[IN-DEPTH ANALYSIS] CrowdStrike (CRWD): The Train is Missed, Waiting for Another Dip

Source: TradingView

Investment Summary

CrowdStrike share price had a dramatic comeback after it cratered last July due to the IT outage. The management did a good job at damage control by limiting the existing client churn rate to just 3% by providing general incentives and discounts. The current soft guidance for 2026 is more of a consequence of the outage that we expect to fade away with time, with growth rates and margins set to rebound. Unfortunately, after the post-outage rally, the share price of CrowdStrike already seems well-priced, even if we price a rather optimistic growth trajectory and margin expansion for the coming five years.

Industry Overview

Cybersecurity is the process of protecting the digital or physical resources of a company or an individual from cyber threats, this includes identifying such threats if they occur, remediating such threats when they occur or mitigating the risk of them occurring.

A cybersecurity defense system usually consists of several layers of protection. Cybersecurity companies can either provide more comprehensive products that can cover more than one of these layers, or (and) they can have their own specialty area.

When it comes to the layers, the cybersecurity value chain can be quite complex and elaborate, but these are the main categories:

Identity & access management: Ensuring the right individual in a system has the appropriate access to the system’s resources and data. Who can access what?

Endpoint Security: Securing the end-user devices (computers, mobile devices).

Network Security: Securing the integrity and confidentiality of transferring data. That includes firewalls and virtual private networks (VPNs). Perhaps the biggest cybersecurity segment.

Cloud Security: Protecting data, applications and infrastructures involved in cloud computing. 

Software Security: Protecting the software from bugs at the software development stage to mitigate the costly remediation after the software has already been deployed.

Data Security: Protecting the data throughout the whole data cycle from being accessed by unauthorized agents.

Infrastructure Security: Protecting the hardware/physical infrastructure, namely data centers, manufacturing plants and other types of physical devices.

In terms of market players, the cybersecurity industry is quite fragmented with three big pure-play companies (Palo Alto, CrowdStrike, Fortinet), some emerging players (Sentinel One), as well as big tech firms that have cybersecurity products (Microsoft, Cisco, Google).

The cybersecurity industry is in a rather early stage as there are many drivers that can fuel the growth for years to come:

• Cyber threats are becoming increasingly more sophisticated  
• Governments are imposing stricter regulations on corporations when it comes to data protection and cybersecurity
• The emergence of new technologies such as AI, IoT and Cloud computing open new potential target markets for cybersecurity firms
• With the normalization of the complex geopolitical tensions globally, cross-border cyber-attacks become more and more common

Where is CrowdStrike on the Cybersecurity Map?

CrowdStrike’s main focus is endpoint and cloud security, which differs from other competitors like Palo Alto and Fortinet whcih focus more on Network Security (firewalls).

Endpoint security is not as big a sub-area as network security is, but it is an integral part of the total security system:

• Endpoint devices are an easy target as the endpoint user may often make mistakes to compromise the security
• A lot of important data is actually located on an endpoint level
• With the growth of remote work, endpoint security becomes even more important

Source: SEC Filings, TradingKey

A big advantage for CrowdStrike is the fact that their business model is almost entirely a SaaS one, as 95% of the revenue comes from subscriptions. This is not the case for other peers that have a significant portion of on-premises business operations. In fact, SaaS is a suitable model for them, as CrowdStrike started as a cloud-native company, allowing them to deploy their product efficiently to many endpoint devices, as well as update more smoothly.

Subscriptions are generally priced on a per-endpoint and per-module basis (they categorize their products into modules – this enables to quickly up-sell to clients by providing more modules). CrowdStrike also utilizes a so-called “land and expand” sales strategy – once they land a client, they gradually provide them with other related products, bringing another vector of revenue and also improved stickiness.

Source: App Economy Insights

July Outage Impact Still Persist

We believe CrowdStrike stood well in the context of the major IT outage last July with the client churn rate going up just a half percentage point to 3%. What the company did is to turn its focus from acquiring new customers towards maintaining the current customer base by giving the current companies more discounts. Thus, we can see a more drastic decrease in OPM after Q2.

Source: SEC Filings, TradingKey

Another negative aspect of the financial performance is the decline in the growth of new ARR, mostly due to the slowdown in onboarding new clients. The newly booked ARR is still to be reflected in the future revenue which means we will see a softer growth in the coming year (unsurprisingly the management guided just 20% revenue growth in 2026).

Source: SEC Filings, TradingKey

…But Well-Positioned for the Future

We believe the softness in the revenue and margins is temporary and we expect the growth rate to re-accelerate next year.

The cloud-native nature of CrowdStrike will enable them to ride the wave of cloud growth. The CrowdStrike products have been used by the top three cloud players (despite two of them having their own endpoint products) and with the ability of CrowdStrike to up-sell, we expect to see 20%+ growth for the coming 3-4 years.

The case of CrowdStrike’s collaboration with AWS needs particular attention. Falcon does not only provide services for Amazon but the customers that use AWS happen to adopt Falcon, making AWS not just a customer but also a sales channel for CrowdStrike. It is estimated that $1 billion of the revenue of CrowdStrike comes from AWS.

Further to this, CrowdStrike has the largest amount of cash reserves among the pure-play cybersecurity providers. This also comes with an insignificant amount of debt. This puts them in a position to pursue further investments in their current capabilities or venturing out towards other areas of cybersecurity through M&A.

Source: SEC Filings, Bloomberg Intelligence

Valuation

Valuating CrowdStrike is not as simple as they are currently loss-making on an operating level, as the margins are far from being mature.

In order to get a clearer idea of how the financials of a mature CrowdStrike will be, we will have to look five years into the future.

By 2030, we expect the revenue to continue growing at a CAGR of 18% with above 20% growth in the beginning, slowly decelerating to mid-teen digits – this will lead to a roughly annual revenue of $9billion.

For operating margins and earnings multiple, we will use Microsoft as a proxy, considering this is the most mature software company. In recent years, Microsoft has boasted a 40% operating margin and 30x PE multiple, thus we apply the two metrics to the 2030 revenue projections.

After the calculation, we estimate that the market cap of CrowdStrike will be around $99 billion, just slightly above the current one at $92 billion. From this exercise, it appears that currently the stock of the company is priced to perfection with less than 10% upside potential.

Source: TradingKey

Risks to the Investment Thesis

There are certain downside risks to the estimates above such as another big IT outage, losing market share from competitors and slower-than-expected margin expansion.

However, there is also a huge x-factor. Currently, AI is mostly transformative for software businesses as we see big software players like Meta, Amazon, Microsoft and Alphabet transforming their business models with AI-enhanced products. On the other hand, there we still have not seen much recent innovation when it comes AI-powered end-point devices (e.g. mobile phones or personal computers have not been affected dramatically from the AI boom)

In the coming years we can see a certain AI revolution in terms of consumer electronics be it IoT or just more integration of AI into our mobile phones and PCs. The potential emergence of such a trend will greatly benefit CrowdStrike, as the need for endpoint (device) security will grow substantially.