CrowdStrike has had a rough few weeks. About a month ago, they released a stupid software update, causing the world to come to a standstill for a few hours. After costing their customers hundreds of millions, if not billions, of dollars, they’re set to report earnings today, August 28th, 2024. And I’m willing to bet these will be Schrödinger’s earnings: simultaneously ugly and pretty.
Let’s be clear: the software update was not pretty. CrowdStrike pushed an update that wasn’t thoroughly vetted; it’s unclear whether it just slipped through quality control or if quality control wasn’t conducted at all. CEO George Kurtz went on news channels to apologize for the update, taking full responsibility and promising to update procedures. There was no deflecting. Kurtz did something remarkable in damage control: he didn’t make it worse.
The impact of a CEO’s response to a public event can be a make-or-break moment for the company’s image. Take BP’s disastrous handling of the Deepwater Horizon oil spill as an example. The company’s tone-deaf response turned BP into a punchline, with even South Park parodying the CEO’s ineffective apologies. That incident left a lasting stain on BP’s reputation, and it’s now a textbook case of how not to handle a crisis. Decades later, BP is still dealing with the fallout, both in public perception and in boardrooms discussing crisis management.
CrowdStrike made a terrible mistake; both in its scale and sheer impact. Hospitals went offline; people probably died. Yet, Crowdstrike’s impact has been mostly forgotten in the public eye. That allows it to move forward, which takes us into the article’s point: its earnings today.
Crowdstrike’s earnings face two immediate risks: legal costs and future customer growth.
Starting with legal costs, Crowdstrike is likely shielded from a significant portion due to its contract strategy. Parametrix, an insurance and analytics firm, estimates that the insurance policies held by Crowdstrike’s customers will cover, at most, 20% of the losses stemming from the outage. This leaves a substantial gap that could lead to legal challenges. However, Crowdstrike’s contracts likely include clauses that limit their liability significantly. While customers may be able to request refunds on software licensing fees, their ability to sue Crowdstrike is constrained by the terms-of-service agreements they’ve signed.
I think that if CrowdStrike says something very simple, like, ‘We estimate that our legal exposure to the risks will be $1-2 billion,’ the market will likely respond positively. It will be better than expected.
Moving on to customer satisfaction and growth, there are additional risks to consider. An immediate risk to CrowdStrike’s profits is that customers may request refunds for their fees, as stipulated in their contracts. CrowdStrike is likely to honor these requests without too much resistance. This could impact profits in the short term. However, the market is forward-looking and tends to focus on future potential rather than just current issues. The key will be how CrowdStrike manages customer relations and growth prospects going forward.
I don’t anticipate many customers defecting from CrowdStrike to other vendors. CrowdStrike is considered the best in the industry by a wide margin.
From a growth perspective, there should be an impact on customers considering CrowdStrike. New customers evaluating CrowdStrike as a security vendor will likely take more time to make a decision. Risk management and other vendor evaluation processes will now require additional time. While this will diminish their growth pipeline, it will not be substantial. We can expect to see previous growth estimates pushed back.
All of those things being outlined, I think that Crowdstrike will outperform after they report earnings after the bell. Their struggles are real but should be temporary.
Less Dumb Investing 
Leave a comment