CrowdStrike Holdings, Inc - Investment Research Report

Disclaimer: The contents of this report are not to be construed as investment advice. Historical performances are not a guarantee of future performance. The view of this author is his own and does not reflect the view of any current or past employer.

For those who hadn’t heard of the name CrowdStrike, last July 19th’s events will surely have made them aware of the company’s large presence in everyday IT infrastructures. On that day, CrowdStrike issued a faulty update which caused a massive global outage affecting millions of Windows computers. This disruption caused billions in financial damage which included grounding thousands of flights, delaying emergency services, etc,. The company issued a fix within hours but the damage was already done. By August 2nd, CrowdStrike’s stock price had dropped 37%, leaving investors perplexed: is this a “buy-the-dip” scenario, or will the stock never recover?

In this research, we will look at many aspects of the stock (financial, governance, competitive, macroeconomic) and discuss the future. Especially as CRWD’s earnings release happens this month (28th of August).

1. Brief overview of CrowdStrike’s product:

In the last decade, CrowdStrike (CRWD) has gone from a disruptor to a dominant force in the cybersecurity market. Its innovative cloud-native protection solutions are revolutionizing how organizations defend themselves against sophisticated cyber threats. This is becoming even more important in the backdrop of heightened geopolitical conflicts and tensions, increasing the number and resources of hostile hacker groups.

CRWD’s revenue mainly comes from two sources: Subscription and Professional services.

• Subscriptions (95% of FY24 Revenue): CrowdStrike’s flagship product is its Falcon Platform. This platform of around 27 cloud modules is accessible via SaaS (Software as a service) subscription-based model. These range from cloud security, security and vulnerability management, IT operation management, identity protection, threat intelligence services, AI automation, etc. The Graph technology allows for in-detail analytics and ability to show threat, intelligence and asset interactions in visual form in various degrees of complexity or simplicity.

• Professional Services (5% of FY24 Revenue): Services including incident response, proactive services, forensic and malware analysis etc. Sold separately from subscriptions and usually available through hourly rate and fixed-fee contracts.

CrowdStrike advertises its Falcon platform as a “one-stop-shop” to attract clients usually accustomed to buy different products from smaller competitors. The SaaS subscription model ensures short-to-mid-term income influx stability from recurring revenues.

2. Did the issue uncover a much larger problem which is likely to linger and plague the company for years? 

Looking at similar events causing a sharp stock sell-off in the past decade. Boeing comes to mind. In 2018, two separate incidents of Boeing 737 Max crashing caused massive grounding of the 737 Max fleet. At that point, shares had dropped following the discovery that pilots were not fully instructed on sensors updates. Investors were wondering if this was just a one-time error in judgment. Ultimately the stock never reached the level pre-crash as the company faced many other manufacturing and quality issues since; and questions of governance and dubious cost-saving practices arose. This is what happens when further reveals show that the public “mishap” was in fact just the tip of the iceberg.

This kind of issue, whether for Boeing, CrowdStrike, Chipotle, or any other large international firm, is a test to the efficacy of the company’s internal controls, quality controls, and management skills. When CrowdStrike issued an update to its Falcon Sensor on the morning of July 19th, which caused global outages, it rushed to find a solution and by 8 p.m. that same day, around 99% of all Windows systems sensors were back online (according to the Company). Another noteworthy point is that CrowdStrike prevented massive security breaches during that time. The next few months will truly test the company’s internal controls: only time will tell whether the subsequent actions taken will ensure that this doesn’t happen again.

3. The Falcon Platform, despite the July 19 disaster, remains a comprehensive and capable product that is hard to replace:

CrowdStrike showed its ambition to stay at the cutting edge of technology by making the Falcon Platform entirely cloud-based. This eliminates the need for hardware purchases. Allowing for easier and faster configuration of an entire organization’s systems and reduced maintenance costs. Furthermore, CrowdStrike is now using AI to continuously feed its system with information on new threats. AI models are constantly trained and improved from the constant feed of threat and breach data from every customer, meaning that the product continuously improves. 

CrowdStrike's extensive client base, ranging from individual users to large government IT departments, provides it with a unique advantage. This diverse exposure allows the company to continuously refine its AI-powered feedback loop by encountering a wide spectrum of threats, from individual hackers to sophisticated criminal organizations. This versatility has made CrowdStrike a trusted partner for many governments and defense ministries. Due to the sensitive nature of the information CrowdStrike handles, governments may be hesitant to switch cybersecurity providers to avoid potential risks of data leaks.

On the other hand, one main weakness of the Falcon Platform is its over-reliance on AWS Cloud, which puts its system at risk of outages should AWS have an issue. Secondly, July’s events highlighted to major businesses the risk of over-relying on a single cybersecurity system. Businesses could look to diversify. However this process is likely to take years as contracts need to run down and system equivalencies, risk assessments and trainings need to be achieved.

4. CrowdStrike remains a financially healthy company with above average growth and below average costs:

As mentioned before, one strength of the Falcon’s SaaS subscription model ensures short-to-mid-term income influx stability from recurring revenues. This allows the board to plan cost allocations years ahead, which is very important for CapEx and R&D.

When compared to CorwdStrike’s competitors, the amount of growth over the last 3 fiscal years really sets the company apart.
We can see that no company gets close to CrowdStrike’s revenue growth and we believe that the “cloud-based one-stop-shop” nature of the Falcon product is one of the reasons driving so many customers to the company.

