CrowdStrike Holdings: Overvalued, Unprofitable Cybersecurity Company With Weaknesses Amid Multiple Headwinds

Summary

  • The aging bull market has produced a casino atmosphere where fundamentals and logic have been thrown out of the window and extreme valuations have become the norm.
  • At $50/share, CRWD trades at a wildly expensive multiple of 23 times EV/revenue, which puts it in the top echelon of cybersecurity software valuations.
  • Profitability (GAAP-based) within a certain time frame is unknown, based on the company's reports.
  • The recent sector deals, the peers' valuation, the weaknesses and multiple headwinds, the significant losses and the unknown path to profitability create an ugly combo.
  • Due to this ugly combo, we believe that CRWD should currently trade less than 5 times its annual revenue, which translates into less than $20 per share.
  • Looking for more stock ideas like this one? Get them exclusively at Value Investor's Stock Club. Get started today »

A booming stock market during a cheap money era has boosted valuations for a bunch of Silicon Valley companies, which largely reminds us of the dot-com bubble in 1999. The thing is that venture capitalists invest in hundreds of companies, so the few winners will make up for the most losers and will reward them handsomely. But traps have been laid for numerous investors who are unable to invest in many companies and mitigate their risk, so we advise them to get aware of the "Greater Fool Theory." And we say this because losing money hand-over-fist with no end in sight is not the new business model. A company has to generate profits or it will eventually go out of business. To us, high growth alone is not a basis for an investment thesis and investors must be mindful of what valuation they're getting involved at.

At $50 per share, CrowdStrike Holdings Inc. (NASDAQ:CRWD) is trading at an unheard of 23 times its revenue, so we believe that it's massively overvalued due to a bunch of reasons, as presented in the next paragraphs.

The Business And The IPO Price

CRWD develops security solutions. It offers the Falcon platform, a cloud-based security solution that protects workloads across on-premise, virtualized, and cloud-based environments running on various endpoints, such as laptops, desktops, servers, virtual machines, and IoT devices. On that front, CRWD sells subscriptions to its Falcon platform and cloud modules to organizations across multiple industries. The company also provides Threat Graph, a cloud-based graph database.

The IPO for this cybersecurity firm took place last June at $34 per share and the lockup period expires in December 2019. It's also worth noting that:

1) The IPO price of $34 per share was far above the high end of its $28-$30 range that already had been raised from the original $19-$23 range.

2) Last June, CRWD raised $200 million at $3 billion valuation and it went to public around $6.8 billion valuation, which means that private investors and VCs bought CRWD at around $15 per share. In other words, private investors and VCs currently have tremendous paper profits over 200%.

3) In May 2017, the firm hit a private valuation of more than $1 billion following a $100 million cash infusion led by Accel, a Silicon Valley venture capital firm, which means that these VCs bought CRWD at about $5 per share.

4) In our opinion, it's safe to assume that insiders already had bought CRWD lower than $5 per share given that they invested in it before May 2017.

Losses With No End In Sight

CRWD makes about 90% of the revenue from subscriptions while the remaining 10% are from professional services. But CRWD has been losing money in Q1 FY 2020, Q2 FY 2020 and Q3 FY 2020 while adjusted EBITDA for the first nine months of FY 2020 is negative at approximately ($13.6) million.

And CRWD will continue to lose money in Q4 FY 2020, despite the fact that its revenue will reach $468 million this fiscal year, based on the guidance below:

Q4 FY20

Guidance

Full Year FY20

Guidance

Total revenue

$135.9 – $138.6 million

$465.2 – $468.0 million

Non-GAAP loss from operations

$(21.6) – $(19.7) million

$(80.5) – $(78.6) million

Non-GAAP net loss

$(19.1) – $(17.2) million

$(77.7) – $(75.8) million

Non-GAAP net loss per share, basic and diluted

$(0.09) – $(0.08)

$(0.53) – $(0.52)

In other words, CRWD has been losing money despite the fact that it has scale and is not a small player in the cybersecurity industry. What do revenue need to be to turn a profit? Does CRWD need $1 billion annual revenue to break even?

In contrast, its peers with annual revenue at approximately $500 million or less are already profitable or very close to profitability, such as CyberArk Software (CYBR), Qualys Inc. (QLYS), Mimecast Limited (MIME), Ping Identity Holding (PING) and SailPoint Technologies Holdings (SAIL), to name some.

Additionally, CRWD reports increasing losses from operations despite rising revenue. Specifically, in the first nine months of FY 2020, revenue and losses from operations were $329.3 million and ($114.9) million, respectively, vs. revenue and losses from operations at $169.4 million and ($105.6) million, respectively, in the first nine months of 2018.

