Intro & Thesis

Almost every investor has thought about initiating a position in CrowdStrike (NASDAQ:CRWD) because the stock has gotten hammered for the past three weeks as a result of the IT outage. Despite the +35% drop in the price, I rate the stock a HOLD because I believe now isn't the right time to initiate a position given the uncertainty surrounding the company. Two very important questions kept coming up as I researched CRWD: Can the company survive the current predicament? More specifically, will the recent IT outage make customers think twice before jumping into bed with CRWD?

To answer the first question briefly, Yes, I do believe the company's reputation will remain intact going forward because they didn't suffer a cyberattack or a data breach. The cause of the outage was a failed update on CrowdStrike's Falcon Sensor system. Furthermore, Management was very transparent about the issue and quickly implemented solutions. I didn't come to this conclusion by pulling things out of a hat. I came to it by looking at similar incidents that occurred in the past where cybersecurity companies suffered security breaches in which customer data was lost, yet these firms still managed to survive. Both of the incidents I reviewed had one thing in common: Transparency and Swift Countermeasures.

Despite the stellar management response and good precedents. I'm still a little skeptical if now is the right time to buy in because of two reasons. First is that the Cybersecurity space is very competitive and the slightest hick up (such as the IT outage) can lead to peers taking a bit of your launch. The second is that Litigation is still on the table and the longer CRWD's name is on headlines, the more business they stand to lose. There are just too many unknowns surrounding the firm, which why I rate it as a HOLD. As the oracle of Omaha once said:

It takes 20 years to build a reputation and five minutes to ruin it.

Why I Believe CRWD Will Survive This Predicament?

There are a few things i would like to highlight in order to explain why I believe the recent outage will likely not cause long-term reputational damage.

Cause of the Outage: In my experience, broken trust is what can put a company's reputation through the gutter. Especially if you are responsible for protecting sensitive data like CRWD is, but I believe the recent IT outage won't hurt the firm's reputation long-term because it wasn't a security breach or a cyberattack that led to customers loosing data, it was a configuration update that triggered a logic error, resulting in system crashes (blue screens). It was somewhat of a black swan event that is common with cloud based companies. What wasn't common is the scale.

Management's response: On July 19, 2024 at 04:09 UTC (12 AM EST) CRWD released a sensor configuration update to Windows systems that resulted in system crashes. This means that as reports of the blue screens were coming in, it was nighttime for customers in the U.S. (represent 68% CRWD's total revenue). By the time companies opened for business, CRWD already had a solution and the CEO had been on news channels such as CNBC explaining the issue and how to fix it, He was also active on X and LinkedIn.

I believe management's transparency regarding the issue and finding a quick solution was the right thing to do because companies who experienced worst incidents in the cybersecurity space did the same and their business survived. By July 26th, 2024 CRWD reported that 97% of systems were back online.

Case studies: There are two previous incidents that I would like to discuss to kind of paint a color on what could happen with CRWD going forward. First one occurred in 2020, Mandiant formerly FireEye, one of the largest cybersecurity firms that had the contracts with governments and corporations experienced a data breach on December 4th, 2020 where FireEye's tool kits were stolen by hackers which includes tools that were used by FireEye to test the defenses of its customers.

The stock declined by 13.08% following this news. Management was transparent about the incident and acted swiftly to solve it. They released detailed disclosures and shared insights into the tactics, techniques, and procedures used by the hackers. They worked closely with law enforcement such as the FBI to investigate the breach and released more than 300 countermeasures and detection tools to help their clients defend against potential misuse of the stolen tools.

The company did undergo a restructuring following the news such as a name change (from FireEye to Mandiant) and a sale of one of its business lines for $1.2 billion, but ultimately their reputation did remain intact and they eventually got bought out by Google in 2022 for $5.4 billion (57% premium).

I looked at the company's quarterly reports and annual report following the incident. Revenue continued growing, the bottom line did take a hit due to increased R&D spending, but overall the company was in good shape. Below is a snapshot of their income statement a year after the cyberattack.

The second incident, which perhaps most readers are familiar with, is the recent breach that occurred to Okta (OKTA) on October 2023 where hackers gained access to files belonging to 134 customers. Mind you, OKTA's business model is to provide customers with secure access across multiple applications. So the customer data that was hacked is very sensitive. OKTA had a similar response to that of Mandiant, They put out a statement detailing how the hackers got into their systems and swiftly informed the customers affected and implemented countermeasures.

A week into the incident OKTA's stock was down by +20%. A month later, they reported earnings and the stock recovered. To see whether the company's business was impacted, I looked at Q4 results (October-December) and their latest quarterly report.

