Joseph Taylor: Hi, Ahmed. We're here to talk about CrowdStrike (NAS: CRWD) today. It's been an eventful few weeks for the stock and we'll cover some of those issues shortly. But can you first explain what CrowdStrike does?

Ahmed Khan: For sure. Nice to be here, Joseph. So, CrowdStrike is eventually an endpoint security vendor. In layman terms, you can think of endpoint security as just an updated or a new version of antivirus software. Historically, we had McAfee, Kaspersky, Norton antiviruses, and then that market evolved into endpoint security, which is just a software application that you can download on an endpoint. Think tablet, laptop, phone, server. That's what CrowdStrike does.

“CrowdStrike's gross retention, which essentially measures the stickiness of its customers, is one of the highest in the overall software universe, not just the security overall software.”

Taylor: CrowdStrike was in the headlines recently because an update led to issues with Microsoft Windows, which led to a lot of IT outages worldwide. What will the impact of that be on the business?

Khan: So the exact financial impact, we're going to have a better sense of when we get to CrowdStrike's earnings, which are going to be at the end of August. Our initial sort of hypothesis is that long-term CrowdStrike's going to be okay. There are going to be some near-term headwinds or issues that the company may run into because CrowdStrike has been expanding beyond endpoint security in other adjacent markets. So some of those upselling motions may be impacted, but long-term, we think that the company's a high-quality moaty business that is going to be just all right.

Taylor: And in your research report, when you're talking about the moat, switching costs play a big part in that. Could you maybe explain why the switching costs are so high for CrowdStrike customers?

Khan: First of all, let me just throw a stat out there. CrowdStrike's gross retention, which essentially measures the stickiness of its customers, is one of the highest in the overall software universe, not just the security overall software. So their gross retention metric is north of 98%. And that goes to show the high customer switching costs that exist for the business. Some of the things underpinning those customer switching costs are change management. If you want to switch from CrowdStrike over to SentinelOne or Palo Alto or Microsoft, you're going to run into a lot of issues where your cybersecurity analysts or your engineers, they have to transfer your entire security apparatus from one vendor to the other. And that typically carries a lot of disruption risk, handover risk in that period. And typically companies want to avoid that as long as the solution that they have is a high-quality one, which CrowdStrike over multiple years has proven itself to be.

“Companies have IT outages frequently enough. What matters more is how the company actually reacts to the incident and helps its customers recover.”

Taylor: So you said that they've proven their quality over a few years, but would the latest outage raise some doubts on that point and maybe lead customers to maybe consider switching?

Khan: For sure. I think some of the exact financial fallout, we're going to have a better sense of when we get to the end of August, when the company reports and sort of talks more about customer conversations, et cetera. But if you think about what drives security decisions and who are the actual individuals within a business that make security decisions and you actually talk to those industry practitioners, what they'll tell you is that what they're looking for, because companies have IT outages pretty regularly or not regularly, but frequently enough, what matters more is how the company actually remediates, how the company actually reacts to the incident and how the company sort of like helps its customers recover from the incident itself. And we think that talking to industry practitioners, we think that the sense is that CrowdStrike has done a decent job in some of those remediating steps with its customers.

“As more endpoints join the system that actually improves the security outcomes, which then attracts more customers. That's where we see a virtuous cycle and a network effect developing for CrowdStrike's Falcon platform.”

Taylor: So the other note source you talked about was network effects and you said that there might be some element of a network effect in the Falcon software. Can you maybe explain that a little bit?

Khan: Yeah, I mean, as the name kind of suggests, so essentially what CrowdStrike does is it crowdsources intelligence from all its various endpoints across the globe. All of that data streams into the centralized cloud. And if let's say, you know, your laptop has a new threat signature, something new, a new attack, and both of us are endpoint customers for CrowdStrike, my laptop or my endpoint will immediately get updated. So if that attack comes in my laptop, my agent or my endpoint agent knows exactly how to block it. As more endpoints join the system that actually improves the security outcomes, which then attracts more customers. And that's where we see a virtuous cycle and a network effect developing for CrowdStrike's Falcon platform.

Taylor: So two of the real long term growth drivers here are the secular spending on cybersecurity and also CrowdStrike's ability to land and expand. That's their upselling. We've heard about increases in cybersecurity spending for many, many years now. How much further does that trend have to go?

