When the infamous CrowdStrike software update crippled companies around the world in July, lawsuits inevitably followed — and they did. Delta, which is suing the airline for up to $500 million in damages and hiring law firm David Boies, is perhaps the most high-profile example.

Boyce has a long list of high-profile clients, including Theranos, Harvey Weinstein, victims of Jeffrey Epstein, and Al Gore in the Bush v. Gore case surrounding the outcome of the 2000 presidential election. He also led the government's antitrust case against Microsoft in the 1990s.

Even before Delta came forward, shareholders were looking for compensation, filing a class-action lawsuit against CrowdStrike, alleging the company misled them about its software update procedures.

CrowdStrike hired the law firm Quinn Emanuel Urquhart & Sullivan to defend the company against anticipated legal action, raising the prospect that lawyers would make a fortune from the mistake.

To a lesser extent, Microsoft is also involved in the battle, as the problematic CrowdStrike software update only affected Windows machines.

Rob Wilkins is a co-chair of the Complex Litigation and Dispute Resolution practice group at Jones & Foster in Florida. What could save CrowdStrike, though, was a contractual limitation on damages, which is typically found in enterprise software contracts.

However, Delta Air Lines alleged that CrowdStrike's software update error constituted gross negligence or willful misconduct, which may lead to the invalidation of the contract cap. Delta's service was disrupted for five days, while United faced only three days of CloudStrike-related delays. CrowdStrike said there was also an issue with Delta's internal systems, and the airline couldn't blame the entire outage on CrowdStrike's faulty update.

Wilkins said Delta may have difficulty proving gross negligence or willful misconduct because that would require a high burden of proof. Shareholders allege that the company misled and deceived them by failing to warn them about the lack of a software testing regime, and proving this in court also faces huge challenges.

"The question is, did CrowdStrike knowingly misrepresent or fail to tell investors that all security procedures and controls for its software platform were fully up to date?" Wilkins said. Whatever happens, the various companies suing CrowdStrike will likely join together to file a class action lawsuit against the company, since individual lawsuits would be costly and inconvenient for everyone. It's worth noting, he said, that once a class action lawsuit emerges, it often attracts more companies to join.

"Typically, in class action lawsuits, people pile their lawsuits together, and I wouldn't be surprised if that was the case, and then you see all the cases consolidated together by multidistrict litigation groups that assign all cases across the country to a specific federal district court for all discovery-related purposes -- which greatly reduces the complexity of the litigation process," he said.

A "vane" trial follows the jury's verdict, using one case as a test case for all other plaintiffs in the class action, which serves as a roadmap for other settlements moving forward regardless of the jury's verdict.

Another complicating factor is the role of insurance companies, which in these cases will provide coverage for losses that CrowdStrike and its customers may suffer. The customer's insurance company may also seek part of the compensation from CrowdStrike.

"There may be insurance out there and they may have the underwriter come in and typically they will defend these things. Although I haven't seen their specific policy, in the cybersecurity policies that I've reviewed, that type of negligence is covered. So it depends on their policy and what the exclusions are in the policy, but I think insurance is part of it."

In addition to the money issue, there is also the reputation issue, and the sooner this is resolved, the sooner CrowdStrike can move forward. The company has hired excellent attorneys to defend itself, but ultimately, the company must reach a settlement with its shareholders and customers, which is key to the success of any business.

"It seems to me that their approach to this is going to be one of resistance but also recognition that they do need to resolve this and move on, so that's what I would expect."

Related articles:

CrowdStrike senior executive to testify to Congress on July global IT meltdown