CrowdStrike Holdings, Inc. (NASDAQ:CRWD) just caused a massive outage for customers. Ironically, the outage was probably a bigger impact on customers than an actual cybersecurity breach the enterprise software is designed to prevent. My investment thesis remains ultra-Bearish on the stock due to the extreme valuation and signs the outage could impact customer retainment in the year ahead.
Source: Finviz
Large Outage
Early Friday morning, CrowdStrike’s cybersecurity platform Falcon Sensor triggered a major global outage for many Microsoft cloud services. The outage interrupted services at banks, airlines and other industries with the airlines most visibly impacting ending up canceling a whopping 5,094 flights on Friday according to FlightAware.
The CEO made a media tour pointing out how the cyber outage wasn’t a cyberattack, but most customers would’ve probably preferred an attack that stole information, not an outage that shutdown business for hours and days. The airline industry was impacted across the globe, from the U.K. to India to Australia, with Delta Air Lines (DAL) having to cancel over 600 flights on Saturday alone.
The big question is the long-term impact on customers and whether CrowdStrike loses customers in the process. The cybersecurity company serves 60% of the Fortune 500 companies.
Elon Musk posted on Twitter that CrowdStrike was deleted from all of their systems. Considering Musk runs Tesla (TSLA), SpaceX and Twitter/X, the combined business lost over this massive outage could be massive.
Source: Twitter/X
Other companies won’t be so quick to make changes lacking alternatives. Not to mention, a cybersecurity platform isn’t easy to switch, leading to competitor Palo Alto Networks (PANW) recently offering free service and discounts for a period to customers switching to their platform due to the timing issues.
Google, owned by Alphabet (GOOG, GOOGL), is supposedly looking to buy Wiz to aggressively enter the cloud cybersecurity platform space. Wiz has hit a $350 million ARR, making the firm competitive with CrowdStrike and helping obtain a $12 billion valuation ahead of a potential $23 billion deal with Google.
Source: CNBC
The CrowdStrike outage could encourage Wiz to remain independent to capture the opportunity made available by the damage. According to CNBC, Wiz is growing at 3x the rate of cloud security leader Palo Alto Networks and the outage could easily let Wiz leapfrog CrowdStrike, making the firm a lot more attractive in the future considering the latter had an $84 billion market cap before the outage. The stock topped a $100 billion valuation when CrowdStrike recently hit nearly $400 per share.
So while CrowdStrike might not lose a lot of customers, one has to wonder if the company struggles to gain new customers and expand existing relationships. The cybersecurity company is focused on building a platform of services from cloud security to endpoint security to data protection, and this outage might encourage a return to best of breed solutions or consolidation onto one platform.
The company has promoted the plans for cloud security to lead the growth rates in the future, with 200% ARR growth in the last year to reach the $425 million run rate. Along with identity security and logscale next-gen SIEM, CrowdStrike has a group of security products with massive growth likely benefiting from a market shift towards a centralized platform.
Source: CrowdStrike FQ4’24 presentation
The whole cybersecurity push into leading platforms may reverse with a focus on best of breed products. The industry will clearly look to avoid a single point of failure that took down global computer systems, and one has to wonder if this doesn’t reduce the influence of CrowdStrike in the cybersecurity world.
Priced For Perfection
The stock entered the disastrous outage trading at a massive 22x FY25 sales targets of $4 billion. CrowdStrike was priced for perfection, and this outage delivered anything but perfection.
The stock valuation was already excessive, even if CrowdStrike maintained 30%+ growth for the next 5 years. The company now faces the risk of growth rates slowing, with the business facing the following impact of having 5 percentage points shaved off the forecasted growth rates as follows:
- FY25: 31.0% growth dips to 26.0%, $4.0 billion sales target dips to $3.86 billion
- FY26: 26.5% growth dips to 21.5%, $5.06 billion sales estimate dips to $4.69 billion
- FY27: 25.8% growth dips to 20.8%, $6.36 billion sales estimate dips to $5.67 billion
- FY28: assume 25.0% growth dips to 20.0% growth, $7.95 billion sales estimate dips to $6.8 billion.
CrowdStrike ends FY28 with $6.8 billion in annual revenues, down $1.15 billion from current estimates. The cybersecurity company doesn’t have to lose a lot of existing customers to feel the impact of growth rates slowing as corporate executives pause any decisions to deploy CrowdStrike products.
The stock still has a market cap of $76 billion following the 11% dip on Friday. At the end of FY28, CrowdStrike would logically trade at a max of 10x sales targets suggesting providing no upside for 4 years with the max value at $68 billion in FY28.
Naturally, CrowdStrike could face an even bigger customer hit. Boeing (BA) had multiple deadly crashes for the 737 Max, originally assumed as pilot errors, and now the leading commercial airplane manufacturer still hasn’t recovered nearly 5 years later. Ironically, the stock traded around $400 even after the second crash and now trades down 50% at $180.
Software companies can quickly recover, if the company successfully gets customers back up in business and doesn’t run into further problems. Though, SolarWinds (SWI) never really recovered from their cyberattack, leading to an immediate massive reduction in sales estimates back in 2021.
Takeaway
The key investor takeaway is that investors should be wary of a ripple effect. The outage did far too much damage for the status quo to remain in place.
The best possible outcome is for CrowdStrike to only lose out on some future deals for new customers and expansion deals. The stock is already priced for reduced growth of 500 basis points over the next 4 years.
The worse possible outcome is that growth stalls, with existing customers transferring to different cybersecurity platforms. The stock will have considerable downside in such a scenario.
Read the full article here