Morgan Stanley analysts have provided insight into CrowdStrike Holdings Inc.'s (NASDAQ:CRWD) legal exposure following a significant technology outage. Delta Airlines was one of the main companies impacted.
According to a recent expert call hosted by the firm, the potential legal liability for CrowdStrike appears to be limited.
Morgan Stanley notes that Delta Airlines is seeking at least $500 million in damages from CrowdStrike and Microsoft due to the global outage on July 19, 2024.
However, legal experts consulted by the investment bank indicated that CrowdStrike’s liability in this case is likely capped by the terms of its contract with Delta.
Morgan Stanley explains that the company's contract includes a "limitation of liability" clause, which restricts potential damages to a single-digit million amount and excludes indirect or consequential damages.
This clause, combined with industry-standard practices in software updates, is said to limit CrowdStrike’s exposure unless gross negligence or misconduct can be proven.
Morgan Stanley flags the liability protection clause in CrowdStrike’s terms of service agreements, which states: "CrowdStrike’s total liability for any claim arising out of or related to the agreement will be limited to the amount paid by the customer for the specific product or service giving rise to the claim during the 12-month period immediately preceding the event causing the claim."
Furthermore, Morgan Stanley says CrowdStrike has been proactive in its response, aiming to resolve the issue collaboratively with Delta. The financial impact on CrowdStrike is expected to be manageable, potentially involving service credits or contract concessions rather than significant legal payouts.
While the regulatory implications remain uncertain, particularly regarding Microsoft's kernel access policies, CrowdStrike's immediate legal risks appear contained. Investors are advised to monitor ongoing developments, especially any regulatory changes that could affect future product updates and innovations.