As you know, the recent CrowdStrike defective software update caused massive and, in some cases, systemic failures to computers and networks of CrowdStrike’s customers running certain Microsoft operating systems. If your company was affected by the CrowdStrike server-related outages, you will certainly want to review this new Cooley Alert, SEC Reporting Implications for Publicly Traded Companies Impacted by CrowdStrike Defective Software Update from our Cyber/Data/Privacy and our Public Companies Groups.
As the Alert indicates, there are a number of SEC reporting implications for public companies arising out of the outages, particularly in light of the SEC’s new cybersecurity disclosure rules. According to the Alert, at the moment, questions remain as to whether the CrowdStrike outages and their effect on company systems could constitute “cybersecurity incidents”—a term that is very broadly defined—for purposes of Item 1.05 of Current Report on Form 8-K. The Alert discusses these and other potential reporting considerations and various responsive actions companies should consider in the wake of the CrowdStrike update. Be sure to check it out.