Is CrowdStrike A Buy Now?
After the outage and the stock price drop, is CRWD already attractive enough?
Hi friends
Unless you were spending your time somewhere offline under a palm tree, you will have heard what happened to CrowdStrike (CRWD) this week. It basically caused the real Y2K event 24.5 years later. In this article, let's look at the damage, the consequences, and whether the stock is already attractive.
What happened?
On Friday, July 19, 2024, CrowdStrike released an update to its cybersecurity software, more specifically to Falcon Sensor. This update was intended to improve the performance and security. It should have been a routine update, but this turned out differently. It contained an essential mistake that caused widespread BSODs, or Blue Screens Of Death, to millions of Windows computers globally.
Maybe you saw this: the BSOD of the Las Vegas Sphere. This one was fake, though.
But back to what happened.
The update included a change to a specific configuration file, Channel File 291. This file is crucial for the software to communicate correctly with Windows, which is the most widely used operating system, as you probably know. Unfortunately, CrowdStrike's update introduced a logic error in this file.
Microsoft had released a significant update for Windows on July 9, 2024, 10 days before this CrowdStrike update. CrowdStrike's Falcon Sensor update was only or primarily tested on the older Windows version.
This caused the affected Windows devices to crash repeatedly, showing the BSOD and boot looping, where devices restart and crash over and over again. 8.5 million devices were affected.
CrowdStrike quickly identified the faulty configuration file that caused the logic error and issued a patch to correct it. However, because of the blue screens of death and reboot loops, IT departments had to intervene manually, about 10 to 15 minutes per device, I heard from people on the floor.
CrowdStrike issued a blog post, in which founder and CEO George Kurtz apologized:
Valued Customers and Partners,
I want to sincerely apologize directly to all of you for the outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.
The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.
To me, and many professionals in the field, it's extremely important that the CEO apologizes immediately. On top of that, CrowdStrike also shows it's there for its customers:
We have mobilized all of CrowdStrike to help you and your teams. If you have questions or need additional support, please reach out to your CrowdStrike representative or Technical Support.
This can help, not just on a technical level, but also to vent frustrations.
The Consequences For The World
CrowdStrike protects crucial customers. Because they know CrowdStrike has the most secure solution, they are using CrowdStrike instead of one of its competitors. The dire consequences show how crucial CrowdStrike has become.
The computer systems used for check-in, baggage handling, and flight operations management all went down. About 5,000 within, into, or out of the United States were delayed, and 868 flights were canceled. (Source) Internationally, the numbers are not known yet, as far as I know, but you should add thousands more.
Banking and financial services were also hit hard. Online banking platforms and ATMs were down, and financial transactions were sometimes impossible for individual and corporate customers.
You may also have experienced that it also affected your trading platform. There were slowdowns and outages.
Multiple hospitals and healthcare providers experienced outages, mostly in their electronic health records systems and other critical software used for patient management and care. This led to delays in patient care, disrupted communications, and increased workloads for healthcare staff. Emergency call centers, including 911 services, were impacted.
Of course, this is just a limited overview of the most extreme consequences. There were many more but listing them exhaustively here is not the purpose of this article. First and foremost, we are investors. So, let's look at the consequences for CrowdStrike as an investment. That's why we want to look at the implications for CrowdStrike first.
Consequences For CrowdStrike
Let's look at the consequences of what happened for CrowdStrike. First, I think it's crucial that this issue is not the result of a cyberattack. For a cybersecurity company, to be breached would have been even worse than this.
But what are the negative consequences for CrowdStrike now?
I guess nobody will be surprised to see CrowdStrike's legal costs increase substantially because of this. There could be settlements, fines, lawyer costs, and, who knows, even congressional hearings. Some companies and maybe even shareholders may file a class-action suit.
Now, just to be sure, in CrowdStrike's terms and conditions, CrowdStrike has protected itself well. It has stipulated that if a company has a claim against CrowdStrike for damage or lost revenue, the most it could recover is what it paid to CrowdStrike and nothing more. Of course, the biggest customers have individual contracts, which are not disclosed, and there could be different terms and conditions there, but I see it as unlikely that CrowdStrike would compromise on this condition.
So, companies would have to sue and win, and then they can only recover the cost of CrowdStrike. This will probably discourage many from litigating.
Most customers will have cyber insurance, and thos will probably have to pay the damages. The policies often include the potential to recover damages.
Of course, CrowdStrike could offer its customers rebates and full repayments to prevent litigation, which could considerably impact its revenue. But that would clearly be a short-term issue, impacting the company over the next year.
There will also be costs associated with immediate response and extra checks for updates, but overall, I don't think these will be substantial.
How about the reputational impact? Of course, you can't really measure that right now. Elon Musk was quick to share this on X:
Now, Elon is always in for some controversy. This is what Matthew Prince, founder and CEO of Cloudflare, wrote on X.
And this.
Cloudflare caused a big outage in 2019. They recovered. Black eyes don’t last forever. While this CrowdStrike-caused problem was probably the most significant outage ever, I think CrowdStrike will also recover.
As for reputational risk, I talked to five cybersecurity specialists I know and all of them said the same thing: "It could happen to anyone and CrowdStrike is still the best." Now, mind you, none of them were stoic about it. They were all irritated because it meant they would have to work on Saturday or through the weekend.
As one put it, switching now would probably mean that the chances of something similar would increase, as CrowdStrike will now have very strict rules about updates.
Of course, my sample of 5 is very small, I know, and there will be diverse opinions, as with anything. In the C-suite, the understanding could not be the same as that of cybersecurity specialists. But overall, I think that executives will understand that others could have it as well and that having the best cybersecurity is crucial and CrowdStrike stands out of the crowd.
