The Billion Dollar Cost of Bad Contract Management

The world is still reeling from the recent CrowdStrike outage, which brought entire industries around the world, from airlines to healthcare, to a grinding halt on July 19, 2024. Unlike previous headline-making cyber-events, this wasn’t an attack. It was merely a glitch in what should have been a routine software update the vendor automatically rolled out to customers worldwide. 

Far from routine, this update resulted in the installation of buggy code on an estimated 8.5 million Windows computers across the world. Global corporations like banks and airlines found their most vital computer systems stuck on the dreaded “blue screen of death” and unable to continue with their basic operations. 

While some systems were able to be recovered within the first few hours and days, full recovery will take much longer. This is because the fix requires manually deleting the glitchy file, which often means engineers have to access the physical computer. 

As the recovery continues, it’s prompting conversations about everything from the worldwide reliance on a single type of computer or a single cybersecurity product to the wisdom of mass auto-updates to whether it’s wise to have everything stored in the cloud in such a way that a single point of failure can take down a company’s entire infrastructure. 

Who’s responsible for the costs?

Much of the conversation also focuses on the real costs of this event and who’s going to pay for it. Will CrowdStrike offer compensation to its impacted customers? Will the company’s errors and omissions policy come into play? Will affected business’s own cyber or business interruption insurance policies pay out? It’s too soon to say, however, experts are already mentioning the possibility that CrowdStrike itself may not be responsible for its customers’ huge financial losses because they’re likely to have contracts in place that protect them

If this turns out to be the case, CrowdStrike may have dodged a $1 billion bullet. This won’t help with things like its falling stock price or the reputational hit it’ll take, but legally, if the company had consistent customer contracts that indemnified it against damage caused by its own mistakes, it may not ever have to compensate customers for what the outage cost them. 

Rarely do we ever get a clearer example of the importance of contract management to a business. While many are dealing with the ramifications of the CrowdStrike outage, and may not feel any sympathy for the company, we can still point out and appreciate how vital the contents of their customer contracts will turn out to be. What’s inside CrowdStrike’s customer contracts will determine whether the company can move forward with repairing its damaged relationships and reputation, or if it will go into a financial tailspin because it is responsible for its customers’ losses. 

Key contract management questions 

We don’t know what’s inside CrowdStrike’s thousands of customer contracts, but hopefully its legal team does! 

For everyone else, this can be a cautionary tale and a wakeup call to get your contract house in order. Lots of companies struggle with years, if not decades, of contract chaos: a level of disorganization that leaves them open to risks they’re not even aware of, thanks to lacking visibility into their contracts’ terms. 

If you’re trying to assess your own company’s level of risk in the event your product or service leads to a customer’s financial loss, these are the most important questions you’ve got to answer.  

  1. Do you know where your contracts are? 

It sounds obvious, but many companies can’t answer this question. Contracts may be stored across a combination of individual employees’ computers, shared network drives, external hard drives, cloud-based storage like SharePoint, or even paper filing cabinets. Not only does a disorganized and inconsistent method of storing contracts mean you’re not getting the insights you could be from them; it’s legally and technologically risky to have such an assortment of contract storage locations. 

  1.  Do you know what’s in your contracts? 

Many companies have operated for years, decades, even centuries, and their contracts have understandably evolved over time. Even more companies have grown through mergers and acquisitions, inheriting agreements from other companies along the way. So, how is your company keeping track of what each contract says? Can you rest assured that each and every contract includes the most up-to-date terms that your company needs? If you’re not a thousand percent sure that you can see what’s in any of your contracts at any point in time, you could be open to a lot of risk you’re not even aware of. 

  1. Are your contracts standardized across all customers? 

It’s not good enough to know that some, or even most, of your contracts protect you from liability for a CrowdStrike-level incident. Even just a single contract that leaves you open to costly liability can be enough to sink your financial ship in a worst case scenario. One of the most common contract management worst-practices is having contract terms that are all over the place, bespoke for each customer relationship – and to have no visibility into where these discrepancies lie. 

  1. Does every contract meet your company’s best-practices? 

Your organization should have standards, best practices, or a “playbook” so to speak, governing what’s allowed to be in your contracts and what’s not. Whether we’re talking about something as seemingly small as termination notice periods or as consequential as indemnification, the ability to find and fix any contracts that don’t adhere to the terms they should is vital. Poor contract management can leave your company with contracts that open you up to risks that should never have been allowed, without you even knowing it. 

  1. Is every contract compliant with the laws and regulations that govern your business? 

You certainly don’t want to wake up one day surprised to find out that many of your contracts have terms that aren’t legally enforceable because they violate industry regulations. Or, on the other hand, that your contracts omit terms that are legally required by your industry. Having a firm grasp on what’s in your company’s contracts and how they comply with any necessary laws is a huge part of de-risking your business. 

How Pramata customers answer these questions effortlessly

Getting a handle on the answers to all of these questions, and many others, may seem like a herculean effort. It doesn’t have to be; and for companies using Pramata, it’s not. Our customers never have to wonder where their contracts exist, what’s inside them, if they’re compliant, or which ones they need to renegotiate. With Pramata, our customers have access to what’s in their contracts (both vendor and customer, both new and existing) when they need it.

In light of the CrowdStrike outage, we thought it was timely and important to emphasize the need for all businesses to understand that their contract management practices can make or break what happens during and after a crisis. Whether you’re a vendor providing services, or engaging with others as a customer, it’s vital to have visibility into what your contracts say so you’re never left with surprise liability for an incident like this. 

Pramata allows companies to see and understand what’s in their contracts, identify areas leaving them open to risk, and fix those terms before they lead to problems. 

This allows them to: 

  • React and respond to such events by leveraging the accessibility of relevant information within their contracts
  • Swiftly review their contracts not only for SLA language and contract statuses but also to assess associated products, contractual obligations, and deadlines
  • Quickly examine force majeure clauses to gain a comprehensive understanding of their contractual obligations
  • Access insights into financial implications by analyzing payment schedules, penalties, and overall financial exposure outlined in their contracts. 
  • Grasp potential liabilities and financial impacts during incidents like the CrowdStrike event

Case in point: One of our customers recently highlighted their ability to quickly retrieve, analyze, and provide pertinent insights to stakeholders—a process significantly accelerated compared to traditional methods due to the consolidated visibility Pramata provides.

Conquer your contracts before there’s a crisis   

Contract management is an area that many businesses find difficult, scary and intimidating: But it doesn’t have to be. If any of these questions leave you wondering about the state of your contracts and whether they’d leave you protected, or hung out to dry, in a situation like a massive “oops” from a buggy line of code or an employee’s mistake or malicious act, it’s time to see how radically simple contract management and data reporting can be with Pramata.

Subscribe to Our Legal Impact Newsletter

Get exclusive event invites, peer best practices and the latest industry news right in your inbox!

More To Explore