Updated, July 19, 2024: This post has been adjusted to include a more recent statement from CrowdStrike, containing an apology from the company’s CEO.
Shares of Austin, Texas-based cybersecurity giant CrowdStrike fell 13% in pre-market trading on July 19 after suffering “a major outage affecting businesses globally,” reported CNBC.
This outage has paralyzed computers around the world, stunting operations for industries including “airlines, hospitals, retailers and other businesses,” according to the New York Times.
The outage is due to problems with systems from Microsoft and CrowdStrike. “Two incidents in quick succession with Microsoft systems added to the confusion,” noted the Times.
How so? On July 18, some U.S.-based Microsoft clients including airlines were affected by an outage in Microsoft’s Azure cloud service system. Microsoft’s cloud service status page indicated the company had identified the preliminary cause, the Times reported.
“Some users may still be unable to access certain Microsoft 365 apps and services, including Teams video conferencing,” added the Times.
The company was aware of the issue “affecting a subset of customers,” a Microsoft representative said in a statement. “We acknowledge the impact this can have on customers, and we are working to restore services for those still experiencing disruptions as quickly as possible.”
Separately, on July 19 many Windows devices experienced problems involving CrowdStrike, the Azure status page noted. “We’re aware of an issue affecting Windows devices due to an update from a third-party software platform,” according to a Microsoft representative. “We anticipate a resolution is forthcoming.”
CrowdStrike — which supplies cloud-based antivirus software for endpoint devices such as PCs and laptops — said the outage “resulted from an issue with the latest update,” noted CNBC. The company is now rolling back that update — known as Falcon Sensor — globally, added CNBC.
CrowdStrike’s CEO emphasized that the incident was not a cyberattack. “We are actively working with customers impacted by a defect found in a single content update for Windows hosts,” CrowdStrike CEO George Kurtz said in a statement.
“This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption,” he added.
Will customers cancel their CrowdStrike contracts? Will the company provide financial compensation to its customers? If so, how much will this outage affect CrowdStrike’s growth and profitability?
In response to these questions, a Crowdstrike spokesperson issued a statement via email, saying: “We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.”
“We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers,” the spokesperson added.
Despite lingering questions about the outage, here are three reasons the drop in the company’s stock could be a buying opportunity:
- CrowdStrike’s expectations-beating performance and prospects;
- My assessment of Kurtz based on my interview with him prior to the company’s 2019 initial public offering; and
- A cybersecurity expert’s estimate of the minimal economic and legal costs to CrowdStrike.
The Global Tech Meltdown’s Impact And Possible Cause
While a detailed timeline of what caused the global tech meltdown may emerge in the future, the initial hypothesis traces the problem to a software update from CrowdStrike which “appears to cause device outages for millions of users of Microsoft Windows devices,” according to the Wall Street Journal.
The Global Tech Meltdown’s Consequences
Many Windows users subscribing to Microsoft 365 apps and services have been affected by errors featuring a blue screen of death. Businesses, banks, airlines and emergency services across the world were among the millions of Windows users grappling with “a major IT outage Friday,” noted the Journal.
The outage has affected airlines and providers of news services — among others. The Federal Aviation Administration issued “ground-stop orders for Delta Air Lines, United Airlines and American Airlines,” reported the Journal.
The London Stock Exchange’s RNS news service — which reports earnings and executive changes — was down. Moreover, the U.K.’s Sky News was unable to broadcast live television, according to chair David Rhodes’ post on X.
What Caused This Outage?
To scan for threats, cybersecurity software such as CrowdStrike’s requires “deep-level access to a computer’s operating system,” CNN reported.
Computers running Microsoft Windows “appear to be crashing because of the faulty way a software code update issued by CrowdStrike is interacting with the Windows system,” CNN noted.
The company’s engineers took action to address the problem, according to an advisory viewed by CNN, which told customers to reboot their computers and perform other actions if they were still having technical issues.
The issue is specific to CrowdStrike’s Falcon — which is intended to protect files saved in the cloud — “and is not impacting Mac or Linux operating systems,” CNN reported.
CrowdStrike’s Strong Performance And Prospects
CrowdStrike has been a very successful company and a highly profitable stock investment for those who bought in at the company’s June 2019 IPO.
Between 2019 and 2024, CrowdStrike’s twelve months’ trailing revenue as of the end of April has increased at a 62% average annual rate from $300 million to $3.3 billion, according to Macrotrends. During that time, the company’s net margin has steadily improved from -44.4% to 4%, Macrotrends notes.
Since the company’s IPO, its share price has risen at a 39% average annual rate from $64 to $343.
In the company’s most recent quarter, CrowdStrike exceeded expectations and raised guidance. Specifically, the company’s revenue increased 33% to $921 million — 1.8% more than analysts expected while its earnings per share of 17 cents were 4.4% more than Wall Street estimates, noted Google Finance.
CrowdStrike’s guidance for the July-ending quarter and the full year were both higher than expected. The company predicted revenue “in a range of $958.3 million to $961.2 million, just above estimates for $955 million,” reported Investor’s Business Daily.
Moreover CrowdStrike raised full year revenue guidance to $3.993 billion — representing 30.7% growth — slightly ahead of “its earlier outlook of $3.957 billion,” noted IBD.
Why Kurtz Could Lead CrowdStrike Stock Higher
The CrowdStrike story was highlighted in my 2019 book, Scaling Your Startup. It’s a tale of Kurtz’s cybersecurity industry thought leadership which helped his company take the lead in a very crowded $35 billion market for endpoint security, according to a June 2019 Forbes post.
Kurtz had prior startup success in his background. He started his career as a CPA at Price Waterhouse and wrote a best-selling book about Internet security, Hacking Exposed: Network Security Secrets & Solutions, he told me.
Kurtz started FoundStone in late 1999 and sold it to McAfee for $86 million in 2004. He was a general manager at McAfee for seven years and was asked three times to be chief technology officer — an offer he ultimately accepted.
In 2011, he assembled a team to start CrowdStrike — intending to provide endpoint security via the cloud. The company was growing at triple-digit rates because its product excelled compared to rivals.
How so? CrowdStrike was rated “the highest in ability to execute and furthest in completeness of vision in the Visionaries Quadrant,” according to the January 2018 Gartner Magic Quadrant for Endpoint Protection Platforms.
Although CrowdStrike was losing money, its culture was strong. “We’ve been recognized for our culture by Fortune,” Kurtz told me.
“We encourage people to believe in the mission — we help protect our customers from the bad guys; we’re revolutionizing security and making a difference. We created a culture team of our spiritual leaders who know everyone in the company and talk about how we are operating according to our values,” he added.
Kurtz also took pride in the company’s service to customers. “Customer success is important to us and we give them white glove treatment — Gartner rates us 4.85 out of 5 on customer satisfaction,” he told me in 2019.
My guess is customers are less satisfied with CrowdStrike at the moment and the longer-term implications for the company’s growth are unclear.
The world’s cybersecurity infrastructure is fragile and software companies are not liable for problems. “This is a very, very uncomfortable illustration of the fragility of the world’s core internet infrastructure,” Ciaran Martin, the former head of Britain’s National Cyber Security Center, told the Times.
What’s more, major outages and cybersecurity incidents have proportionally small economic and legal costs to software companies. “Until software companies have to pay a price for faulty products, we will be no safer tomorrow than we are today,” Martin told the Times.
If this problem is fixed quickly and does not affect the company’s financial performance and prospects, the June 19 stock price drop could be a buying opportunity.