CrowdStrike Holdings, Inc. (NASDAQ:CRWD) stands out as a leading cybersecurity company, renowned for its AI-powered Falcon platform, which provides comprehensive protection across cloud, identity, and endpoint security. Despite its strong reputation for operational resilience, cutting-edge technology, and significant market presence, the company faced a significant challenge on July 19, 2024. On that day, a software patch led to a widespread outage affecting an estimated 8.5 million Windows devices, which put CrowdStrike's customer trust and market position to the test.

The incident, characterized by the notorious "blue screen of death", disrupted operations at critical infrastructure points such as airports and hospitals. The fallout was immediate and severe: U.S. airlines cancelled approximately 3,400 flights on Friday, followed by an additional 2,000 cancellations on Saturday. The anger and disappointment directed at CrowdStrikeand to a lesser extent, Microsoft (MSFT)were evident. As a result, CrowdStrike's shares plummeted by more than 40% in the days following the incident.

As nearly two months have passed since the disruptive July 2024 outage, investors were eagerly awaiting CrowdStrike's earnings report and the annual Fal.Con conference to assess the company's recovery and outlook. With the incident still fresh in many minds, CrowdStrike used this year's event to showcase its strategy for addressing the crisis and bolstering its product offerings.

The July Event

On July 19, 2024, CrowdStrike rolled out a "sensor configuration update" to its Falcon Sensor that unintentionally disrupted 8.5 million Windows devices, including those used in airports and hospitals. This outage had a global impact, affecting industries such as airlines, banking, healthcare, and financial exchanges. The root cause was a defect in a single content update for Windows hosts, and it was not a result of a cyberattack! The fallout led to a sharp stock decline, with shares dropping by over 40%.

On the positive side, CrowdStrike responded quickly by activating its crisis response plan. CEO George Kurtz took full responsibility, focusing on transparency and rapid resolution. Recovery solutions were implemented within hours, and long-term measures were put in place to bolster the resilience of the Falcon platform.

Despite the immediate reaction from CrowdStrike, the aftermath of the incident continued to affect the company. Businesses faced challenges in recovering from the disruptions and implementing preventive measures for future incidents. The event highlighted the importance of cybersecurity and the potential risks associated with software failures.

While I liked CrowdStrike's response, the company's gesture of offering a $10 gift card to its partners seemed inadequate to me. Some organisations are threatening to file legal action against CrowdStrike, contributing to the ongoing uncertainty. This uncertainty, combined with potential customer attrition and slowed new acquisitions, placed additional pressure on the company's stock price.

This incident revealed just how much trust customers had placed in CrowdStrike, and some of that trust has now been lost. My investing thesis moving forward depends on CrowdStrike's ability to rebuild that customer confidence. Restoring trust won't be easy, but CrowdStrike has taken steps in the right direction. Management addressed this during the call, outlining three key recovery steps:

1. Offering clients greater control over Falcon content deployment, including new granular configuration options for scheduling updates.

2. Improving quality assurance processes to anticipate and address potential issues in future updates.

3. Engaging with two independent third-party security vendors to review the Falcon code and quality processes, aiming to enhance security and resilience.

Financial Performance

Despite the July incident, CrowdStrike's Q2 2025 financial performance remained strong. It is important to note that the outage occurred just eight business days before the end of the quarter, and its impact on Q2 numbers was minimal.

For Q2 2025, CrowdStrike reported revenue of $964 million, exceeding guidance by 1% and reflecting a 30% year-over-year (YoY) growth. Annual Recurring Revenue (ARR) increased by 32% YoY, reaching $3.86 billion. The company also achieved a record non-GAAP operating income of $227 million, marking a 46% YoY growth, and continued its streak of GAAP profitability for the sixth consecutive quarter.

Remaining Performance Obligations (RPO) showed continued growth, indicating that customers did not significantly withdraw future business immediately following the outage. RPO reached $4.9 billion, a 36% YoY increase. Module adoption rates remained strong, with customers adding more Falcon modules to their protection portfolios. Notably, 48% of large customers spending $100,000 or more annually with CrowdStrike utilize eight or more modules.