Of course, it could mean that new customers add this to the negative side of the column of pros and cons they make to decide which provider they choose. This could mean that CrowdStrike will lose some of its pricing power. Over time, though, I think this effect will disappear, as it usually does. In the first months, this will still be top-of-mind, but it will mostly be forgotten next year.
I know it may be a stretch now, but I have some marketing experience, and the old saying, "There's no such thing as bad publicity," still stands today. What does it mean in this case? Many more people will now know the name CrowdStrike and have seen its powerful customers. Over the longer term, this might even be beneficial. But again, I can understand if you think that's a stretch right now.
It is crucial to ask if this influences CrowdStrike's thesis. I picked it as a Potential Multibagger at $98, and to me, this is a blow to the company but not one affecting its long-term potential. Mind you, there could definitely be a shorter-term impact, and if that's important to you, you might consider trimming your position.
Adding To CrowdStrike Now?
So, does this drop mean we should add to our CrowdStrike position? Let's revisit the valuation. But before we do that, let's look at how we should value CrowdStrike.
CrowdStrike is somewhere between high growth and mature growth, but more towards high growth. That means EV/Gross profits is a good valuation method.
With Finchat, I can simply show these.
At 28 times EV/gross profits, CrowdStrike looks cheaper than a month ago, but not cheap. In almost all of 2023, when I made it my biggest position in the PM Future Fund, you could buy it at 15 times to 20 times gross profit, which I think is a bargain for fast-growing companies. Just a few weeks ago, the stock traded at 38 times P/GP, now at 30 times. But again, a lower valuation doesn't mean cheap.
Let's also check some of the metrics for companies in mature growth.
With a forward P/FCF of 53, a forward EV/EBITDA of 63 and a forward PE of almost 73, you can't call CrowdStrike's stock cheap by any means. With expected EPS growth of 30%, this also means a 2024 forward PEG of 2.43 (73/30). That's still expensive.
At this point, I don't see CrowdStrike's stock as particularly attractive. I have a big position in the stock (as it's my biggest holding based on the current value), but at this price, I'm not adding to my position. The stock would have to drop more before I see it as attractive enough to add to my position.
The next logical question will be: at what level do you consider it attractive enough to add? The answer can be personal, depending on many personal factors, but let me explain my reasoning.
CrowdStrike's revenue is expected to be around $5 billion in 2025. CrowdStrike now has a gross profit margin of around 75%. Suppose this drops because of what happened. Let's take 65% and 70% gross margin numbers as examples.
A 70% gross margin would mean $3.5 billion in gross profits in 2025, 65% would mean $3.25 billion. If you take 17.5 times 2025 gross profit, you get a market cap between $57 billion and $61 billion. Right now, CrowdStrike trades at a market cap of $75 billion. That means I would be interested if the stock drops another 20% or so. Let's call it sub $250. Of course, there's no guarantee it will get there and there are still many moving parts in the story.
But when I combine all the valuations, I see CrowdStrike as still a bit overvalued right now, but obviously quite a bit less after this drop.
However, CrowdStrike also has a very strong Potential Multibaggers Quality Score of 83 and if you add the updated valuation score of 6.5/10, you get a QPI (Quality-Price Index) score of 14.8, which means that CrowdStrike moves up in the ranking.
When I summarize this in the Buy-Hold-Sell scale, I see CrowdStrike as a very light buy because of its high quality. At the same time, the outfall of this outage could bring down the Quality Score as well. It's too early to judge that right now, though.
It's pretty simple for me right now. What I do is what so few can in investing: nothing.
I could see CrowdStrike's stock hit in the upcoming months or maybe the next year, but that doesn't mean I will sell. I would add to my position if the stock keeps dropping, as I see this as a temporary problem—one that should not be underestimated but still temporary.
If you want the full scores of all my stocks, try out Potential Multibaggers. If you use this link, you get a 2-week free trial and a 20% discount if you decide to stay.
In the meantime, keep growing!
P.S. Don’t forget to subscribe here to get these free articles!
Great write-up! Learned a lot!
Hi Kris, Thank you for your insight, even anecdotes; I too have polled similar contacts and have heard the same thing. CRWD's recent earnings implied that their product is still taking share despite nearly all other peers decelerating, which may be why valuation is still fairly formidable. I have two questions. First questions is, as Morgan Housel puts it (sic) "true risk is what you DON'T account for after everything is factored in". What is the true risk for CRWD? Perhaps they are the best platform/product but due to this or another event, their competitors with "good enough" products take share. The imputed economics of cyberattacks say not likely but in the market it is not the obvious/next level thought that is the winning way to invest but the level above that. Second question is, as a mostly growth company; how would you see valuation here if CRWD continues to increase FCF at a higher rate than the market implies? Do you believe in reverse DCF modeling? If CRWD comes back stronger (let's say a main competitor has an actual product issue), at what growth rate would today's prices meet your hurdle? Most articles talk about the base case and downside risk, which are most important. However, many don't model out the range of outperformance possible/needed to justify a premium in time. CRWD so far has been one of those outperformers, would it not make sense to consider (via sensitivity analysis) what that would look like? Just fleshing out the levels of thought here: market telegraphs that CRWD is expensive and the gaffe may cost it business/money, thus the decline. Market thinkers a level above say CRWD moat is still intact and only temporarily affected but valuation is historically elevated so not a great bargain (and thus communicating market sentiment that CRWD is still top dog). The level above that (if I can presume that), the likelihood of an unclear negative catalyst or larger than anticipated effect on earnings/reputation causing medium to long term damage is less likely. Thus premium is maintained. In fact, CRWD has bottomed in sentiment but operationally will get stronger. Perhaps the operating leverage from its recent GaaP positive trend accelerates and this period is allowing big money to layer into the next step up. Thank you for your time.