Since FY18, CRWD has considerably reduced its cost with the target of turning its EBITDA positive. The company finally succeeded in FY24 through massive cost cuts, particularly Sales, General and Administrative costs, which went from 85% to 40% of revenue in the last 5 years. Cost of Revenue nearly halved in these 5 years, which is explained by the phasing out of hardware solutions and the cheaper costs of cloud hosting. Finally, the reduction of R&D suggests a shift from an early disruptor to a well-established company in the industry. It remains to be seen what the extent of the research on AI integration will translate to in terms of R&D costs.

Overall, looking at this company by itself, the resilience of its cost cutting practices is clear. Which, while taking some time, eventually led to the company’s first positive annual EBITDA in recent years.

When comparing these same cost metrics against CrowdStrike’s competitors, we can get a better idea of the cost structure.
CrowdStrike’s closest competitor in both product and size is Palo Alto Networks (PANW) but there are other companies of various sizes which have sizeable market share. In terms of Cost of Sales/Revenue, CRWD ranks in the bottom half below PANW which signals a more resilient cost base. Similarly, in terms of SG&A costs, CRWD is in the bottom third, below PANW, ATEN, RPD and CYBR. On the other hand, in terms of Research and Development, CRWD ranks 2nd which signals more efforts to develop its product and gain market share. It is important to note, however, the limits of SG&A costs reductions for CrowdStrike. Due to their policy of only hiring US Citizens, there is a limit to how much the company can reduce salary-wise.

Finally, when looking at debt levels in order to assess future debt repayments. CrowdStrike’s Debt-to-Equity ratio is 34% and is close to the industry average.

5. Potential, Risks, and Catalysts:

5.1 Potential:

Demand forecasting: US demand for Cybersecurity software is expected to keep increasing, especially as geopolitical tensions between the US (and allies) and Russia, Iran, China, North Korea, and non-affiliated groups rise. The main driver of demand however is likely to come from emerging countries, which will see their number of companies grow along with their economy. The MENA (Middle-East and North Africa) in particular is heavily investing in network capability and data centers and will likely look for strengthening their IT defense. Other high growth countries in Africa and Asia are set to drive demand upwards such as Indonesia, Nigeria and India. This is due to a large workforce gap of cybersecurity agents (4 million gap for Nigeria according to Deloitte), leading the countries businesses to outsorce cybersecurity to companies like CrowdStrike. Nigeria have seen an uptick in cyberattacks, in particular Nigeria.

AI powered XDR : CrowdStrike released to the public its Extended Detection and Response system (XDR) which is a “unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components”. XDR enables security teams to quickly hunt and eliminate security threats across multiple domains. The company is now looking to harness the potential of AI and incorporate it into XDR.

5.2 Risks:

Short-Term risks: Short term risks include the risk of massive litigation following the July incident. We’ve already seen Delta Airlines publicly threaten to pursue legal action against both CrowdStrike and Microsoft to recoup the $500 millions it claims to have lost due to the outages. More companies could follow suit.

Crowdstrike’s two fighting horses in this situation are:

• A strong and sturdy horse by the name of Microsoft Corporation, which is big enough to “scare” most companies out there.

• A limited liability clause in its contracts which in theory shields it from any loss (beyond the contract’s value) incurred due to unforeseen software failures. Questioning the “preventability from better quality control practices” is key to the determination in court of the “unforeseen”-ness of this failure.

Long-term risks:

• Tendency to diversify: Following the July incident which caused billions of dollars of losses, it is possible that consumers and businesses alike will likely opt to diversify their cybersecurity options so as not to be completely impaired should a similar incident repeat itself. This could advantage smaller companies which offer more specific products at a lower price.

• Overreliance on AWS Cloud: This overreliance could bring additional risks of outages as a cloud issue coming from Amazon will effectively shut down a large part of the Falcon system since it is cloud-based. While computer systems will be able to function normally, softwares would not be able to be updated and will not able to consult CRWD’s large online library of recorded threats.

5.3 Catalysts:

• Ability of CrowdStrike to match the speed of AI evolution, and equally match the cybercriminal’s use of AI.

• More geopolitical confrontations which will increase the need for top class security against hackers with large resources.

• Increase in ransomware attacks in Africa and other emerging markets.

6. 25Q2 Earnings Preview:

CrowdStrike will report its quarterly earnings on August 28th. Analysts are expecting CEO George Kurtz to give his expectations about potential litigations, legal costs as well as updates about the steps taken to avoid another July 19 disaster.

Analysts expect earnings per share (EPS) of $0.97 on $958 million in revenue for the quarter ending July 31, according to Yahoo Finance. Some loss in sales is expected as some contracts may have been cancelled and CRWD might update its full year guidance.

We expect that, for the reasons listed earlier in the report, Companies likely are to stick with the Falcon platform as few other options are as comprehensive, and because a switch is lengthy and costly. For this reason it is possible that CRWD will, for the fifth Quarter in a row, beat EPS Estimates. The near-future still looks uncertain though as new legal fees will likely drive profitability down.

Disclaimer: The contents of this report are not to be construed as investment advice. Historical performances are not a guarantee of future performance. The view of this author is his own and does not reflect the view of any current or past employer.

All financial numbers either found directly in financial documents available on the CrowdStrike’s Investor Relations website (10-K, 10-Q, supplementary information, etc.), or on https://stockanalysis.com/