In other words, the higher the revenue, the bigger the losses, which is an indicator of a tenuous connection between the top line and the bottom line. Actually, this is an indicator of an inherently flawed business model, in our opinion. Since CRWD has not been able to successfully scale up its operations thus far, it has a lot of work to do in scaling sales while competition looms.

On that front, CRWD's CFO stated in the company's Q3 2020 earnings call that CrowdStrike expects to achieve non-GAAP operating income breakeven in the fourth quarter of fiscal year 2021. However, we have to point out here two key things. First, this is non-GAAP. Second, this estimate talks about "break-even" and "break-even" is different from profitability.

When it comes to growth, CRWD is seeing slowing YoY revenue growth, as shown below:

Q1 FY 2020

Q2 FY 2020

Q3 FY 2020

Q4 FY 2020 (*)

YoY revenue

growth

103%

94%

88%

77%

(*): Based on the guidance.

Top-line sequential growth is decelerating too, as shown below:

Q2 FY 2019

Q3 FY 2019

Q4 FY 2019

Q1 FY 2020

Q2 FY 2020

Q3 FY 2020

Q4 FY 2020

(*)

Sequential

revenue

growth

18%

20%

19%

22%

12%

16%

9%

(*): Based on the guidance.

To us, these are indications that the "low hanging fruit" has largely been picked. And we project that the next few quarters will be very challenging for the company from a growth standpoint. We believe that the deceleration will continue due to a bunch of reasons including the fact that competition keeps rising with more and more vendors providing comprehensive solutions.

Furthermore, it's noteworthy that CRWD's gross profit margin for the first nine months of FY 2020 is just 70%, which is nothing to cheer about. Actually, 70% is considered low given that the gross profit margin for the software companies is typically above 70% while exceeding 80% in some peers, as presented in detail in the next paragraphs.

Moreover, the operating expenses (sales and marketing, R&D, G&A) keep exceeding revenue for another year in a row. Specifically, in the first nine months of FY 2020, revenue and operating expenses reached $329.3 and $346 million, respectively.

Therefore, CRWD's operating expense ratio (OER) is 105% ($346 million / $329.3 million), which is obviously very high. As a friendly reminder, the operating expense ratio range is good to be between levels of 60%–80%, where the lower it is, the better. For comparative purposes, QLYS's, PING's and CYBR's OER this year are 55%, 66% and 72%, respectively.

That said, OER is considered a measurement of management efficiency. It shows how efficient a company's management is at keeping costs low while generating revenue, so it reveals whether management can expand operations and can scale production efficiently without dramatically increasing expenses. As a result, management is not good capital allocators, in our opinion.

And the thing is that the high operating expenses including G&A will continue being a big drag on profitability (GAAP-based) because they will keep rising in the foreseeable future, as quoted from the company's Q2 FY 2020 report (emphasis added):

Furthermore, we expect our general and administrative expenses to increase in dollar amount for the foreseeable future given the additional expenses for accounting, compliance, and investor relations as we become a public company."

and below (emphasis added):

We also expect our operating expenses to increase in the future as we continue to invest for our future growth, which will negatively affect our results of operations if our total revenue does not increase."

From a cash flow standpoint, CRWD kept overspending in the first nine months of FY 2020 because CapEx was $72 million while operating cash flow was $33.8 million.

And it must also be noted that this positive operating cash flow was the result of changes in non-cash working capital. Excluding changes in non-cash working capital, funds flow from operations were negative at ($11.9) million in the first nine months of FY 2020

The President/CEO's And CFO's Resumes

CRWD was founded in 2011 by two executives who left security software maker McAfee, including George Kurtz, the company’s President and CEO. During his career in McAfee, he was CTO, General Manager, and EVP.

According to his resume, Burt Podbere, CRWD's CFO, was Net Optics' CFO and Net Optics was acquired by Ixia in December 2013. When he was Net Optics' CFO, Net Optics had approximately $60 million annual revenue, as shown here. Also, he was OpenDNS' CFO. OpenDNS was another company that generated about $40 million in trailing bookings and was estimated to generate annual bookings almost $60 million for full-year 2015 when it was acquired by Cisco.

