CrowdStrike (CRWD) has done relatively well in this coronavirus-driven selloff; shares are down around 9% February highs whereas the S&P 500 (SPY) is down 23%. Part of this outperformance is driven by blowout 4Q19 earnings results which the company announced on March 19. But it’s not just the impressive growth numbers in that report that have driven the positive sentiment around the company; on its earnings call, management was pretty upbeat about future growth prospects, indicating that CrowdStrike can not only survive the coronavirus pandemic, but also benefit from it.
Cyber Security is Mission Critical
One of the key themes that CrowdStrike CEO George Kurtz focused on in the earnings call was how Cybersecurity spending is critical to running any business large or small, emphasizing that essential cybersecurity spending can not be eliminated. Kurtz talked about how cyber adversaries, including nation-states were already trying to exploit the situation by launching new phishing attacks. Kurtz also noted that contrary to popular belief, CrowdStrike was seeing an uptick in SMB customers amid the coronavirus slowdown driven by ransomware threats.
In response to an analyst question, Kurtz said:
When we look at security in general…it is mission critical and in the corporate hierarchy of needs, cyber security is equivalent of shelter, it’s fundamental…obviously there’s going to be industries that are more impacted than others [in a recession], but at the end of the day they’re going to need security…It’s a compliance mandate for many…large companies, even not [so] large companies… from a data privacy perspective, whether it’s a state or federal government or any other government around the globe…they’re going to still need to be able to purchase that.
CrowdStrike management emphasised how they are poised to benefit from the work from home (WFH) trend, which significantly increases the attack surface area for cybercriminals as hundreds of thousands of employees use their home devices to log in to their corporate networks and work emails. Remote work will require all these additional workloads and endpoints to be protected, increasing the demand for cybersecurity products.
In this environment, cloud-native players like CrowdStrike have an advantage over competitors- customers can remotely deploy the CrowdStrike’s lightweight Falcon agent on endpoints at scale, something that legacy cybersecurity players and network-based security providers can’t manage.
Management pointed out that CrowdStrike can help companies cut costs in a recessionary environment. The Falcon platform allows customers to consolidate their various different cybersecurity and IT monitoring products into a single, lightweight agent, which helps reduce complexity as well as operating and maintenance costs.
Additionally, management noted how CrowdStrike’s managed service offering, Falcon Complete, helps companies fill gaps in their cybersecurity resources at a fraction of the cost of having inhouse cybersecurity expertise.
A big part of what we do is we help [businesses] consolidate what they have [in terms of existing disparate cybersecurity products]. We can show them that 3x or better return on their investment. And in today’s environment, obviously, where there’s going to be tremendous cost pressure on these companies, I think we’re the perfect solution to help optimize their head count, help optimize their spend on hardware and software and security and people and putting all that together, it’s a very compelling offering that we have for them in a time of need.
Is CrowdStrike really immune from the disease?
After listening to management commentary from the company’s 4Q19 earnings call highlighted above , you might be inclined to think that CrowdStrike is immune from the recessionary effects of the coronavirus pandemic. In an environment where there’s talk of 15% unemployment rate and Q2 GDP down over 30%, a company guiding to a 50% to 52% year over year increase in full year revenue sounds pretty impressive.
However, despite all the bullish talk from the management in the earnings call, CrowdStrike was prudent enough to slide in a reference to the Covid-19 pandemic in its 10-K filing. Under the section where it talks about the risk of being unable to attract new customers, the company says:
Even if we are successful in convincing prospective customers that a cloud native platform like ours is critical to protect against cyberattacks, they may not decide to purchase our Falcon platform for a variety of reasons some of which are out of our control.For example, any deterioration in general economic conditions, including a downturn due to the outbreak of diseases such as the novel coronavirus, or COVID-19, may cause our customers to cut their overall security and IT operations spending, and such cuts may fall disproportionately on cloud-based security solutions like ours. Economic weakness, customer financial difficulties, and constrained spending on security and IT operations may result in decreased revenue, reduced sales, lengthened sales cycles, increased churn, lower demand for our products, and adversely affect our results of operations and financial conditions.
