CrowdStrike Stock after the Crash
Is it already time to (re)enter the hammered cybersecurity provider after it caused the biggest IT outage in history?
If you've been following this substack for a while, you know that I've long been a happy shareholder of cybersecurity provider CrowdStrike CRWD 0.00%↑ . Maybe you read my CrowdStrike investment thesis around their unstoppable Falcon platform.
Until last week, CrowdStrike wasn't a household name to the typical retail investor. Well, that has certainly changed: Since last week, CrowdStrike is now known to a wider audience. Unfortunately, for the time being this has a rather negative connotation. Media headlines were full of the fact that CrowdStrike's Falcon software platform was responsible for crashing more than 8 million Windows computers worldwide.
What had happened? A serious software bug had crept into a regular CrowdStrike 'content update' that, for reasons I cannot fathom, had gone undetected during software testing and caused chaos once installed on millions of Microsoft servers. The result was cancelled operations in hospitals, more than 5,000 cancelled flights and much more.
Some media even called it the biggest IT outage in history.
As a result, CrowdStrike's share price fell by more than 30% within a few days. Fortunately, I myself was not (or no longer) invested at the time of the crash, as I had sold the CrowdStrike position in the High-Tech Stock Picking wikifolio a few weeks ago at prices of €318-$360 with a high triple-digit profit.
Of course, the timing of my profit taking was fortunate and less due to clairvoyance than to the disciplined execution of my exit strategy. The CrowdStrike share had simply become far too expensive after the recent high, and for me that regularly means exiting a stock. Even at the risk of missing out on further gains.
The price level has now changed significantly as a result of the crash, and CrowdStrike shares are now back under 260 USD, having recently peaked at almost 400 USD, which is roughly the same price as at the beginning of the year. So the company has lost 32% or 30 billion USD in enterprise value.
Are these now attractive prices for a re-entry?
This is supported by the fact that stock markets tend to overvalue short-term events such as this software error. The question of all questions now is to what extent the disaster will actually have a negative impact on CrowdStrike's business and its previously first-class market and competitive position.
Will CrowdStrike have to pay compensation?
CrowdStrike has not yet commented on whether it will offer any compensation to affected customers. I assume that they will at least offer generous discounts on upcoming contract renewals to appease customers.
The total damage is in the billions. Many customers will likely expect CrowdStrike to pay them compensation, and a number of them are currently investigating whether they can claim damages in court. I am not a lawyer and am not familiar with CrowdStrike's individual customer agreements. However, the agreements typically release the software vendor from liability unless the damage to the customer was caused by gross negligence. I doubt that a customer could prove that CrowdStrike was grossly negligent in this software failure.
But even if CrowdStrike were to pay out several hundred million in voluntary or involuntary compensation: That amount won't break the company, which has generated 1 billion USD in free cash flow over the past 12 months.
Will CrowdStrike's customers remain loyal to the company?
It would be much worse for CrowdStrike in the long run if a lot of disgruntled customers left the company and went to the competition. The cybersecurity industry is extremely competitive and competitors may well be rubbing their hands.
Many customers will now at least seriously consider changing their cybersecurity provider. It is difficult to predict how many customers will ultimately leave CrowdStrike as a result of this incident. Changing providers is difficult, always risky and will be expensive for customers. As a result, I expect migration to be very limited, with no more than 5-10% of the existing revenue base lost.
So it's not all that bad?
I'm pretty sure that CrowdStrike, as a leading cybersecurity cloud provider, will survive this disaster and loose little of its positive market position.
Another question is the attractiveness of CrowdStrike's stock. It was extremely expensive before the outage. Even after the crash, the EV/sales ratio is still 19, which is only sustainable as long as revenue and cash flow growth remains extremely high.
Before the crash, sales growth for the current financial year was expected to be around 30%. If new customer growth slows, which is now almost certain given the uncertainty among customers, growth could fall well below 30%.
In such a scenario, an EV/sales multiple well above 10 would be difficult to justify. The CrowdStrike share was also available for a single-digit EV/sales at the beginning of 2023, as weak growth was forecasted at that time.
On a cash flow basis, CrowdStrike's valuation, with an EV/FCF multiple of almost 60, is still considered expensive even after the crash.
At the beginning of 2023, when I last invested in CrowdStrike, the cash flow multiple was below 35 and the sales multiple was below 10. I could easily see a similar valuation in the coming quarters. This would imply further significant downside potential.
Conclusion on the CrowdStrike crash
CrowdStrike is and remains a great company and the Falcon platform is unstoppable. In my opinion, the software bug and its dramatic consequences have not changed this.
I would very much like to be invested in CrowdStrike for the long term. But at current prices, even after the 30% crash, CrowdStrike's stock is not yet attractive, especially given the increased uncertainty in the customer base and new customer business.
If there is a further 30% drop in the share price over the next few months and the share price falls below 200 USD, only then will I consider investing in CrowdStrike for a third time. Will it come to that? We'll see.
If you would like to continue watching CrowdStrike with me in the future, you can
*Disclaimer:
The author and/or associated persons or companies do NOT own shares in CrowdStrike. This article is an expression of opinion and does not constitute any investment or financial advice.