Who will pay out for global CrowdStrike outage?

A faulty software update from CrowdStrike, a cloud-based cybersecurity company, broke an estimated 8.5 million Microsoft PCs and servers on Friday, disrupting airlines, healthcare services, banks, media groups and businesses worldwide. “This is basically what we were all worried about with Y2K, except it’s actually happened this time,” said Troy Hunt, a security consultant. CrowdStrike said it had issued a fix for the defect, but the worst-affected systems – particularly US airlines – were still shuddering on Sunday. Inevitably, government cybersecurity agencies also warned of an increase in phishing activity, as malicious actors try to trick people recovering from the outage. The UK aviation authority told airlines that the IT chaos fell under “extraordinary circumstances”, which shields them from some compensation claims. But with some estimating final costs at over $1 billion, someone will have to pay up. Genuine question: at what point does a software firm become a utility?