While I believe that CrowdStrike has the best-in-class product in an industry that may not be the most sensitive to the coronavirus-driven recession, and has secular tailwinds at its back, I think that the market does not fully appreciate the downside risks to growth from this extremely disruptive recession. There may be many potential customers who are too distracted to change cybersecurity vendors right now, and with every single cost being micro-analysed, I would certainly expect longer sales cycles as customers drive hard bargains and start with fewer endpoints and the most essential modules only
There’s another risk disclosure in the company’s 10-K that I found relevant given the current circumstances:
Because we recognize revenue from subscriptions to our platform over the term of the subscription, downturns or upturns in new business will not be immediately reflected in our results of operations
We generally recognize revenue from customers ratably over the terms of their subscription, which is generally one year. As a result, a substantial portion of the revenue we report in each period is attributable to the recognition of deferred revenue relating to agreements that we entered into during previous periods. Consequently, any increase or decline in new sales or renewals in any one period will not be immediately reflected in our revenue for that period. Any such change, however, would affect our revenue in future periods. Accordingly, the effect of downturns or upturns in new sales and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods. We may also be unable to timely reduce our cost structure in line with a significant deterioration in sales or renewals that would adversely affect our results of operations and financial condition.
This is important to note, because it implies that revenue may not be the right metric to focus on to understand COVID-19’s impact on the company. CrowdStrike guided to year over year revenue growth of 71% to 74% in 1Q20, which I think would be easily achievable given its current backlog. And with the first quarter growth locked in, 50% to 52% revenue growth guidance for the full year seems reasonable. However, as mentioned in this risk factor, the revenue growth may not provide the full picture. Thus the metric I will focus on in the coming quarters is customer growth.
The chart below shows the trend CrowdStrike’s customer growth over the past two years.
You can see that CrowdStrike has been able to double its customers year over year every quarter with remarkable consistency.
Management remains confident that CrowdStrike will continue to gain new customers; one cohort of customers that CrowdStrike has its eyes on are disgruntled Symantec customers who are looking to shift from legacy products to next-gen cybersecurity vendors, a trend accelerated by the uncertainty caused by Broadcom’s acquisition of Symantec.
CrowdStrike’s ability to continue with strong customer growth is a key part of the bull thesis on this company. Given the tailwinds from Broadcom’s Symantec acquisition, and the strongly upbeat commentary from the management, any noticeable slowdown in customer growth due to a slowing economy may cause the positive sentiment around the stock to shift rapidly.
I am a long-term bull on CrowdStrike because I believe its best-in-class product provides a unique competitive advantage in a secularly growing industry. CrowdStrike’s addressable market is not just limited to traditional endpoint security- CrowdStrike has become a workload protection platform that can protect cloud instances, serverless architectures, and IoT apps. I believe CrowdStrike’s recently announced Falcon for AWS will spur rapid growth for the company in the future.
CrowdStrike is free-cash flow-positive, and has a strong balance sheet with $912 million in cash and an additional $150 million credit facility available. The company can survive a deep economic slowdown, which makes me comfortable as a long-term bull.
However, despite my long-term bullish stance, I am a little surprised to see the stock hold up so well in this volatile market. I believe that the market is currently focused too much on the upbeat management commentary in the 4Q19 earnings call, and is not appreciating the risks from the economic slowdown that are specified in CrowdStrike’s annual report. I wouldn’t be surprised to see customer growth slowing down in the coming quarters as a result of the coronavirus-induced recession, which could sour the extremely positive sentiment around the stock.
CrowdStrike trades at a NTM EV/Forward Sales multiple of around 15, which is in line with or lower than other high-growth cloud peers. However, this multiple is too high for my liking in this uncertain environment. I maintain a neutral stance on the stock in the short term, and would recommend buying the stock on sharp panic-induced dips for your long-term growth portfolio.
Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.