Valuing Idiosyncratic Risk -- The Case of Crowdstrike
Posted: Sun Apr 25, 2021 3:01 pm
Crowdstrike (CRWD) is a modern-day marvel of a company. The financials are stunning.
Consider some materials from the Crowdstrike Investor Briefing on April 8
Webcast (95 min):
Presentation deck: https://ir.crowdstrike.com/static-files ... ce8-4d5d-9...
Here are some of the main take-aways:
CEO George Katz – first 10 min
Outlines how he sees ARR growing from $1B today (fiscal 2021) to $3B+ by 2024 (fiscal 2025) – pg 7-20
Key elements
- Innovate: from 10 modules at 2019 IPO to 19 modules today
- Capture Secular Trends: trends driving demand (security transformation)
- Expand TAM: from $25B at 2019 IPO to $36B today to $44B 2023 with current portfolio to $106B in fiscal 2025 including new offerings
- Gain Market Share & Increase Wallet Share: still early days in customer acquisition vs cloud pioneers (good graph pg 17)
Interesting graph pg 9 contrasts CRWD Revenue Run rate, Rule of 40 and Payback Period vs other “Saul” companies
Briefly discusses Zero Trust Framework (pg 21) and Humio acquisition (pg 24)
CFO Burt Podbere – min 10 thru min 39
Discusses the “math to the path” (to $3B+)
- Pg 36 has an ARR bridge from $1B to $3B ARR FY25 assuming $450M net new ARR each year (= same as in FY21, TTM)
- Pg 37 illustrates how to get to $3B+: each +10% CAGR on net new ARR = +$500M on FY25 ARR
- Pg 40 breaks out customer count growth FY17 --> FY21 for different sizes of customers
- Pg 43 shows ARR growth with top accounts (to be a top 400 ARR customer today, you need a minimum ARR which would have made you a top 25 customer FY17)
- Pg 47 has module adoption graphs FY18-FY21 for 4+, 5+ and 6+ modules adopted
- Pg 54 shows the FY25 targets for various metrics. Most interesting: subscription GM target increased to 77-82%+ (from 75-80%+ at IPO) and (new) Free Cash Flow target at 30%+
Q&A Q&A – min 40 thru min 95
adds some more depth/color if you have the time to listen
* * * *
But Crowdstrike has one glaring issue that other companies like DataDog (DDOG) and CloudFlare (NET) do not (or at least have far less risk of) which is a single tentpole security incident that could destroy Crowdstrike's core business. Put aside whether Crowdstrike could suffer an incident like what happened to Solarwinds (SWI) (from which the company has seemingly recovered), namely being targeted by a nation state for an almost unavoidable hack. Crowdstrike is charged by companies with protecting their crown jewels, meaning that any flaw in their product -- even if it is incidental and immediately corrected -- could cause enormous damage to their brand.
As SaaS investors, we are used to valuing companies based on their revenue growth and annual recurring revenue, but we are not capable of assessing the true quality of their products, especially black box products like security products. Neither are their consumers (here, business looking for security solutions). Right now, Crowdstrike commands a premium on the market in part because its brand is totally unblemished. How much will even one major security incident damage its brand value, and hence its future growth and customer retention?
These are the questions that make me a cautious investor in CRWD.
Consider some materials from the Crowdstrike Investor Briefing on April 8
Webcast (95 min):
Presentation deck: https://ir.crowdstrike.com/static-files ... ce8-4d5d-9...
Here are some of the main take-aways:
CEO George Katz – first 10 min
Outlines how he sees ARR growing from $1B today (fiscal 2021) to $3B+ by 2024 (fiscal 2025) – pg 7-20
Key elements
- Innovate: from 10 modules at 2019 IPO to 19 modules today
- Capture Secular Trends: trends driving demand (security transformation)
- Expand TAM: from $25B at 2019 IPO to $36B today to $44B 2023 with current portfolio to $106B in fiscal 2025 including new offerings
- Gain Market Share & Increase Wallet Share: still early days in customer acquisition vs cloud pioneers (good graph pg 17)
Interesting graph pg 9 contrasts CRWD Revenue Run rate, Rule of 40 and Payback Period vs other “Saul” companies
Briefly discusses Zero Trust Framework (pg 21) and Humio acquisition (pg 24)
CFO Burt Podbere – min 10 thru min 39
Discusses the “math to the path” (to $3B+)
- Pg 36 has an ARR bridge from $1B to $3B ARR FY25 assuming $450M net new ARR each year (= same as in FY21, TTM)
- Pg 37 illustrates how to get to $3B+: each +10% CAGR on net new ARR = +$500M on FY25 ARR
- Pg 40 breaks out customer count growth FY17 --> FY21 for different sizes of customers
- Pg 43 shows ARR growth with top accounts (to be a top 400 ARR customer today, you need a minimum ARR which would have made you a top 25 customer FY17)
- Pg 47 has module adoption graphs FY18-FY21 for 4+, 5+ and 6+ modules adopted
- Pg 54 shows the FY25 targets for various metrics. Most interesting: subscription GM target increased to 77-82%+ (from 75-80%+ at IPO) and (new) Free Cash Flow target at 30%+
Q&A Q&A – min 40 thru min 95
adds some more depth/color if you have the time to listen
* * * *
But Crowdstrike has one glaring issue that other companies like DataDog (DDOG) and CloudFlare (NET) do not (or at least have far less risk of) which is a single tentpole security incident that could destroy Crowdstrike's core business. Put aside whether Crowdstrike could suffer an incident like what happened to Solarwinds (SWI) (from which the company has seemingly recovered), namely being targeted by a nation state for an almost unavoidable hack. Crowdstrike is charged by companies with protecting their crown jewels, meaning that any flaw in their product -- even if it is incidental and immediately corrected -- could cause enormous damage to their brand.
As SaaS investors, we are used to valuing companies based on their revenue growth and annual recurring revenue, but we are not capable of assessing the true quality of their products, especially black box products like security products. Neither are their consumers (here, business looking for security solutions). Right now, Crowdstrike commands a premium on the market in part because its brand is totally unblemished. How much will even one major security incident damage its brand value, and hence its future growth and customer retention?
These are the questions that make me a cautious investor in CRWD.