Last week, CrowdStrike Holdings, Inc. (NASDAQ:CRWD) gave initial guidance based on the read through from the global outage caused in July. The cybersecurity specialist cut guidance, but the market cheered the limited impacts to the business so far. My investment thesis remains ultra-Bearish on the stock trading at an extreme valuation, with customers already pushing back on signing new deals.
Source: Finviz
Focus On FQ3 Guidance
Back on July 19, CrowdStrike caused a global outage, impacting at least 8.5 million devices of customers using Microsoft (MSFT) via a Channel File 291 incident. Most customers were back online within hours and some within days, but CrowdStrike is currently in a $500 million lawsuit with Delta Air Lines (DAL) due to an outage lasting all weekend and causing the cancellation of 7K flights.
The cybersecurity company has a quarter ending in July, so clearly the outage was going to have a limited impact on the FQ2 results. The real key to the investment story is the ripple effects into following quarters.
CrowdStrike reported the following results for the quarter ended on July 31:
Source: Seeking Alpha
The first key is that the company still beat consensus targets by over $5 million, similar to prior quarters. On the FQ2’25 earnings call, CEO George Kurtz discussed customer contracts being delayed as follows:
As the July 19 incident was in the final two weeks of the quarter when a meaningful portion of our sales typically close, it delayed deals into subsequent quarters. The vast majority of these deals remain in our pipeline.
CrowdStrike still closed some very large contracts by quarters end with a hint that existing customers were less hesitant, but the CFO went on to provide more details on the deals pushed. According to the executive, none of these deals had closed as of earnings on August 28, or nearly a month following the quarter close:
The July 19 incident had a significant impact on the last two weeks of the quarter, as we rapidly mobilized teams to assist customers, but we continued to close deals, including a nine-figure in deal value expansion. While deals can push in any given quarter, this quarter we experienced elevated levels with more than $60 million in deals that we had line of sight for the quarter and remain open as of Monday. We expect these deals to close in future quarters.
These delayed deals impact future results to the extent these customers eventually sign up with CrowdStrike. If the cybersecurity specialist loses customers, like Delta Air Lines, in the process, the numbers could get ugly, and fast.
CrowdStrike guided to FQ3 revenues of $979 to $984 million for ~25% growth. The guidance is for the growth rate to decelerate by 7 percentage points from the 32% growth rate in the just reported quarter.
Source: CrowdStrike FQ2’24 presentation
More importantly, CrowdStrike missed consensus estimates of $1.01 billion by nearly $20 million. Also key, the company is only forecasting revenue to increase ~$20 million sequentially, leading to limited growth in future quarters.
As an example, CrowdStrike just added nearly $63 million in sequential revenues and last FQ3 the sequential revenue bump was nearly $55 million on a revenue base ~$230 million lower. Management suggests the remaining 2 quarters have ~$30 million in subscription revenue reductions due to customer incentives to elongate Falcon platform subscription commitments, apparently unrelated to the outage, and oddly timed.
The key is whether CrowdStrike can convince new customers to sign up for the services, or conversely, existing customers to expand services. Though Elon Musk suggested his firms, Tesla (TSLA), SpaceX and Twitter/X, have stripped out CrowdStrike products, most companies aren’t willing to aggressively remove services knowing a replacement has to be added, so any retention incentives would be logical for existing customers.
Source: Twitter/X
SentinelOne (S) recently reported quarterly results with an expectation of taking market share from CrowdStrike due to the outage. The cybersecurity peer didn’t report any major revenue guide up, but management did make the following statement on the recent earnings call:
At Black Hat a few weeks ago, we heard from enterprises that they want to diversify cybersecurity technologies and mitigate the risk of another global outage. There was a lot of excitement and interest in SentinelOne.
Companies do not make snap decisions. They need to figure out how to make the transition, but this shift is positive for SentinelOne in the broader enterprise security landscape. This will play out for years as companies dig through the web of liabilities and risks uncovered by this historic outage.
The sales cycles in cybersecurity can take 9 to 12 months, so the tipple effects will last all the way until next July.
Glossed Over Impact
The stock was already falling prior to July 19 with CrowdStrike failing to top $400 just a few weeks prior and closing July 18 at $343. The stock fell to the late 2023 low around $200, but CrowdStrike has already rebounded aggressively to $275 where strong resistance exists now.
The market cap is now back up to $68 billion, with a $65 billion EV based on a $3 billion net cash balance. Investors have quickly glossed over the outage ripple effects to already pay a premium price for the stock.
CrowdStrike is only approaching $1 billion in quarterly revenue, while the stock has an EV of $65 billion. The stock now trades at a forward EV/S multiple of 16x, while Palo Alto Networks (PANW) trades down below 13x and SentinelOne is at 9x.
Even if an investor believes CrowdStrike will stabilize with growth rates in the mid-20% range, the stock should trade much closer to the valuations of the peers in the cybersecurity space.
Not to mention, one doesn’t know the full outcome of any litigation. CrowdStrike suggests contractual obligations and insurance should limit any financial impact, but one shouldn’t pay a premium for a company with unknown litigation and slower growth rates.
The company clearly suggests new deals are likely to require CEO, and in some cases BoD approval, pushing deals out for likely quarters. In reality, customers may be unwilling to move over to CrowdStrike until up to 6 months of incident free operations take the shackles off executive restrictions.
The risk is that growth slows even further in FQ4, and the market doesn’t appear to understand the weak revenue guidance is entirely due to the lower revenues for additional customer commitments. Even if growth rates hold around 20%, CrowdStrike should trade more in the range of 7x to 10x EV/S targets, similar to where SentinelOne already trades despite even higher sales growth targets.
Takeaway
The key investor takeaway is that the ripple effects of the global outage are only now starting to hit the quarterly expectations of CrowdStrike. The current quarter will see the biggest impact while investors are still paying massive premiums for the stock. CrowdStrike still has considerable downside ahead.
Read the full article here
