I deliberately chose CrowdStrike to kick off my new publication Stock Pitch. The company has been a favorite of mine for almost two years. Besides being the leader for endpoint cybersecurity solutions, CrowdStrike is “a durable cash generator for today and years to come” as the company’s CFO Burt Podbere put it in this month’s earnings call. At its current valuation, CrowdStrike isn’t exactly a bargain. Nevertheless, the firm's underlying stock poses significant upside in today's turbulent markets and is a valuable addition to any serious portfolio.
Long CRWD
CrowdStrike (NASDAQ: CRWD) is the leading endpoint protection platform pursuing a $58 billion market opportunity (projected to reach $126 billion by 2025) and an overall addressable market that grows approximately 10% per year. The company's annual growth rate exceeded 51.96% in 2022. CrowdStrike also strengthens its leadership position by picking up legacy providers’ customers (i.e. from Microsoft), hence increasing its 14.4% overall market share. Notably, the company has posted growing revenue for ten straight quarters. With its significant competitive advantage, pricing power, and incoming cybersecurity regulation, today’s market opening price of $165.71 significantly discounts CrowdStrike shares. My current price target for the coming 12 months lies between $195 (base case) and $235 (bull case), which would result in a year-over-year upside between 17%, and 42% respectively.
Company Background
CrowdStrike is a cybersecurity SaaS company founded in 2011 by former chief technology officer of McAfee George Kurtz. At the core of CrowdStrike’s product offering is the Falcon module which uses artificial intelligence to identify security threats and prevent them. At the basis of this process lies the Threat Graph, which sources data from its customers, and identifies potential security threats. CrowdStrike's platform then builds solutions that it streamlines across its entire customer base. To put this in numbers: CrowdStrike processes over 1 trillion bits of data per day, which then helps identify and stop breaches within minutes. And like the majority of applications built on machine learning, the more customers use the platform, the more data is available, hence the safer the overall network becomes.
Cybersecurity is essential to modern business which heavily depends on interconnected services and digital supply chain management. CrowdStrike's Falcon is exclusively built as a cloud-native endpoint protection platform, leaning in on the global trend to go digital and move away from local servers. This increase in demand is mirrored in the company's most recent financial performance: Revenue rose 66% in 2021, and annual recurring revenue (a subscription-metric) has risen by 65% in the same period and passed $1.73 billion. Although growth rates are slowing down, a 50% growth rate for 2022 holds still much promise for further adoption and expansion. The company also spreads its wings beyond endpoint security by offering consulting services. Moreover, CrowdStrike partners with companies such as Zscaler (NASDAQ: ZS), Okta (NASDAQ: OKTA), and Cloudflare (NYSE: NET) to increase its addressable market and provide integrated solutions to its customer base.
According to Gartner, CrowdStrike belongs together with Microsoft (NASDAQ: MSFT) to the best-in-class endpoint protection platforms for 2021. Other main competitors include McAfee (taken private in March 2022), and SentinelOne (NASDAQ: S).
Gartner Magic Quadrant for Endpoint Protection Platforms
Investment Thesis
Today there are mainly three key drivers which make CrowdStrike at its current valuation an attractive entry opportunity:
Overall Industry Growth
The need for state-of-the-art cybersecurity has become even more apparent during the pandemic as companies shifted to remote work and their employees were relying on secure data transmission for cloud-based applications. The addressable market is projected to almost grow five times from $25 billion in 2019 to over $126 billion by 2025. The world will not return to an on-site data management strategy and thus remain reliant on cloud computing warehousing companies such as Snowflake (NYSE: SNOW) to take care of their data storage needs. CrowdStrike with its cloud-native Falcon platform will ride the tailwinds of this trend, and as the industry leader pick up a significant share of the industry’s 10% annual market growth rate.
Product Stickiness
CrowdStrike has successfully banked on this increasing demand with a net retention rate of over 120%. The company offers over 20 modules to its customers, ranging from corporate workload security, threat intelligence services, identity and data protection, and IT operations management. 19% of its customer base uses seven or more modules to date, which further showcases impressive upselling as well as a heightened need for in-depth cybersecurity coverage. Half of all Fortune 500 companies already rely on CrowdStrike as an endpoint protection platform. Apart from the existing customer base, CrowdStrike also consistently grows its total subscriber count which currently stands at 17’945, a 57% year-over-year increase.
