CrowdStrike's Service Disruption Tests its Resilience, Yet the Business Faces a More Severe Predicament Now
This year has been quite a rollercoaster for cybersecurity company CrowdStrike (CRWD shedding 1.41%). During the initial six months, the company's stock soared by an astonishing 50%. However, this momentum was significantly halted in July following the revelation of a glitch within CrowdStrike's software, causing widespread disruptions for numerous clients and causing substantial damage to the company's reputation.
Despite these setbacks, CrowdStrike's shares have staged a remarkable resurgence in the latter half of 2024, with a commendable 39% gain as of market closure on Dec. 27. This performance surpassed both the S&P 500 and Nasdaq Composite.
Although CrowdStrike seems to have managed the aftermath of its customers' issues in the summer, a new challenge looms on the horizon. I will delve into CrowdStrike's competitive landscape and discuss why one up-and-coming player could present a significant threat.
Is this company giving CrowdStrike a run for its money?
Although the cybersecurity sector is overly competitive, you may not be familiar with a startup named Wiz. Despite encryption surrounding information regarding private enterprises, Wiz stands out due to its esteemed group of investors, prominent clientele, and remarkable growth rate.
Wiz has managed to secure investments totaling billions of dollars from some of the most prominent venture capital (VC) firms globally, including Sequoia Capital, a16z, and Lightspeed Venture Partners. Luminaries such as Fortune 100 companies have signed on as Wiz's customers, and reports suggest that the company has breached the $500 million mark in annual recurring revenue (ARR). Earlier in the year, rumors swirled about a potential $23 billion acquisition bid from Alphabet; however, Wiz's management chose to decline this offer.
Although Wiz's achievements appear unstoppable, I encourage caution for CrowdStrike investors before hitting the panic button. Below are some key points for CrowdStrike investors to consider.
Tread cautiously with the financials
Generally, software companies acquire revenue from two primary sources: software licenses and professional services. While software revenue is highly profitable with low maintenance costs and recurring subscriptions, professional services revenue oftentimes bears low margins and tends to be non-recurring.
Given the disparity between software and services, software companies generally focus on highlighting growth in ARR. However, it's essential to consider ARR with a level of skepticism.
ARR is a non-GAAP (adjusted) measure, meaning it will not appear in any SEC filings. This discrepancy arises because software revenue is recognized under certain GAAP rules, while a company has the freedom to define ARR at their discretion. Consequently, while ARR may provide a general sense of a company's revenue, such a figure should only be viewed as an estimate.
Although Wiz boasts an impressive $500 million ARR, CrowdStrike far surpasses this figure, with $4 billion ARR and generating nearly $1 billion in subscription revenue (non-ARR). It's challenging to determine Wiz's true size; however, the undeniable fact is that CrowdStrike is a much larger operation.
Understanding the distinction between Wiz and CrowdStrike
It's worth noting that the competition between Wiz and CrowdStrike is not predominantly direct. The primary focus of CrowdStrike revolves around endpoint security, protecting devices such as laptops and corporate phones from malware. In contrast, Wiz predominantly addresses cloud infrastructure by identifying vulnerabilities in cloud-based workloads across platforms like Microsoft Azure, Amazon Web Services, and Google Cloud Platform.
What insights can CrowdStrike's valuation offer?
Although Wiz poses a potential threat, I anticipate that the total addressable market (TAM) for cybersecurity will continue to expand exponentially, particularly as artificial intelligence becomes more prevalent. This development hints at multiple cybersecurity winners over the long term. Furthermore, there may be instances where a company could utilize a combination of both Wiz for cloud infrastructure and CrowdStrike for specific endpoints.
In the graph above, I've compared CrowdStrike against its peers in the cybersecurity sector, utilizing a price-to-sales (P/S) ratio. As the graph attests, CrowdStrike is ranked among the costlier stocks in this category, virtually on par with Cloudflare.
Although this valuation premium might indicate that CrowdStrike stock appears expensive, I view things differently. The rebound in the stock throughout the second half of the year is indicative of the company's resilience and management's ability to successfully navigate the major hurdle posed by the outages.
Moreover, the premium reflects investor optimism about CrowdStrike's future and their conviction that the company's trajectory remains unfazed in the face of a fiercely competitive landscape.
Despite the financial advantages CrowdStrike holds over Wiz, the up-and-coming startup has attracted significant investment and gained notable clients. Wiz secured billions of dollars from prominent venture capital firms and surpassed $500 million in annual recurring revenue, although its true size remains uncertain.
While Wiz primarily focuses on cloud infrastructure vulnerabilities, CrowdStrike excels in endpoint security. As the total addressable market for cybersecurity continues to grow, both companies could potentially benefit, potentially even from collaborating in certain scenarios.