We give the CEO credit for growing the business and bringing it to the point where it's at today. We acknowledge that this is not an easy task. But Kurtz and Podbere have never held a CEO and CFO position, respectively, in a company that generates $500 million in annual revenue. Meanwhile, the cybersecurity business is an evolving industry with intense competition and CRWD has a very high operating expense ratio while also recording significant losses with no end in sight, based on its reports. Therefore, we doubt their experience and ability to successfully control the operating expenses of a company with $500 million in annual revenue while also managing its growth effectively and adequately address competitive challenges amid fierce competition.

Headwinds And Key Weaknesses

1) The Trump impeachment inquiry: Last September, CRWD found itself involved in the call between President Trump and Ukrainian President Zelensky. According to the released call transcript, Trump asked Zelensky to look into CRWD, which helped investigate the hack of the Democratic National Committee servers. Some investors likely assumed that this case would be shelved and the involvement of CRWD would never be investigated.

As shown here, Trump has previously suggested that the DNC should have turned over the email servers to the FBI instead of having CRWD investigate, implying that the lack of cooperation should cast doubt on findings that the Russians helped him win the election.

As linked above, CRWD has stated that:

With regards to our investigation of the DNC hack in 2016, we provided all forensic evidence and analysis to the FBI. As we’ve stated before, we stand by our findings and conclusions that have been fully supported by the US Intelligence community.

The Trump impeachment inquiry is ongoing, so we will know more about CRWD’s role in investigating the 2016 breach of the Democratic National Committee’s servers in the next months. And if there's something wrong with CRWD's role in this case, we believe that its stock will take a hit.

2) Claim of infringement of intellectual property rights against CRWD regarding its core product (Falcon): This litigation is ongoing and the outcome of the litigation could adversely impact the company's core product, as quoted below (emphasis added):

We are currently involved in proceedings before the Trademark Trial and Appeal Board, or TTAB, at the U.S. Patent and Trademark Office, or USPTO, regarding our U.S. trademark registrations for “CrowdStrike Falcon” and our U.S. application to register our “Falcon OverWatch” trademark. On November 23, 2016, Fair Isaac Corporation, or FICO, filed a Petition for Cancellation of our “CrowdStrike Falcon” trademark registrations and a Notice of Opposition against our “Falcon OverWatch” trademark application before the TTAB. On January 3, 2017, we filed answers to both the cancellation and opposition proceedings, and the proceedings thereafter were consolidated. On November 21, 2018, we filed a Petition for Partial Cancellation or Amendment of one of FICO’s “Falcon” trademark registrations, and on December 10, 2018, the parties filed a joint request to consolidate the proceedings and adjust the schedule. On January 16, 2019, FICO moved to dismiss our petition, and the TTAB thereafter suspended all proceedings pending its ruling on the motions. On July 2, 2019, the TTAB issued an order granting the request to consolidate the proceedings, and granting the motion to dismiss with leave to file an amended petition by July 22, 2019. The order also set a schedule with trial proceedings to close no earlier than 2021. We filed an Amended Petition for Cancellation or Amendment on July 22, 2019. On August 12, 2019, FICO moved to dismiss our Amended Petition for Cancellation. We are vigorously defending the case, but given the early stage, we are unable to predict the likelihood of success of Fair Isaac's claims. If we do not ultimately prevail in these proceedings and in any subsequent appeal or civil action, we could ultimately be required to change the names of our solutions, which may entail significant expense and adversely affect our brand recognition."

3) Losses and negative operating cash flow from day one with no end in sight: According to the company's report linked above (emphasis added):

Since our inception, we have generated operating losses, as reflected in our accumulated deficit of $573.6 million as of July 31, 2019, and negative cash flows from operations. We expect to continue to incur operating losses and generate negative cash flows from operations for the foreseeable future due to the investments we intend to continue to make in sales and marketing and research and development, and due to additional general and administrative costs we expect to incur as a public company. As a result, we may require additional capital resources to execute strategic initiatives to grow our business."

and below (emphasis added):

While we have experienced significant growth in revenue in recent periods, we cannot predict when or whether we will reach or maintain profitability."

4) Fierce competition that is getting fiercer: The landscape of cybersecurity solutions and services is strikingly saturated, so CRWD's profitability will not be an easy task in the next years. CRWD faces fierce competition and competitive pricing pressure, while new competitors are being added to the list and accelerate their move to the cloud every year. Specifically, Momentum Cyber, an advisory firm, estimates 300 cyber security startups launch every year. This is why CRWD notes that (emphasis not added):

We face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition, and results of operations: The market for security and IT operations solutions is intensely competitive, fragmented, and characterized by rapid changes in technology, customer requirements, industry standards, increasingly sophisticated attackers, and by frequent introductions of new or improved products to combat security threats. We expect to continue to face intense competition from current competitors, as well as from new entrants into the market. If we are unable to anticipate or react to these challenges, our competitive position could weaken, and we could experience a decline in revenue or reduced revenue growth, and loss of market share that would adversely affect our business, financial condition, and results of operations. Our competitors include the following by general category:

