The Deceptive Glow of a Cybersecurity Recovery

Editor's note: Every Friday, we showcase a featured topic from our YouTube show, Altimetry Authority.

This week, we tackle an infamous cybersecurity outage from last summer... and why investors may be a little too quick to move on.

Read on below...

In July 2024, a single software update triggered a global information-technology meltdown...

The faulty code, issued by CrowdStrike (CRWD), sent millions of Windows PCs and servers offline – grounding planes, halting factories, and freezing government systems across the globe.

It was one of the most severe outages in recent memory. To say it rattled confidence in one of the industry's most trusted names is putting it mildly. CrowdStrike's stock tumbled almost 40% in two weeks as the damage spread.

But just months later, many analysts flipped the narrative... They issued upgrades and praised the company's rapid response. They declared the worst to be behind it.

The market seems to agree with Wall Street. Shares are up more than 70% since last summer's panic, even amid recent volatility.

So today, we'll delve into CrowdStrike's recent performance... and determine whether investors really understand what's going on with this business.

CrowdStrike's strong numbers don't erase the risks...

There's no denying the company's recent performance has been impressive. Third-quarter revenue climbed 29% year over year ("YOY"). Customer retention hit 97%.

And in the fourth quarter, reported last month, revenue grew 25% YOY. Customer retention stayed steady at another 97%.

That resilience had Wall Street breathing a sigh of relief. Several major firms issued upgrades... noting that the company has put the outage behind it.

But even though the market has moved on, CrowdStrike hasn't...

Air carrier Delta Air Lines (DAL) filed a lawsuit against CrowdStrike late last year, seeking compensation for operational losses during the July outage.

For all we know, other enterprise clients may be exploring similar options behind closed doors.

The incident also put a dent in CrowdStrike's reputation. And in cybersecurity, trust is everything. Retention remains high today. But customer patience could wear thin if another issue arises.

CrowdStrike is expanding into more sensitive environments like critical infrastructure and government systems. And thanks to last summer's outage, it doesn't have any more room for error.

There are plenty of cyber companies that do what CrowdStrike does... If customers have any doubts about its security, they can switch.

Despite the dangers, investors are looking for a perfect recovery...

CrowdStrike's Uniform return on assets ("ROA") had been around 20% since 2021, well above the 12% corporate average. Returns fell to 14% in fiscal year 2025, which encompassed most of 2024.

That's a significant pullback in a high-demand industry like cybersecurity. But the market doesn't think it will last.

We can see this through our Embedded Expectations Analysis ("EEA") framework.

The EEA starts by looking at a company's current stock price. From there, we can calculate what the market expects from the company's future cash flows. We then compare that with our own cash-flow projections.

In short, it tells us how well a company has to perform in the future to be worth what the market is paying for it today.

Regular readers know we also look at near-term analyst projections. These folks tend to be pretty good at predicting a company's performance over the next two years.

Wall Street believes CrowdStrike's Uniform ROA will fall to 10% in fiscal 2026... and stage a mild recovery back to 16% in 2027.

But investors are ignoring the challenges entirely. They think returns will surpass 60% by 2030.

Take a look...

A 60%-plus Uniform ROA would be an all-time high for the business. It's also 5 times the corporate average.

To reach those returns, CrowdStrike would need to put the recent outage completely behind it. The company would have to accelerate its current growth rate.

And it can't make any more big mistakes.

The road ahead may be more complicated than investors have bargained for...

CrowdStrike is under a lot more regulatory scrutiny these days. And it still has at least one glaring legal liability to deal with.

The market is pricing this company like the outage is ancient history. In reality, it's still dealing with the fallout. And with expectations so high, even a small misstep could have an outsized effect.

Watch this story closely... and from the sidelines. Things will likely get tougher for this cyber giant in the near term.

Regards,

Rob Spivey
April 11, 2025

P.S. We dive deeper into the CrowdStrike story in our most recent episode of Altimetry Authority. Check it out on our YouTube channel right here... and be sure to click the "Subscribe" button.