seen a notable increase over the course of the year, showed a certain stability, with a limited decline of 11,1%. This suggests that investors believe the company, despite the disaster, can avoid a devastating impact on its balance sheets and compensation costs. But why is there this trust? And what are the prospects for the financial responsibility resulting from this IT blackout? Let's see why.

IT crash: who pays the costs?

The bill resulting from this blackout is enormous, with estimates speaking of tens of billions of dollars. Although software companies have a legal obligation to avoid harm to their customers, the legal reality is a far cry from actual liability. Historically, large multinationals they were not convicted for damage caused by errors of programming, partly due to the difficulty for victims to prove the specific cause of the harm and the high costs of a lawsuit. For this reason Codacons is evaluating the feasibility of one class action against the two companies involved (Microsoft and Crowdstrike), aimed at guaranteeing fair compensation for all Italian citizens who have suffered economic and moral damage due to the failure of the IT systems. But that's easier said than done.

First, establish the exact extent of the losses caused by the blackout shortly after the event it's complex e onerous. Additionally, although CrowdStrike is covered by insurance, the bill could immense be sufficient a cover up all the damage resulting from a prolonged interruption of services.

IT blackout: is it possible to get a refund for a canceled or delayed flight?

In aviation sector, the situation becomes further complicated due to regulatory differences between various countries. In Europe, the regulations on the rights of passengers they offer a certain protection, but airlines may argue that they are not obliged to pay compensation for events classified as “extraordinary circumstances”. In these cases, European laws may not oblige airlines to provide compensation or compensation for the inconvenience caused. In the United States, the situation is less favorable for passengers. Regulations on the protection of travellers' rights are more permissive and less detailed than European ones. American airlines often have more freedom to establish their own compensation policies, and many air transportation contracts explicitly limit their liability for delays or cancellations due to extraordinary events. As a result, even in the absence of a computer failure like the one that occurred, compensation options for passengers in the United States are generally more restrictive. This could leave passengers with few options, unless they have taken out travel insurance policies that cover interruptions. These policies, although they may offer protection, are not guaranteed and the coverage actual can vary widely according to the terms of the contract and circumstances specifics of the interruption.

We need IT regulation for accountability

The problem of liability is exacerbated by lack of regulation clear. Although the European Union has introduced piecemeal regulations, it has not comprehensively addressed the issue of responsibility in digital technologies. Without a specific insurance requirement for software producers or greater transparency on source codes, victims of technological errors could be left without adequate compensation. The need for concrete change in legislation and policy is clear, but for now the IT sector looks set to remain in a gray area where victims of technological errors have to deal with devastating consequences without adequate protection.

comments