Legacy antivirus product providers, such as McAfee, Inc. and Symantec Corporation, which offer a broad range of approaches and solutions with traditional antivirus and signature-based protection;
Alternative endpoint security providers, such as BlackBerry Cylance and Carbon Black, Inc., which offer point products based on malware-only or application whitelisting techniques; and
Network security vendors, such as Palo Alto Networks, Inc. and FireEye, Inc., which are supplementing their core perimeter-based offerings with endpoint security solutions.

Many of these competitors have greater financial, technical, marketing, sales, and other resources, greater name recognition, longer operating histories, and a larger base of customers than we do. They may be able to devote greater resources to the development, promotion, and sale of services than we can, and they may offer lower pricing than we do. Further, they may have greater resources for research and development of new technologies, the provision of customer support, and the pursuit of acquisitions, or they may have other financial, technical, or other resource advantages. Our larger competitors have substantially broader and more diverse product and services offerings as well as routes to market, which may allow them to leverage their relationships based on other products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our platform, including our cloud modules. Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering or acquisitions by our competitors or continuing market consolidation. Some of our current or potential competitors have made or could make acquisitions of businesses or establish cooperative relationships that may allow them to offer more directly competitive and comprehensive solutions than were previously offered and adapt more quickly to new technologies and customer needs. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, increased net losses and loss of market share. Further, many competitors that specialize in providing protection from a single type of security threat may be able to deliver these targeted security products to the market quicker than we can or convince organizations that these limited products meet their needs. Even if there is significant demand for cloud-based security solutions like ours, if our competitors include functionality that is, or is perceived to be, equivalent to or better than ours in legacy products that are already generally accepted as necessary components of an organization’s IT security architecture, we may have difficulty increasing the market penetration of our platform. Furthermore, even if the functionality offered by other security and IT operations providers is different and more limited than the functionality of our platform, organizations may elect to accept such limited functionality in lieu of adding products from additional vendors like us. If we are unable to compete successfully, or if competing successfully requires us to take aggressive pricing or other actions, our business, financial condition, and results of operations would be adversely affected."

and below (emphasis added):

"Competitive pricing pressure may reduce our gross profits and adversely affect our financial results: If we are unable to maintain our pricing due to competitive pressures or other factors, our margins will be reduced and our gross profits, business, results of operations, and financial condition would be adversely affected. The subscription prices for our Falcon platform, cloud modules, and professional services may decline for a variety of reasons, including competitive pricing pressures, discounts, anticipation of the introduction of new solutions by our competitors, or promotional programs offered by us or our competitors. Competition continues to increase in the market segments in which we operate, and we expect competition to further increase in the future. Larger competitors with more diverse product and service offerings may reduce the price of products or subscriptions that compete with ours or may bundle them with other products and subscriptions."

5) No moat to competition: Some may argue that CRWD has a product that sets it apart from others in the cybersecurity industry. In our opinion, this is highly inaccurate. We believe that there’s no shortage of endpoint protection companies out there that could offer something similar to CRWD and CRWD does not have any competitive advantage. Its peers (i.e. Cylance, Sophos Group, Symantec, FireEye, Palo Alto Networks etc.) are highly regarded, established companies with products that have received significant distinctions from cybersecurity magazines and organizations, as shown here, here, here, here, here and here. For instance, Cylance is a market leader in this space with excellent reviews and an established user base that includes over 100 Fortune 500 clients and 3,500 enterprise clients.

On that front, CRWD admits that its Falcon product can't address all possible security threats, as quoted below (emphasis added):

If our solutions fail or are perceived to fail to detect or prevent incidents or have or are perceived to have defects, errors, or vulnerabilities, our brand and reputation would be harmed, which would adversely affect our business and results of operations: Organizations are increasingly subject to a wide variety of attacks on their networks, systems, and endpoints. No security solution, including our Falcon platform, can address all possible security threats or block all methods of penetrating a network or otherwise perpetrating a security incident.

6) One-year subscriptions: As noted previously, the vast majority (~90%) of the company's revenue come from subscriptions. But it must be noted that a substantial majority of them are for only one year, as quoted below (emphasis added):

A substantial majority of our customers purchase subscriptions with a term of one year. Our subscriptions are generally priced on a per-endpoint and per-module basis. We recognize revenue from our subscriptions ratably over the term of the subscription. We also generate revenue from our incident response and proactive professional services, which are generally priced on a time and materials basis. We view our professional services business primarily as an opportunity to cross-sell subscriptions to our Falcon platform and cloud modules."

