CrowdStrike just became a household name in the worst possible way.
CrowdStrike‘s (CRWD -11.10%) stock price plunged 11% on Friday, July 19, after an update to its cloud-based cybersecurity platform sparked a global IT outage across banks, airports, hospitals, retailers, other businesses, and government agencies. ATMs stopped working, flights were delayed, and crucial healthcare services went offline.
CrowdStrike CEO George Kurtz said the incident was caused by a “defect found in a single content update for Windows hosts” and that a fix had already “been deployed.” Microsoft (MSFT -0.74%), which was initially blamed for the outage because it only occurred on Windows systems, said it was working with CrowdStrike to resolve those issues.
CrowdStrike certainly made a massive mistake and the market’s reaction is understandable. But others are wondering if this news-driven pullback represents a good buying opportunity. Are they right?
Why did CrowdStrike’s outage cause so much damage?
In the past, most cybersecurity companies installed on-site appliances to run their services. But that hardware was expensive, sucked up power, took up a lot of space, and required constant maintenance.
CrowdStrike addressed those issues with Falcon, a cloud-native endpoint security platform that didn’t require any on-site appliances. As a cloud-based platform, Falcon was easier to install, scale, and update than appliance-based platforms. It also enabled CrowdStrike to lock clients into sticky recurring subscriptions and cross-sell more cloud-based modules to grow its revenue per customer.
Those strengths have enabled CrowdStrike to grow like a weed since its initial public offering (IPO) in 2019. From fiscal 2019 to fiscal 2024 (which ended this January), its revenue rose at a compound annual growth rate (CAGR) of 65%, from $250 million to $3.06 billion.
CrowdStrike now serves 298 of the Fortune 500 companies and 538 of the Fortune 1000 companies. However, that widespread adoption explains why CrowdStrike’s flawed update caused so much damage in such a short time.
How fast was CrowdStrike growing?
Over the past year, as macro headwinds forced many companies to rein in their spending, CrowdStrike’s growth in both ending annual recurring revenue (ARR) and total revenue decelerated. But its net new ARR growth rose by double-digit percentages year over year again over the past three quarters — which meant it was still gaining new customers in a challenging market.
Metric |
Q1 2024 |
Q2 2024 |
Q3 2024 |
Q4 2024 |
Q1 2025 |
---|---|---|---|---|---|
Ending ARR growth (YOY) |
42% |
37% |
35% |
34% |
33% |
Net new ARR growth (YOY) |
(8%) |
(10%) |
13% |
27% |
22% |
Revenue growth (YOY) |
42% |
37% |
35% |
33% |
33% |
CrowdStrike attributed that robust growth to its market-share gains, new government contracts, and the rollout of more generative artificial intelligence (AI) features for Falcon. By the end of the first quarter of fiscal 2025, 44% of its customers had adopted at least six of its modules, up from 43% in the fourth quarter and 40% a year earlier.
During the first-quarter conference call, Kurtz notably took a jab at Palo Alto Networks‘ (PANW 2.16%) new platformization strategy (which is currently driven by free trials and deferred revenue deals) — saying “when a platform delivers real value, you don’t have to give it away.” Unfortunately, CrowdStrike’s recent software blunder might just drive some companies to try out Palo Alto’s more diversified mix of on-site and cloud-based services instead.
At the time, CrowdStrike expected its revenue to grow 30%-31% in fiscal 2025. It also planned to continue its five-quarter streak of profitability based on generally accepted accounting principles (GAAP). But given those estimates (which will likely be reduced) and its current enterprise value of $67.5 billion, it still looks expensive at 17 times this year’s sales.
Will this outage impact CrowdStrike’s long-term growth?
The big question now is how much this fiasco will throttle CrowdStrike’s long-term growth. Bulls will argue that the company’s leadership of the cloud-native cybersecurity space, its sticky cloud-based ecosystem, and the high costs of switching to another platform will prevent it from losing too many customers in the aftermath of the IT outage.
However, Kurtz admitted it would take “some time” before the problem update was rolled back and all of the affected systems were fully restored. CrowdStrike could also be hit by plenty of lawsuits after this debacle, and Tesla‘s CEO Elon Musk said his company had already “deleted CrowdStrike” from all of its systems.
The incident also made CrowdStrike, which hadn’t been widely recognized outside of tech and business circles, a household name in the worst possible way. Warren Buffett once said it “takes 20 years to build a reputation and five minutes to ruin it” — and the damage to CrowdStrike’s brand could certainly erode its defenses against its eager competitors.
Microsoft has been quietly expanding its own cloud-based cybersecurity platform over the past few years, with big investments and acquisitions. This embarrassing incident could drive Microsoft to accelerate the development of those internal services, in order to curb its dependence on CrowdStrike and other third-party cybersecurity platforms.
So is CrowdStrike’s pullback a buying opportunity?
I own shares of CrowdStrike, but I think it would need to pull back even further before it’s considered a bargain. It’s still up more than 90% over the past 12 months and isn’t cheap — and we can’t yet gauge the long-term impact of this disastrous outage.
Leo Sun has positions in CrowdStrike and Palo Alto Networks. The Motley Fool has positions in and recommends CrowdStrike, Microsoft, Palo Alto Networks, and Tesla. The Motley Fool has a disclosure policy.
Add Comment