Free Cash Flow & Profitability
At the core of every investment decision lies one fundamental question: Does this business generate cash? Because in essence, owning a stock is partaking in the profits of such a cash printer. CrowdStrike’s gross margin amounted to 76% in fiscal 2021 and the firm’s cash flow from operations grew 46% year-over-year to a record $215.0 million. Free cash flow grew 34% year-over-year to a new record of $157.5 million or 32% of revenue (basically 32 cents of every revenue dollar is turned into cash). For a hypergrowth company, consistent operating cash flow means that CrowdStrike is less reliant on outside financing and debt. In addition, the company holds $2.15 billion in cash or equivalents, with only $772 million in debt, which further strengthens its balance sheet.
Currently, CrowdStrike is not making a profit on a GAAP basis. However, these losses are diminishing. When stock-based compensation and amortization is removed from the equation, CrowdStrike already posts positive earnings on a non-GAAP basis of almost $1 per share (221% improvement year-over-year). Encouraging are also the reduced operating expenses which lessens any cash bleeding.
Catalysts
I believe that the public market has yet to price in the incredible pricing power which CrowdStrike has in today's inflationary environment, as well as the long-term effects of Executive Order 14028.
Pricing Power
Inflation is currently one of the biggest public concerns. Besides talk of impeding stagflation and a forecasted recession due to the current economic and geopolitical environment, inflation also hits the public markets and its companies. Logically every firm operating in a competitive market with low switching costs will fall victim to a decrease in profitability. However, what virtually any Chief Investment Officer will refrain from doing is cutting back on cybersecurity spending. CrowdStrike as the number one provider of corporate endpoint security could raise its prices within the coming 6 to 12 months to match employees' wages to general price increases and sustain talent.
I believe this would not result in a drawdown of customers as they choose their cybersecurity provider according to quality and expertise, and not necessarily according to the most reasonable price. With the Falcon platform, CrowdStrike's competitive advantage grows right alongside its user base, thus keeping customers loyal to its best-in-class service.
Market Expansion & Long-Term Effects of Executive Order 14028
EO14028 was a landmark decision to unify several initiatives and policies to strengthen the US national and Federal Government cybersecurity posture. It mandates government entities to embrace cybersecurity tools and concepts such as threat hunting, and IT modernization. Moreover, it prioritizes the adoption of cloud technologies. In light of EO14028, the Cybersecurity and Infrastructure Security Agency (CISA) has selected CrowdStrike to secure endpoints and workloads for the agency as well as multiple other major civilian agencies of the US Federal Government. This decision further cements CrowdStrike's leading role in the industry, as well as opens the door for other governmental bodies to consider purchasing its services. Other regulators also turn their eye to cybersecurity requirements to reduce enterprise risk (i.e. SEC disclosure requirements for listed companies).
Valuation
Looking at the valuations and KPIs of cybersecurity leaders shows that CrowdStrike’s share price has plenty of expectations already baked in. Nevertheless with one hand on the Falcon platform and the other on the pricing meter, there is little in the way for CrowdStrike to master its way through the stormy market weather we’re sailing through. In comparison to SentinelOne, CrowdStrike still retains a tremendous first-mover advantage, thus towering over its smaller competitor in size as well as profitability.
Valuation Comparison with SentinelOne
* Microsoft as non-exclusive cybersecurity provider was not listed.
** McAfee not listed as it was taken private in March 2022.
Risk Factors & Mitigation Measures
As with every company, CrowdStrike faces certain risks which would consequently lead to a reevaluation of its share price and this stock pitch. The main risk factors include a successful breach of CrowdStrike and its Falcon platform, as well as abrupt growth deceleration.
Successful Breach For any cybersecurity firm, the biggest risk factor it faces is a successful breach. Not only would this lead to serious reputational damage, but it would also reduce its pricing power, which I listed as a main catalyst for the coming 6 to 12 months.
Abrupt Growth Deceleration CrowdStrike currently grows and expands at an eye-watering pace. As a hypergrowth company, the pace of deceleration has a tremendous impact on valuation and future earnings expectations. If growth rates should diminish quicker than anticipated, and revenue forecasts are reduced, this would have a direct impact on CrowdStrike's current valuation model. A price target between $195 and $235 would be unreasonable.
To mitigate such risks, investors could spread their allocation across industry leaders. Pursue a dollar-cost-averaging strategy in order to catch the mean price for CrowdStrike stock. Or/And closely monitor forecasted revenue growth rates, earnings, as well as market share development.
Avoiding cybersecurity companies altogether would be unwise as it is a vital component to modern business and will not disappear any time soon. For the most risk-adverse, gaining exposure to the industry via Microsoft stock is also a viable option.
For more helpful books on investment, money & personal finance, see book list.
The author owned shares of CrowdStrike Holdings on the publication date of this article. For more information please see our disclosure policy & portfolio tracker.
Invest at own risk.
Comments