In other words, there's no long-term commitment from the customers, which translates into lack of revenue predictability. And there's no question that the lack of revenue predictability is a key disadvantage for every business model, including of course the technology products. This lack of long-term commitment is largely the result of evolving customer preferences. In other words, CRWD's customers do not know and can't know in advance whether their needs can be met by CRWD's product after two years or later. CRWD's technology product can become outdated next year, which is actually the case with numerous technology products every year. In the corporate world, there are numerous cases with technology companies that failed to innovate and have not evolved with the market such as Nokia, Kodak, Commodore, Polaroid, Hitachi, Atari, Palm, The Sharper Image, TDK, Nortel, TiVo and Pebble, to name some. This is why CRWD admits that:

The market for security and IT operations solutions is intensely competitive, fragmented, and characterized by rapid changes in technology, customer requirements, industry standards, increasingly sophisticated attackers, and by frequent introductions of new or improved products to combat security threats. We expect to continue to face intense competition from current competitors, as well as from new entrants into the market. If we are unable to anticipate or react to these challenges, our competitive position could weaken, and we could experience a decline in revenue or reduced revenue growth, and loss of market share that would adversely affect our business, financial condition, and results of operations."

Obviously, this factor increases significantly the investment risk for the potential long-term investors and has not yet been priced into CRWD's frothy valuation.

7) The legacy products: Many SaaS companies talk about the total addressable market to impress and lure investors but CRWD admits that (emphasis added):

Adoption of Our Solutions. We believe our future success depends in large part on the growth in the market for cloud-based SaaS-delivered endpoint security solutions. Many organizations have not yet abandoned the on-premise legacy products in which they have invested substantial personnel and financial resources to design and maintain. As a result, it is difficult to predict customer adoption rates and demand for our cloud-based solutions."

8) The international expansion is highly uncertain: Some bulls may argue that CRWD has the potential to expand internationally given that it currently has limited international exposure and most of its revenue (74%) are coming from the U.S., as quoted below:

We derived approximately 13%, 16%, 23%, and 26% of our total revenue from our international customers for fiscal 2017, fiscal 2018, fiscal 2019, and the six months ended July 31, 2019, respectively. "

But we believe that the international expansion is not a slam dunk due to a bunch of reasons. And the company admits it saying that (emphasis added):

Personal privacy, data protection, information security, telecommunications regulations, and other laws applicable to specific categories of information are significant issues in the United States, Europe and in other jurisdictions where we offer our solutions. The data that we collect, analyze, and store is subject to a variety of laws and regulations, including regulation by various government agencies. The U.S. federal government, and various state and foreign governments, have adopted or proposed limitations on the collection, distribution, use, and storage of certain categories of information, such as personally identifiable information of individuals, health information, and other sector-specific types of data, including the Federal Trade Commission, the Electronic Communication Privacy Act, Computer Fraud and Abuse Act, HIPAA, and the Gramm Leach Bliley Act. Laws and regulations outside the United States, and particularly in Europe, often are more restrictive than those in the United States.

We also expect that there will continue to be new proposed laws, regulations, and industry standards concerning privacy, data protection, information security, specific categories of data, electronic, and telecommunications services in the United States, the European Union and other jurisdictions in which we operate or may operate, and we cannot yet determine the impact such future laws, regulations, standards, or perception of their requirements may have on our business. For example, the European Commission recently adopted the European General Data Protection Regulation, or GDPR, that became fully effective in May 2018, and applies to the processing (which includes the collection and use) of certain personal data. As compared to previously-effective data protection law in the European Union, the GDPR imposes additional obligations and risk upon our business and increases substantially the penalties to which we could be subject in the event of any non-compliance. Administrative fines under the GDPR can amount up to 20 million Euros or four percent of our worldwide annual revenue for the prior fiscal year, whichever is higher. We have incurred substantial expense in complying with the obligations imposed by the GDPR and we may be required to do so in the future, potentially making significant changes in our business operations, which may adversely affect our revenue and our business overall.