In Q4, not only did revenue grow by 19% but operating cash flow ($174 mm) and free cash flow ($166 mm) reached a record. EPS improved by 72% and 150 new customers joined the company or a ~1% increase (quarter over quarter). Additionally, in Q1-25, revenue grew by 19%, achieving another record-breaking operating cash flow ($219 mm) and free cash flow ($214 mm). EPS improved by 67.5% and the firm added 250 customers or a ~1% increase (quarter over quarter).

Both cases are somewhat different from each other, but they share some things in common, such as two cybersecurity companies that suffered a cyberattack/data breach, as a result, customers were affected, and both businesses managed to survive and thrive. Similarly, management teams were transparent and quickly deployed countermeasures. CRWD's responded in a similar way, mind you, no customer data was stolen. The only pickle is that CrowdStrike might be exposed to lawsuits from large enterprises because the outage brought their businesses to a halt, which resulted in lost revenue.

Too Many Unknowns

The biggest threat that could arise from this incident at the moment is lawsuits. The stock has already taken a huge hit, and the news of Fortune 500 companies coming to collect on business losses could deliver the last blow and cause investors to run for the fences.

Some news was circulating recently that Delta might file a $500 mm lawsuit against CRWD. The $500 million in itself isn't a huge issue because as of the latest quarter, CRWD had ~$3.7 billion in cash, but what's concerning is that it can open the floodgates for other lawsuits that can follow. Delta wasn't the only company that suffered losses, hell they weren't even the only airline. The list is long. More lawsuits won't just drive the stock down, they could act as gravity to long-term earnings.

I'm not a lawyer or a legal proffesional but I tried to find what the terms of contract look like for CRWD clients. On the company's website I found the following regarding to limited liability:

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW CROWDSTRIKE SHALL NOT BE LIABLE TO SOFTWARE USER (UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STATUTE, TORT OR OTHERWISE) FOR: (A) ANY LOST PROFITS, REVENUE, OR SAVINGS, LOST BUSINESS OPPORTUNITIES, LOST DATA, OR SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, EVEN IF CROWDSTRIKE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES OR SUCH DAMAGES OR LOSSES WERE REASONABLY FORESEEABLE; OR (B) AN AMOUNT THAT EXCEEDS IN THE AGGREGATE $100. THESE LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY SPECIFIED IN THESE TERMS

This might not apply to all firms, large enterprises such as Delta might have favorable terms regarding certain terms like liability, but it's unclear for now. Only time we'll tell. Moving in on to the side of the story, Will the outage leads to customer losses or will new clients feel uncomfortable doing business with CRWD?

CRWD operates in an industry with intense competition from innovative and driven companies such as Palo Alto Networks (PANW), Sentinel One (S), Microsoft (MSFT), and more. Sure CRWD's Falcon software is great but will clients risk another IT outage that could lead to a business halt and lost revenue just to use it? This question is perhaps the most important one because CRWD has been labeled as a growth company which is why it trades at such high multiples, but if that growth slows or isn't there then the stock can potentially drop by another 30% or more.

Catalysts

There are a few upcoming events that I will be paying close attention. CRWD is expected to report its Q2 results later this month on August 28th (according to Seeking Alpha). I'm sure the company will provide more color on how customers reacted to the outage and would there be any changes to their full year guidance, which can move the stock either way. Second event is CEO George Kurtz's testimony in front of congress, no date has been provided as the time I'm writing this article (08/08/2024). Lastly is the Far.Con conference scheduled to take place from September 16 to 19. This conference also includes an analyst event and I look forward to hearing what the analysts covering the company have to say after talking to customers and industry professionals regarding the outage.

Valuation

CRWD recent drop was significant, but one has to remember that before the incident the company was trading at almost 100x FWD P/E and 80x EV/EBITDA. As you can from the graph below, If one was to buy into the company now, then you are essentially paying the same multiple as a year and a half ago, which doesn't seem attractive to me.

The multiples are still high because CRWD is still growing top line at double digits and margins will significantly increase because their business is cloud-based. But will the growth be there following the outage? It's hard to say so with a clear certainty.

I conducted a quick discounted cash flow analysis to determine whether CRWD is truly undervalued. I assumed a 20% Free Cash Flow CAGR for nine years, which I view as a best-case scenario, a 10% WACC, and a 3% perpetuity growth rate. I arrive at a value per share of $197.65 representing a ~7% downside from the current price ($220). So even with a 20% FCF growth rate the stock is no where close to providing a good entry given the risks facing the company.

Conclusion

All in all, There is a good case that CRWD will recover from the current predicament given the precedents I discussed above, but will that happen when the company is at a 30 P/E or a 50 P/E? I will be patiently awaiting the upcoming earnings call to listen to management discuss what changes have they implemented to prevent similar incidents from happening and most importantly, how clients responded to the Outage.