Based on my analysis, CrowdStrike Holdings Inc. (CRWD, Financial) is significantly undervalued, as made evident by the GF Value Line and further supported by the long-term growth prospects the company still may have despite the major setback where a faulty configuration update caused approximately 8.50 million devices to crash. The result of this crash was, for instance, 5,500 flights and half a billion dollars in profit for the quarter lost for Delta Airlines (DAL, Financial), among many other companies affected.
Despite this, Warren Buffett (Trades, Portfolio)'s famous adage to “be greedy when others are fearful” applies here, and I think CrowdStrike makes for a strong contrarian value investment right now despite the potential for significant long-term downward momentum as a result of fundamental shifts from the outage. Due to the risks, a smaller allocation is likely wise.
Operational analysis
CrowdStrike experienced a significant IT outage that had widespread repercussions across various industries across the world. It was triggered by a botched software update—specifically, a sensor configuration update for Windows systems.
Management quickly identified the issue and deployed a fix by reverting the problematic update. However, Delta Airlines reportedly hired top attorney David Boies to pursue potential damages from CrowdStrike and Microsoft (MSFT, Financial) due to the significant impact on their operations.
Many other clients may also seek compensation for losses incurred by the faulty update. These claims would be based on the terms outlined in their agreements with CrowdStrike. However, the contracts likely include limitation of liability clauses that cap the company's financial responsibility to the fees paid for their services. That being said, there is now growing concern of class-action lawsuits.
According to data from Parametrix, the global IT outage linked to CrowdStrike is likely to have caused at least $5.40 billion in direct financial losses for Fortune 500 companies, excluding Microsoft. Cyber insurance is expected to cover only 10% to 20% of these losses. This is arguably one of the largest losses in the cybersecurity sector over the past 20 years.
In other words, this outage was extremely significant. However, the stock price contraction from the outage was also significant, which opens up the potential for a value play based on the present depressed sentiment if CrowdStrike can successfully recover.
Financial and valuation analysis
CrowdStrike is certainly cheaper than it has been historically, with a price-earnings ratio without nonrecurring items of 68, almost 50% below its 10-year median of 128.50. Further, its price-sales ratio is now 17.50, down from 25.80 as a 10-year median. This represents a significant value opportunity if sentiment in the market for the stock can recover, which I think it will.
Despite my medium- to long-term outlook, there is undoubtedly going to be customer churn, regulatory and legal fees and customer acquisition issues. That being said, Wedbush Securities' Daniel Ives estimates less than 5% of its customers might go elsewhere. The argument is that “they're such an entrenched player, to move away from CrowdStrike would be a gamble,” according to an article published by CNN Business.
I agree with this sentiment that CrowdStrike is too big to go away. While the mistake was severe, I think the costs have already been priced into the stock. That being said, the event is going to reduce the earnings estimates and, in my opinion, the market has been quite efficient in pricing this in early. I expect the company will achieve about the same alpha as if one invested before the outage happened and had it not occurred. In other words, one is now getting good value and good growth as opposed to the prior exceptional growth at a fair price.
The average 12-month Wall Street price target for CrowdStrike is $361.50, which is 54% upside from the present price of $234.52. This indicates a very strong recovery for the stock is possible. As such, I consider it a buy if investors can tolerate some short-term downside that may still remain from the crisis.
Counterpoints
Major players like Palo Alto Networks (PANW, Financial), Microsoft and Fortinet (FTNT, Financial) could expand their offerings and capitalize on the short-term to medium-term weakness of CrowdStrike. The reputational damage from the outage could lead to a loss of market share as customers switch to competitors. This could induce pricing pressure, which may reduce its margins.
Further, there are signs of slowing revenue growth for CrowdStrike as its year-over-year growth in subscription customers and new new annual recurring revenue has been declining; this is likely to be exacerbated by the outage. Analysts also estimate there will be deferred revenue of $20 million to $30 million in the second quarter of 2025 due to the crisis.
Many of the negative factors are making investors rightly cautious about the company's valuation. While it is currently selling for cheaper than it was historically, it is still incredibly expensive compared to the wider industry. For example, its price-earnings ratio without NRI of 68 is far higher than the sector median of 25.50. The crisis could call into question the long-term valuation of CrowdStrike and, as a result, the price compound annual growth rates could become much more moderate as a result due to inhibitions in valuation multiple expansion and the possibility of further contraction. As a result, it is conceivable that the stock will underperform the market over the next five to 10 years based on reputational and fundamental factors reducing sentiment and the valuation.
Contrarian alpha potential
It is not uncommon for there to be significant alpha potential during periods of crisis, like currently with CrowdStrike stock. Reduced sentiment is exactly what value investors look for, and I think the stock has the right long-term catalysts to allow it to succeed despite the recent calamity.
The total addressable market for cybersecurity is estimated to reach between $1.50 trillion and $2 trillion, according to McKinsey. Currently, only a fraction of this market is captured, which presents a significant opportunity for future expansion with CrowdStrike. Cyberthreats are also becoming more sophisticated, with new artificial intelligence-backed malware capabilities. In my opinion, as the company is one of the leaders in the field and many customers are already heavily reliant on it, it is unlikely to be discarded due to the recent failure, despite it being severe.
Amid growing digital reliance and trends in AI, automation and robotics, CrowdStrike is a good long-term contrarian value play. This might sound paradoxical to those who are looking at its valuation ratios compared to historically, but the opportunity is based on the market's sentiment. I think it is likely to refortify toward where it was before the crash over the next 12 months. The valuation is not cheap compared to the industry, but it is cheap compared to its history, the latter of which arguably matters much more.
Conclusion
I had a favorable investment thesis on CrowdStrike prior to the recent crisis. Now, my outlook is still favorable, but the thesis has changed from one based on pure high growth to one based on value and growth. As a result, I expect investors who bought in at price levels just prior to the crash will not be likely to achieve long-term alpha. However, if investing at present, the potential for 12-month alpha is high and I think the potential for long-term alpha is moderate.