Accordingly, the challenges we face in the EU will likely also apply to other jurisdictions outside the EU that adopt laws similar in construction to the GDPR or regulatory frameworks of equivalent complexity. For example, on June 28, 2018, California adopted the California Consumer Privacy Act of 2018, or CCPA. The CCPA has been characterized as the first “GDPR-like” privacy statute to be enacted in the United States because it contains a number of provisions similar to certain provisions of the GDPR. "

On top of this, CRWD notes that (emphasis added):

Beyond broader data processing regulations affecting our business, the cybersecurity industry may face direct regulation. In 2018, Singapore introduced what is believed to be the world’s first cybersecurity licensing requirement, mandating that providers of specific types of incident response services receive a government license before providing such services. License requirements such as these may impose upon CrowdStrike significant organizational costs and high barriers of entry into new markets."

9) Limited operating history: CRWD is not an established player in the cybersecurity sector, which creates uncertainty about its future, as quoted below (emphasis not added):

Our limited operating history makes it difficult to evaluate our current business and future prospects, and may increase the risk of your investment: We were founded in November 2011 and launched our first endpoint security solution in 2013. Our limited operating history makes it difficult to evaluate our current business, future prospects, and other trends, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks, uncertainties, and difficulties frequently experienced by rapidly growing companies in evolving industries, including our ability to achieve broad market acceptance of cloud-based, SaaS-delivered endpoint security solutions and our Falcon platform, attract additional customers, grow partnerships, compete effectively, build and maintain effective compliance programs, and manage increasing expenses as we continue to invest in our business. If we do not address these risks, uncertainties, and difficulties successfully, our business, and results of operations will be harmed. Further, we have limited historical financial data, and we operate in a rapidly evolving market. As a result, any predictions about our future revenue and expenses may not be as accurate as they would be if we had a longer operating history or operated in a more predictable market."

This is why Dave DeWalt, FEYE's former CEO, said that:

We are in this situation where there are just too many vendors and too few can be sustained. You’re starting to see companies go, ‘oh my gosh, what do I do? Can I get more capital, do I have to merge?'"

That said, industry participants know very well that FEYE had a rip-roaring run from 2012 to 2015 and subsequently fell from grace (2016 to present), as also shown in its five-year chart. Why couldn't CRWD be next in this evolving industry?

10) Recession or global economic downturn: CRWD's business is not recession-proof, as quoted below:

For example, any future deterioration in general economic conditions may cause our customers to cut their overall security and IT operations spending, and such cuts may fall disproportionately on cloud-based security solutions like ours. Economic weakness, customer financial difficulties, and constrained spending on security and IT operations may result in decreased revenue and adversely affect our results of operations and financial conditions."

CRWD And The Peers

We consider the relative valuation analysis to be a very valuable tool for our due diligence because it presents the "big picture" in a sector. As such, we will present the key metrics for other cybersecurity software makers that are highly regarded, cloud-based companies with favorable exposure to next-generation security.

At approximately $50 per share, CRWD's enterprise value is approximately $10.5 billion, including its zero debt and $833 million cash and cash equivalents (Q3 FY 2020). That said, we will start with the revenue year-over-year growth, as shown below:

Companies

Revenue YoY Growth

(based on latest reports and guidance)

CRWD

94%

ZS

53%

PING

45%

TENB

32%

MIME

29%

CYBR

28%

PFPT

23%

FTNT

21%

CBLK

19%

PANW

18%

QLYS

15%

SAIL

15%

SPHHF

8%

FEYE

7%

VRNT

7%

CHKP

4%

NLOK

0%

However, CRWD is very close to the bottom of the list when it comes to the gross profit margin, as shown below:

Companies

Gross profit margin

(based on all the reports of the current FY)

CHKP

89%

CYBR

85%

NLOK

84%

TENB

84%

SPHHF

80%

ZS

80%

QLYS

79%

CBLK

78%

FTNT

78%

SAIL

78%

PING

77%

MIME

75%

PFPT

74%

PANW

72%

CRWD

70%

FEYE

65%

VRNT

64%

Additionally, unlike most of its publicly-traded peers, CRWD reports both losses and negative adjusted EBITDA in FY 2020, so it's again at the bottom of the list, as shown below:

Companies

Profits or positive adjusted EBITDA (based on latest reports and guidance)

ZS, QLYS, CYBR, CHKP, FTNT, PFPT, PING, NLOK, SAIL, MIME, PANW, FEYE, VRNT, SPHHF

Yes

TENB, CBLK, CRWD

No

Given also that CRWD reports negative adjusted EBITDA, the EV-to-adj. EBITDA ratio is meaningless. Therefore, we will present the EV-to-revenue ratio, where CRWD is at the top of the list with a huge difference from its peers, as shown below:

Companies

EV-to-Revenue

(based on latest reports and guidance)