Source: CrowdStrike

Customer Retention

CrowdStrike serves a wide range of clients, including over 70% of the Fortune 100, 18 of the top 20 banks, and 44 out of the 50 U.S. states. The company enjoys strong customer loyalty, as evidenced by its impressive 98% gross retention rate.

At the Fal.Con conference, CEO George Kurtz revealed that pipeline activity had returned to pre-incident levels, driven by Falcon Flex, which is increasing customer commitment and ARR growth. Recently, the company secured significant deals, including one with a major enterprise software firm that increased its contract value by over $110 million for the next five years. Another Fortune 500 company boosted its contract from $2.3 million to over $20 million in a similar period.

Management emphasized that CrowdStrike is still in the early stages of Falcon Flex adoption, providing ample opportunity for growth. The company's cloud security, identity protection, and next-gen SIEM offerings are projected to contribute significantly to ARR. These segments are expected to represent 50-65% of total ARR by FY2031, up from around 25% today.

Guidance and Outlook

Following the incident in July 2024, I was particularly keen to see how CrowdStrike would adjust its guidance for FY25. The latest management guidance, which was reinforced during the Fal.Con event offers a mixed view:

Source: Created by author based on company's earnings presentation

CrowdStrike now expects FY2025 total revenue to be $3,896 million, down from the previous guidance of $3,994 million. This represents a 2.44% decrease. While this adjustment might seem concerning, it actually indicates that the impact on overall revenue is relatively modest, indicating that the company is not losing significant contracts in the wake of the incident.

The revised guidance for non-GAAP net income has been lowered to $913 million from $999 million, reflecting an 8.55% drop.

Source: CrowdStrike

To me, this reduction seems to account for one-time costs related to managing the fallout from the incident, such as customer compensation and operational disruptions.

Management reiterated their long-term goal of achieving $10 billion in ARR by FY2031, driven by Falcon Flex and key product modules. Despite short-term challenges, I believe the projected revenue decline is relatively minor when compared to the broader market reaction. Additionally, CrowdStrike's management has a track record of under-promising and over-delivering, leading me to believe they have guided conservatively due to current uncertainty but may exceed expectations as they have in the past.

Source: Yahoo Finance

Valuation

CrowdStrike is still in the early stages of profitability, so one of the best metrics to consider is the price-to-sales (P/S) ratio. At present, the stock trades at a TTM P/S ratio of around 21x and a forward P/S of approximately 17x. While these values may seem high on an absolute basis, they are actually at the low end of CrowdStrike's historical range. I believe CrowdStrike can maintain a P/S of around 17x, and with revenue expected to grow by 25% annually over the next 3 to 5 years, I estimate that the stock could deliver an annualized return of 15% or more. CrowdStrike has never been a "cheap" stock, and investors are willing to pay a premium for companies like this.

Source: FinChat

Using a discounted cash flow (DCF) method with two approachesone based on a multiples method and the other on a perpetuity growth model, I arrived at a target price between $345 to $364 per share, offering a potential upside of approximately 19%. This target aligns with pre-incident valuations and reflects investor sentiment, tempered by the uncertainty surrounding CrowdStrike's recovery.

Source: Author

My take

CrowdStrike's prompt and effective response to the July incident demonstrated its operational resilience and commitment to transparency. After reviewing the company's earnings calls and the updates from the Fal.Con event, I remain confident in CrowdStrike's ability to lead in key cybersecurity segments. In my opinion, most of the sell-off in CrowdStrike's stock is exaggerated and not fully justified by the company's performance. Its AI-powered Falcon platform continues to provide exceptional value to customers. An IDC study shows that for every $1 invested in a Falcon XDR Platform, customers saved $6. I also believe that CrowdStrike will maintain its strong Rule of 60 (revenue growth rate + FCF margin) in the coming quarters.

In summary, despite the recent setback, c space in my opinion. With the situation now stabilized and pipeline activity restored to pre-incident levels, my conviction in CrowdStrike's long-term trajectory has been reinforced. As such, I am optimistic about CrowdStrike's future prospects.

• Warning! GuruFocus has detected 3 Warning Sign with CRWD.

This article first appeared on GuruFocus.