CrowdStrike’s management didn’t drop a bombshell on investors, which caused the stock to slightly rise.
The moment CrowdStrike (CRWD -2.73%) investors have been waiting for has happened: It released second quarter results. Anyone invested in the stock wanted to know how much the software update failure in July that crashed millions of devices affected its business, as it could’ve completely wrecked a lesser-established company.
But the result could have been much worse for CrowdStrike, and it seems like the worst may be behind it. So, is it time to buy the stock? Or are there more red flags to consider?
CrowdStrike’s cybersecurity platform is still a top choice
CrowdStrike is a leading cybersecurity firm. Its software helps protect millions of devices from outside access through its Falcon platform. However, its products don’t stop at endpoint protection. CrowdStrike has 28 modules that provide different cybersecurity functionalities, making its platform fairly close to a one-stop shop.
This is a key point for the company, as it may have suffered a greater fallout from the outage if its product line was more narrowly focused. Because CrowdStrike is deeply engrained in its customers’ cyber protection plan, it is more difficult to switch away from it. In fact, 65% of all clients use at least five modules, and 29% use at least seven. Furthermore, 48% of its largest clients (those who spend at least $100,000 annually on the software) have at least eight modules.
One key indicator of whether the outage affected CrowdStrike’s business was its annual recurring revenue (ARR) growth and revenue guidance for the year.
For Q2 FY 2025 (ended July 31), CrowdStrike’s ARR rose 32% year over year to $3.86 billion after adding $218 million in the quarter. While the growth rate barely declined from Q1’s 33% pace, the overall ARR added increased from Q1’s $212 million.
One thing to remember is that the incident occurred on July 19, just a few days from the quarter’s end. As a result, these contracts for new business may have been signed before the outage, making this metric less useful, although Q3’s ARR figure should be a focus for investors.
As for revenue guidance, management expects $982 million in Q3 and $3.896 billion for the fiscal year. Compared to the $3.994 billion management projected for the year at the end of Q1, this looks like the outage could cost CrowdStrike around $100 million in revenue.
That’s lost business that likely won’t be recovered. That said, it could have been much worse for the company.
But is CrowdStrike worth buying here?
The stock is still very pricey despite its decline
Nothing has changed in CrowdStrike’s market position. It’s still a top-notch cybersecurity provider with best-in-class software, now more tightly controlling the update process.
This leadership caused the stock to be very expensive before the July 19 incident. However, it’s still quite expensive now.
CrowdStrike trades for 61 times free cash flow and 19 times sales — neither of which would be considered cheap even for a company that didn’t have a massive incident.
As a result, investors still need to be cautious about buying CrowdStrike stock. In addition to its relative expense, there are still questions about the incident’s long-term implications for CrowdStrike’s business model.
CrowdStrike is a land-and-expand model, which means it onboards customers and then encourages them to buy more products after they become familiar with the platform. Management noted in the Q2 conference call that it expects to see “muted upsell dollars and higher levels of contraction.” This could take longer than expected or have a permanent effect, which would alter some of the assumptions investors have about CrowdStrike stock.
Although I’m still a shareholder of CrowdStrike, I think it’s best to be patient. The stock is still trading at optimistic levels, and I’d want to wait before buying more. The problem is, if the stock comes down, it will likely be because of falling performance due to fallout from the update incident.
CrowdStrike is a very tricky stock to analyze, and if you’re not invested for the long term, there are better picks out there. However, CrowdStrike remains one of the best cybersecurity companies right now, which is why I will remain a shareholder despite the choppy waters.