Law firms navigate Microsoft outage and emphasise need for tech resilience

Profession appears relatively unscathed as flawed software update causes global chaos

Shutterstock

Law firms appear to have emerged relatively unscathed in the wake of today’s global outage of Microsoft systems which has prompted lawyers and professional bodies to underline the importance of tech resilience.

Consumers and businesses across the globe have been affected by a faulty patch to the Falcon virus scanner operated by IT security firm CrowdStrike, which led to computer-users across multiple businesses and institutions experiencing the so-called ‘blue Screen of death’.

Law firms this title spoke to said CrowdStrike-related disruption was limited to temporary disruption in the US late yesterday and indirect impacts on suppliers and, in some cases, website functionality problems. 

Barristers reported no difficulties with sets of chambers and the Bar Council confirming that the courts and tribunals were operating as usual. 

Property lawyers in the UK, however, reported some delays in completions owing to problems with the Bank of England’s payment transfer systems, which were affected by the global issue. 

The Bank of England said: “We are mindful of the impact this is likely to have and are working closely with a third-party supplier, industry and other authorities to resolve the issue as promptly as possible.” 

A Law Society of England and Wales spokesperson said: “A limited number of our staff, who are not member-facing, were affected by the IT outage, but this has now been largely resolved. 

“We are aware of some members who have been impacted. Should we receive requests for support, we will consider what support we can offer them, as individual firms will have their own business continuity policies and contingency plans.

“The IT outage serves as a reminder for our members to have business continuity plans in place to protect against future problems and to mitigate the impact.”

While the barristers this title spoke to reported no difficulties, Law.com, which was itself impacted by the outage, going offline in the early hours of the morning, reported that the New York State Unified Court System had been impacted, with employees arriving at work “to find their desktop systems were inaccessible” although the situation was improving. 

Alex Brown, head of digital business at Simmons & Simmons, said the incident had underscored the importance of digital resilience. 

“As we rely more on digital infrastructure, ensuring robust and resilient systems is becoming paramount for companies and society,” he commented on LinkedIn. “This event will likely draw increased regulatory and government attention to safeguarding our digital operations.”

He added the outage would lead to a complex and significant remediation operation, with potential claims for wasted costs and financial impacts on businesses. 

Mark Jones, a partner at Payne Hicks Beach, said the outage had taken place just as the UK government had announced plans to improve cybersecurity.

Microsoft said the outage was caused by “an update from a third-party software platform”, later confirmed as CrowdStrike. US broadcaster NBC reported that CrowdStrike CEO George Kurtz said the company was aware of the issue and had resolved it, but systems would take time to recover.

“We’re deeply sorry for the impact that we’ve caused to customers, travellers and anyone affected by this, including our companies,” said Kurtz. 

At CrowdStrike, US-based Cathleen Anderson acts as the chief legal adviser while James Elliot is the lead adviser for EMEA. The company has expanded rapidly in recent years, partnering with alternative legal services provider Factor to assist it with transactional legal work. 

It has previously instructed White & Case through lead partner Tali Sealman to assist with higher-level transactions, including 2023’s acquisition of IT security company Bionic and a March 2024 deal involving data security provider flow. 

According to CrowdStrike’s website, the Falcon platform tracks real-time cyberattacks, including automated protection and remediation and the observability of vulnerabilities, offering it as part of security software systems from laptops to checkout payment terminals and handheld payment systems.

Email your news and story ideas to: [email protected]

Top