When I wrote my last article on CrowdStrike (NASDAQ:CRWD) after its Q2 earnings, there was still significant uncertainty surrounding the July 2024 outage. A software patch led to a global disruption, affecting 8.5 million Windows devices and industries like airlines, banking, and healthcare. The incident caused CrowdStrike's stock to drop over 40%, raising questions about its ability to maintain customer trust and market leadership. Despite these challenges, I remained optimistic about CrowdStrike's future, largely because of the swift and transparent response by CEO George Kurtz and the resilience of its Falcon platform.
Now, two quarters after the incident, it's time to revisit my thesis on CrowdStrike's ability to rebuild customer confidence. Restoring trust wouldn't be easy, but now with some more clarification, I reinforce my bullish position.
In this article, I aim to provide an update on how CrowdStrike has regained customer trust, the company's performance post-incident, and why I continue to see long-term value in the stock.
Restoring Trust Post-IncidentThe July 2024 outage was a major test for CrowdStrike, but the company's response and ongoing actions have reinforced my confidence in its ability to recover. Transparency was the cornerstone of its recovery strategy. CEO George Kurtz took full responsibility for the incident, acknowledging the disruption and ensuring immediate fixes were implemented. While rebuilding trust isn't instantaneous, CrowdStrike's strategic focus on delivering value and innovation has made significant progress, showing meaningful growth while demonstrating some impressive customer metrics.
One of the most effective initiatives was the introduction of Customer Commitment Packages (CCPs). Designed to offer greater flexibility, enhance value, and align with evolving customer needs, CCPs have been instrumental in retaining clients. They also encouraged customers to deepen their investments in the Falcon platform, reflecting their continued confidence in the company.
This ability to drive deeper customer investment is closely tied to the scalability of CrowdStrike's business model.
CrowdStrike's business model is inherently scalable, driven by two key factors.
First, the company benefits from economies of scale. Once a new module or service is developed, the cost of adding additional customers is minimal. As more customers adopt a service, the per-customer cost to maintain and enhance it approaches zero, driving significant efficiency gains.
Second, CrowdStrike's ability to upsell additional modules to existing customers is both cost-effective and highly profitable. Selling more modules to an existing customer is far less expensive than acquiring a new customer and results in stronger margins. The Falcon Flex model further accelerates this process, with Flex customers adopting an average of nine or more modules compared to non-Flex customers.
Source: Q3 Investor Presentation
And the numbers tell a convincing story of trust and growth. Before the incident, 28% of CrowdStrike's customers had adopted at least seven of the company's security modules. By Q3, this figure had risen to 31%, while a new metric, those adopting eight or more modules, grew to 20% of the subscription base. These increases underscore the stickiness of CrowdStrike's ecosystem. Customers wouldn't be scaling their usage if they lacked confidence in the platform's reliability and value.
Source: Q3 Investor Presentation
Falcon Flex has been a major contributor to this growth, driving platform consolidation and ROI for customers. In Q3, the company completed over 150 Falcon Flex deals, representing more than $600 million in total value. On average, two Flex deals were closed every business day during the quarter. Accounts adopting Falcon Flex now represent $1.3 billion in total deal value, with Flex subscriptions significantly larger than traditional contracts.
Flex customers not only enjoy preferred pricing for both their contracted modules and future additions but also benefit from the flexibility to access products as their needs evolve. This makes Falcon Flex a key driver of platform consolidation, delivering rapid ROI for customers. In fact, the average CrowdStrike customer spent hundreds of thousands in Q3, while the average Flex customer spent millions, highlighting the immense value of this model. Furthermore, Falcon Flex has become the primary delivery mechanism for CrowdStrike's Customer Commitment Packages (CCPs), further reinforcing its central role in the company's recovery strategy.
Retention metrics further reinforce this narrative. Gross retention in Q3 remained above 97%, declining by less than 0.5 percentage points, a minor decline considering the scale of the disruption. Dollar-based net retention, while temporarily impacted, stood at 115%, reflecting customers' strengthening commitments to the Falcon platform through CCPs and the Falcon Flex subscription model.
Pipeline activity has also returned to pre-incident levels, showcasing the effectiveness of CrowdStrike's recovery efforts. Falcon Flex is as a key driver of platform adoption and ROI for customers. Flex accounts now represent over $1.3 billion in total deal value, with subscriptions significantly larger than traditional contracts. This indicates that customers see CrowdStrike as an integral part of their cybersecurity strategies, even after the incident.
Innovation has always been a major advantage to CrowdStrike's strategy, and it plays a crucial role in regaining customer trust post-incident. Artificial intelligence remains a cornerstone of the Falcon platform, enabling superior threat detection and response capabilities. CrowdStrike has further enhanced this with tools like Charlotte AI, which improves efficiency and productivity. For instance, tasks like creating situational reports, which previously took days, can now be completed in just one hour with Charlotte AI.
Another development this quarter was the acquisition of Adaptive Shield, which expanded CrowdStrike's capabilities in SaaS security posture management. With Adaptive Shield, CrowdStrike is now the only platform offering end-to-end cloud security, covering everything from device-level threats to SaaS application vulnerabilities.