Khan: Yeah, I mean, it's quite interesting, right? Because cybersecurity spending has just been going up and up over the over the last many years and we don't see that trend stopping anytime soon. If you think how the threat landscape has changed in the last few years or even more recently in the last year, think of the high-profile breaches that have occurred at Ticketmaster or Caesars or United Health, which was the first $1 billion security breach, right? So companies are increasingly understanding that, hey, like we need to have top of the line cybersecurity and we need to have the best highest quality vendors out there and we need to take this area of spending more seriously because you don't want to be on the front page of the Wall Street Journal with news about a breach of your company's security infrastructure.

“We think vendor consolidation is still in a very early innings… and consolidating security spend obviously benefits larger, more established platform vendors such as CrowdStrike, Palo Alto, Fortinet and so forth."

Taylor: So we've talked a fair bit about the outage and obviously the second issue that hit CrowdStrike stock recently was the global market volatility. The shares have now fallen to a price that's quite a way below your fair value estimate. What do you think are the main two or three factors that will affect the stock going forward?

Khan: So in the near term, I think, you know, as the company reports earnings in August, if it's able to assuage some of the concerns that investors have, whether they're related to legal liabilities, whether they're related to customer churn, we think that that could potentially be a catalyst for recovery in the stock price. But when we're thinking about – at Morningstar, we try to think about the long-term horizon and how the company is going to do and what the long-term drivers are. There's just a couple that I would point out. The first one is this idea of vendor consolidation, which we think is still in very early innings when we're thinking about cybersecurity. So cybersecurity is a very fragmented market, and companies have dozens of cybersecurity vendors, and they want to consolidate that footprint primarily due to the fact that it leads to poor security outcomes, right? You have like different security vendors providing their own solutions and it ends up creating data silos, which companies want to avoid by consolidating more of the security spend, which obviously benefits larger, more established platform vendors such as CrowdStrike, Palo Alto, Fortinet and so forth. And the second driver that I'd point out is AI. And I know everyone likes throwing out AI these days, but really we think that if you look at the new threat vectors that are opened up as hackers are increasingly using AI for nefarious means, companies have to invest more in security to counter that threat, which again is going to be a tailwind for larger, more capitalized vendors like CrowdStrike that have access to the best data, which they can use to train their own LLMs and their own AI models.

Taylor: So I guess the story here is that the short-term uncertainty, but the long-term drivers remain very much intact.

Khan: Yep, for sure.

Taylor: Thank you very much, Ahmed.

Crowdstrike Holdings ★★★★

  • Economic moat: Narrow
  • Fair Value estimate: USD 320 per share
  • Share price on August 9: USD 240 per share
  • Uncertainty: High

Morningstar Investor users can read Ahmed Khan's full analysis of Crowdstrike here.

Investments such as shares and funds should only be considered as part of a deliberate investing strategy. Go here for a step-by-step guide to crafting yours. 

Terms used in this interview

Star Rating: Our one- to five-star ratings are guideposts to a broad audience and individuals must consider their own specific investment goals, risk tolerance, and several other factors. A five-star rating means our analysts think the current market price likely represents an excessively pessimistic outlook and that beyond fair risk-adjusted returns are likely over a long timeframe. A one-star rating means our analysts think the market is pricing in an excessively optimistic outlook, limiting upside potential and leaving the investor exposed to capital loss.

Fair Value: Morningstar’s Fair Value estimate results from a detailed projection of a company's future cash flows, resulting from our analysts' independent primary research. Price To Fair Value measures the current market price against estimated Fair Value. If a company’s stock trades at $100 and our analysts believe it is worth $200, the price to fair value ratio would be 0.5. A Price to Fair Value over 1 suggests the share is overvalued.

Moat Rating: An economic moat is a structural feature that allows a firm to sustain excess profits over a long period. Companies with a narrow moat are those we believe are more likely than not to sustain excess returns for at least a decade. For wide-moat companies, we have high confidence that excess returns will persist for 10 years and are likely to persist at least 20 years. To learn about finding different sources of moat, read this article by Mark LaMonica.

Uncertainty Rating: Morningstar’s Uncertainty Rating is designed to capture the range of potential outcomes for a company. An investor can think of this as the underlying risk of the business. For higher risk businesses with wider ranges of potential outcomes an investor should consider a larger margin of safety or difference between the estimate of what a share is worth and how much an investor pays. This rating is used to assign the margin of safety required before investing, which in turn explicitly drives our stock star rating system. The Uncertainty Rating is aimed at identifying the confidence we should have in assigning a fair value estimate for a stock. Read more about business risk and margin of safety here.