CRWD

23

ZS

13.8

QLYS

9.3

CYBR

8.8

CBLK

acquired for 8.4

CHKP

8.1

FTNT

7.6

PFPT

7

PING

7

NLOK

7

SAIL

6.8

TENB

6.5

MIME

6.5

PANW

5.9

SPHHF

acquired for 5.2

FEYE

4

VRNT

2.8

Let's sum it up. Despite its strong YoY revenue growth, CRWD's gross profit margin is lower than its peers, as shown above. The low gross profit margin coupled with the extremely high operating expenses are two key factors that have prevented CRWD from attaining profitability thus far. And we believe that margin expansion is highly questionable in the next quarters due to the fierce competition that's getting fiercer every year, which makes profitability a very difficult goal in the foreseeable future. Therefore, we understand why CRWD has not yet announced a path to profitability (GAAP-based), based on the excerpts from its reports presented in the previous paragraphs.

If CRWD was profitable, it could trade approximately 8 times its revenue, based on the peers' valuation above. But CRWD is not profitable and also its profitability (GAAP-based) within a certain time frame is unknown, based on its reports.

Since CRWD is not profitable and has no clear path to profitability (GAAP-based) in the foreseeable future, we will focus on its other characteristics to assign a fair valuation. That said, CRWD has the highest YoY top-line growth among its peers, but its growth decelerates both sequentially and on a YoY basis. Also, its growth alone can't obviously offset the low gross profit margin, the continued losses and the unknown path to profitability (GAAP-based) while the vast majority of the aforementioned peers including those with revenue at approximately $500 million are already profitable. After taking into account all these factors, we believe that CRWD should currently trade approximately 5 times its annual revenue, based on the peers' valuation above. And we assign this valuation without taking into account the additional company-specific headwinds mentioned above (i.e. the Trump impeachment inquiry, the litigation about Falcon etc.) that could impact negatively the stock at any time in the next months. We assign this valuation based solely on the relative valuation analysis above.

In other words, we believe that CRWD currently is massively overvalued and there's a lot of fat that needs to be cut in its valuation at the current price of $50 per share or 23 times revenue, based solely on the relative valuation analysis above.

The Recent Sector Deals

Many deals have taken place in the cybersecurity industry over the last couple of years. However, in many cases, the suitors and the takeover targets were privately-held firms, and therefore, their revenue and/or the financial terms of the deals were not disclosed. As such, we focused on the most recent deals associated with publicly-traded firms where the transactions deals were available. And we found that the suitors paid from 2.1 times up to 8.4 times the annual revenue, as shown below. Also, unlike CRWD, some of the takeover targets were profitable such as SecureLink, Sophos Group and Symantec's Enterprise Security Business. Specifically:

1) In May 2019, Orange S.A. (ORAN) acquired SecureLink on a €515 million Enterprise Value basis. With €248 million revenues in 2018, SecureLink is profitable and one of the largest independent cybersecurity services providers in Europe, with a strong presence in the key Nordics, Belgian, Dutch, German and UK markets. Therefore, ORAN acquired SecureLink for 2.1 times its annual revenue.

2) Last summer, Broadcom (AVGO) acquired Symantec Enterprise Security Business (SESB) for $10.7 billion in cash. On that front, AVGO's CEO said that (emphasis added):

M&A has played a central role in Broadcom's growth strategy and this transaction represents the next logical step in our strategy following our acquisitions of Brocade and CA Technologies. Symantec's enterprise security business is recognized as an established leader in the growing enterprise security space and has developed some of the world's most powerful defense solutions that protect against today's evolving threat landscape and secure data from endpoint to cloud. We look forward to expanding our footprint of mission critical infrastructure software within our core Global 2000 customer base."

Thanks to this deal, AVGO adds $2.3 billion of revenues and approximately $1.3 billion of pro-forma EBITDA, including synergies. In other words, AVGO paid about 4.7 times the annual revenue and 8.3 times SESB's EBITDA.

3) A few weeks ago, Thomas Bravo made an offer to acquire Sophos Group (OTCPK:SPHHF) for an enterprise value of $3.9 billion. And the board of directors of Sophos have stated their intention to unanimously recommend the offer to the company’s shareholders. Given that Sophos Group's annual revenue are about $750 million, Thomas Bravo pays approximately 5.2 times the annual revenue.

4) In early 2019, BlackBerry (BB) acquired Cylance for $1.4 billion. Given that Cylance's revenue for FY 2019 are approximately $170 million, BlackBerry acquired Cylance for approximately 8.2 times its revenue.