Financial PerformanceCrowdStrike's Q3 results mark a significant milestone in its recovery, representing the first full quarter post-incident. The company achieved Annual Recurring Revenue (ARR) of $4.02 billion, growing 27% year-over-year (YoY) with $153 million in net new ARR added in the quarter. This makes CrowdStrike the fastest pure-play cybersecurity software company to surpass $4 billion in ARR. Total (EPA:TTEF) revenue also exceeded $1 billion for the first time, growing 29% YoY, while subscription revenue increased 31% YoY.
However, the impact of the July 19 incident was evident. Net new ARR was reduced by $25 million, largely due to extended sales cycles and one-time incentives offered through CCPs. Sales cycles within enterprise accounts increased by 15% YoY, contributing to muted upsell rates during the quarter.
Source: Q3 Investor Presentation
Despite these headwinds, CrowdStrike reported Free Cash Flow (FCF) of $231 million, representing 23% of revenue and achieving a Rule of 51. While FCF remained robust, it was one of the metrics most affected by the incident, resulting in a lower-than-average rule compared to previous quarters.
GAAP net income turned negative after six consecutive profitable quarters due to incident-related costs. Management has indicated that these challenges are temporary, and I share this view. Looking ahead, however, CrowdStrike does not expect sequential FCF margin leverage in Q4 and anticipates another $30 million impact to both net new ARR and subscription revenue in the coming quarter.
The company's balance sheet remains strong, with $4.26 billion in cash and cash equivalents against $744 million in debt.
FY2025 GuidanceQ1 2025 (midpoint)Q2 2025 (midpoint)Q3 2025 (midpoint)% Change| Total Revenue | $ 3,994 m | $ 3,896 m | $3,927 m | -1.70% |
| Non-GAAP Net Income | $ 999 m | $ 913 m | $940 m | -5.90% |
CrowdStrike raised its FY2025 guidance and the company now expects total revenue to reach $3.927 billion, up from its previous guidance of $3.896 billion. It has signaled that trust is being rebuilt and customers are continuing to rely on CrowdStrike's platform.
Non-GAAP net income guidance was also increased to $940 million, up from $913 million last quarter. While these figures remain below pre-incident levels, the upward revision demonstrates the company's ability to regain momentum post-crisis.
Management reiterated its long-term goal of reaching $10 billion in ARR by FY2031, highlighting the scalability and stickiness of its platform. Given the rapid adoption of Falcon Flex and other modules, I wouldn't be surprised if CrowdStrike achieves this target ahead of schedule.
RisksThe July incident highlighted the potential for a single operational failure to cause massive sell-offs. Although the outage was not a cyberattack, a future breach or similar event could inflict lasting reputational damage, making recovery more difficult. Additionally, Delta Air Lines (NYSE:NYSE:DAL) and CrowdStrike sued each other, which represents a legal risk that could lead to financial penalties or prolonged uncertainty, even if CrowdStrike minimizes its liability.
The cybersecurity industry itself remains fiercely competitive. Companies like Palo Alto Networks (NASDAQ:PANW (NASDAQ:PANW)) and Zscaler (NASDAQ:ZS) are aggressively targeting the same $250 billion addressable market. These rivals are not only innovating but also expanding their customer bases, putting pressure on CrowdStrike to stay ahead.
Finally, while I understand that the GAAP loss this quarter is a one-time event tied to the outage, it does highlight the delicate nature of CrowdStrike's profitability. This reinforces the need for continued operational excellence to avoid similar incidents in the future.
ValuationIn my last coverage, I set a midpoint price target of $355 per share, reflecting a 19% upside as I believed the market had overreacted to the incident. That target has now been achieved. Q3 FY25's results have shown me what I was waiting for. The trust from customers remains strong, guidance has been increased, and the Falcon Flex platform continues to drive customer adoption. Management commentary has been optimistic, with expectations that these growth trends will persist. These factors have led to upward revisions in revenue and earnings estimates by Wall Street analysts. As a result, I am slightly raising my price target to a range of $342 to $389 per share.
Using a FCF growth model, the price target remains largely unchanged due to ongoing pressure on FCF. However, a multiples-based valuation method indicates additional upside potential. Combining these approaches, I arrive at a price target range of $342 to $389 per share, offering a potential upside of approximately 6% from current levels.
While FCF remains under pressure due to one-time costs associated with the July incident, I believe this is temporary. The company's underlying fundamentals remain robust, and its profitability is likely to stabilize in the coming quarters as CrowdStrike continues to scale and drive efficiencies.
Source: Author
ConclusionCrowdStrike's recovery from the July outage highlights its operational excellence, innovation, and customer-centric approach. The company has not only regained trust but also strengthened its market position.
The platform's stickiness is evident, with 20% of the subscription base now adopting eight or more modules. Falcon Flex has been a key driver of this trend, fostering deeper customer engagement and accelerating platform consolidation.
As the cybersecurity landscape evolves, CrowdStrike's ability to innovate and deliver comprehensive, scalable solutions remains its competitive edge. By expanding its module offerings and demonstrating clear ROI, the company continues to solidify its leadership in the industry.
My updated price target range of $342 to $389 reflects my continued confidence in CrowdStrike's ability to deliver value and maintain its position as a dominant force in the cybersecurity industry.
This content was originally published on Gurufocus.com
