Global IT Outages: Legal and Compliance Strategies for Business Resilience

ADDRESSING AND OVERCOMING ACUTE TECHNOLOGY BUSINESS DISRUPTIONS

Global IT outages—such as the July 2024 CrowdStrike incident—underscore the dependence of global operations on interconnected cybersecurity and technology systems. These events reveal systemic vulnerabilities across industries and supply chains, from financial services to healthcare and critical infrastructure.

While the overall number of outages has remained relatively stable at many facilities, the severity, sophistication, and impact of those outages have escalated—and IT-driven failures now make up a growing share of disruptive incidents. Morgan Lewis has mobilized a global, cross-disciplinary team to help clients enhance preparedness, ensure compliance, and manage response and recovery.

The Evolving IT Outage Landscape

Recent data underscores the growing speed, sophistication, and scope of technology disruptions affecting global enterprises. Key developments from the CrowdStrike Global Threat Report 2025 include:

Faster intrusions: Adversaries now move laterally within networks in as few as 48 minutes, with the fastest taking only 51 seconds—emphasizing the need for real-time detection and containment.
Surge in social engineering: Vishing and other social engineering attacks skyrocketed by 442% in 2024, making human factors the top entry point for attackers.
Malware-free attacks: A striking 79% of cyberattack detections involved no malware at all, relying instead on credential abuse and identity-based intrusions.
AI-enabled threats: Generative AI tools now amplify phishing and impersonation attacks, producing messages with far higher success rates than human-crafted attempts.
Cloud and SaaS vulnerabilities: Cloud intrusions rose 26% year over year, with compromised SSO credentials becoming a leading cause of service disruption.

Additionally, more than half of organizations reported that their most recent major outage cost over $100,000, and about one in five said costs exceeded $1 million, according to Uptime Institute’s Annual Outage Analysis 2025.

HOW WE CAN HELP

Our team stands ready to guide clients through the full spectrum of current and future issues including:

Crisis Management and Business Continuity

Compliance with data protection regulations, potential liability issues, and communications management presents complex legal problems for companies in the wake of the global outage. Our firm helps with rapid response, development of communication strategies, and resolving regulatory and litigation concerns, to better mitigate long-term effects, ensure effective recovery, and minimize disruptions. Learn more about our Crisis Management services.

Insurance Recovery for Technology and Cyber-Related Losses

Insurance recovery challenges, particularly coverage disputes and claims for business interruption and cyber-related losses, can be complex and extraordinarily burdensome on companies. Our firm assists with complex insurance claims, dispute resolution, and policy assets recovery to mitigate financial impacts. Learn more about our Insurance Recovery services.

Technology Transactions, Outsourcing & Commercial Contracts

Enforcement and interpretation of technology service agreements and business continuity provisions are key contract-related challenges facing companies in the aftermath of the global outage. Our firm helps renegotiate or enforce technology and outsourcing contracts to ensure compliance and mitigate risks associated with unprecedented disruptions. Learn more about our Technology Transactions, Outsourcing & Commercial Contracts services.

Cyber Incident Response and Preparedness

Ensuring compliance with evolving privacy laws and managing potential data breaches effectively are among the most critical cyber incident response and preparedness challenges companies face. Our compliance management, proactive policy development, and litigation support for data breaches help protect sensitive information and assist companies in responding to cyber incidents. Our team offers a focused tabletop program designed to help clients address emerging risks flowing from these modern cyber threats. Tailored to your environment, the program enables your team to anticipate and manage the legal, business, communications, and reputational risks before, during, and after a cyber incident. Learn more about our Cybersecurity, Incident Response & Privacy services.

Corporate Ethics & Compliance in Crisis Conditions

Assessing contractual obligations and regulatory compliance is critical in the immediate moments during and after crisis conditions. Our team helps tailor compliance programs to meet the unique challenges posed by business disruptions ensuring that strategies and frameworks are robust enough to manage legal, compliance, and reputational risks effectively and align with global regulatory standards. Learn more about our Corporate Ethics & Compliance services.

Information Governance

Effective information governance strengthens business resiliency during a disruption by providing clear visibility into data assets for faster, better informed operational and compliance decisions. Our team helps companies design policies, processes, and controls to manage data assets across the information governance lifecycle and provides incident response support through targeted data mining and review. Learn more about our eData services.

Class Actions & Group Litigation Related to Technology Disruptions

Data breaches, service interruptions, and contractual failures may spark or fuel mass litigation issues for companies. Our team offers strategic defense in multi-party actions and guiding companies through complex, cross-border litigations that may arise from disruptive global events. Learn more about our Global Class & Group Actions services.

CONTACT US

Discover how we mobilize our global network to navigate clients through their most complex and unexpected issues. Contact Shannon Prown to get in touch with a member of our team.

STAY UP TO DATE

For the latest on evolving developments around global IT outages and their impact, subscribe to our Global IT Outages mailing list.

blog post

Key Takeaways from the CrowdStrike Global Threat Report 2025

08/15/2025 - Key Takeaways from the CrowdStrike Global Threat Report 2025, Tech & Sourcing @ Morgan Lewis
Published in August 2025, the CrowdStrike Global Threat Report 2025 provides a detailed overview of the evolving cyber threat landscape, drawing on data from millions of endpoints and cloud workloads worldwide.
11/08/2024 - CrowdStrike IT Disruption: UK FCA Publishes Lessons Learnt, Tech & Sourcing @ Morgan Lewis
The UK Financial Conduct Authority (FCA) on October 31, 2024 published observations and key lessons from how firms responded to the CrowdStrike IT outage. The outage caused disruption across several industries globally, and the FCA highlights for UK financial services the importance of ensuring operational resilience in order to minimize the potential impact of future events on consumers and markets.
08/23/2024 - Global IT Disruption Highlights Third-Party Risk Management Resiliency Considerations
In the weeks following a defective software update that disrupted several industries globally, including financial services, aviation, retail, and emergency services, remediation efforts remain ongoing while organizations look to their supply chains to identify vulnerabilities and possible mitigants for future disruptions. The incident provided a stark warning of the criticality of businesses’ resilience, including “operational resiliency,” which extends to an organization’s ability to identify and prevent disruptive events, and not just how it responds to and recovers from them.