5) A few weeks ago, VMware (VMW) acquired CBLK for an enterprise value of $2.1 billion, so VMware acquired CBLK for 8.4 times its revenue. Similar to CRWD, CBLK is another endpoint security company that has been losing money and has been burning cash over the last years.

Takeaway

We have seen this movie many times before. For instance, we saw it in 1999 during the dot-com bubble. But we did not buy the hype back then. We did not buy speculation and wishful thinking. We remained loyal to our investing principles. And we will not buy the hype in 2019 either because we believe that we currently live in the dot-com bubble 2.0. But the new generation of investors have not experienced a crash, so they have not learned anything from the past bubbles. We advise them to study the past bubbles carefully because this time is not different.

A business is not successful when it's bleeding cash while losing money with an unknown path to profitability (GAAP-based). And this investing principle is timeless. Revenue growth will not become our new "religion" when it comes to investing. Growth for the sake of growth does not mean anything, in our opinion. The ugly performance of the energy companies over the last years along with the numerous bankruptcies proved that the production growth does not mean anything as long as a company can't make money and can't produce free CF. Profits, positive operating CF and free CF make a sustainable business model.

This is why Charles Schwab, the founder and chairman of the San Francisco brokerage firm that bears his name, told CNBC a few days ago that he's no fan of this year's money-losing IPOs and he would never buy a company like that has huge losses and no sight ahead about when it's going to make money. On that front, a recent report from Goldman Sachs said that:

The companies that have gone public in 2019 are the least profitable since during the dot-com boom. Only 24 percent of them will report positive net income this year."

On top of this, Tom Kellermann, chief executive of venture capital firm Strategic Cyber Ventures, a venture capital firm that invests in the cyber security sector, said last year (emphasis added):

The pipe dream days of selling companies at a rich price equivalent to ten times their revenue are gone.

We forecast that perception will catch up with reality sooner or later, as usual. We believe that CRWD is massively overvalued at $50 per share or 23 times its annual revenue and it should currently trade less than 5 times its annual revenue, which translates into less than $20 per share, due to this combination of reasons:

1) Based on the recent M&A activity in the cybersecurity industry, the suitors paid from 2.1 times up to 8.4 times the annual revenue. And unlike CRWD, some of the takeover targets were profitable.

2) The peers' valuation.

3) CRWD faces multiple key headwinds and weaknesses, both sector-specific and company-specific, as mentioned above.

4) CRWD's president/CEO and CFO have not held before similar positions in companies that generate approximately $500 million in annual revenue.

Value Digger is a former fund manager who has been ranked in the Top 100 (TipRanks) since 2012, so click "follow" to receive our articles. Also, sign up for a 2-week Free Trial of Value Investor's Stock Club to discover overlooked value stocks with multi-bagger potential, high-yield dividend stocks and short ideas for triple-digit returns with 100% success to-date. Proven track record. Since January 2016, we have locked in profits from more than 60 stocks making more than 60% per pick while holding the stocks less than one year. Our 5-star ratings and outstanding reviews are here.


This article was written by

Value Digger profile picture
13.73K Followers
One-Stop Shop with long ideas (value & dividend stocks) and short ideas
Value Digger is a former fund manager with more than 30 years of investing experience and a full-time deep value investor with a track record of market outperformance.


Additionally, he is a Seeking Alpha Author with one of the highest Followers per Article (F/A) rates. His F/A rate in Seeking Alpha far exceeds 30 followers per article. Also, he has created a big community of deep value investors and launched "Value Investor's Stock Club" (VISC) on Seeking Alpha in 2016. VISC is a value research service with select long and short ideas from different sectors.


His quarterly performance reviews illustrate his high returns and are available to his subscribers. For reference, when Value Digger was managing money in the early 2000s, his Portfolio's annual ROI consistently exceeded 50%. His research is based on a comprehensive review of company-specific and sector-related factors, macro conditions and competitors.


After 30+ years of investing experience, Value Digger has formulated a deep understanding of valuation analysis and his investment philosophy is firmly grounded in Ben Graham-style value-oriented opportunities that often have an asymmetric risk/reward profile. On that front, he has created a proprietary database with thousands of publicly-traded companies, which helps him discover big disconnects, spot the bargains (long ideas) and the bubbles (short ideas) before many investors find them.

Follow

Disclosure: I am/we are short CRWD. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.

To ensure this doesn’t happen in the future, please enable Javascript and cookies in your browser.
Is this happening to you frequently? Please report it on our feedback forum.
If you have an ad-blocker enabled you may be blocked from proceeding. Please disable your ad-blocker and refresh.