CrowdStrike in cursed grip of corporate klutz club
The author is a Reuters Breakingviews columnist. The opinions expressed are his own.
By John Foley
NEW YORK, July 24 (Reuters Breakingviews) -Accidents happen all the time. Forgiveness, however, is granted less often. CrowdStrike CRWD.O, the cybersecurity software developer, marks the latest big company to gauge the willingness of investors to move past an unforeseen, value-destroying catastrophe. Others have crafted a roadmap, but not all roads lead back to rehabilitation.
What CrowdStrike CEO George Kurtz described as a “defect” in a routine update last week led to chaos everywhere from banks to hospitals. Some 8.5 million Microsoft-enabled MSFT.O devices were left showing the so-called blue screen of death that signifies something gravely wrong. While a bug-free version had been released little more than an hour later, flights were still being grounded by outage-stricken airlines three days later.
CrowdStrike has lost 20% of its market capitalization in the aftermath. The decline mirrors similar collapses elsewhere. A study by Australian consultant Senate SHJ looked at 70 companies that experienced a crisis, and found that the average stock-price drop was about 12%, but the results are highly dependent on industry and what specifically went wrong. Equifax EFX.N, the credit-scoring agency that suffered a data breach in 2017, and German carmaker Volkswagen VOWG_p.DE, whose emissions data turned out in 2015 to have been falsified, both dropped around 35% in short order.
Miners and drillers tend to suffer the worst, with an average drop of 22%, presumably because their accidents often involve loss of life. BP’s BP.L shares tumbled by half in the two months that followed the 2010 Deepwater Horizon spill. The technology industry is exposed largely because so much depends on unproven future growth. CrowdStrike was trading at 19 times this year’s forecast revenue, according to LSEG, versus just 5 times for software makers overall.
For certain, it could be worse. The easier it is for customers to get what they need elsewhere, the more painful a misstep will be. Chipotle Mexican Grill CMG.N, the U.S. fast-food chain, found out the hard way when its burritos sickened diners in 2015. Within a year, the stock had fallen by almost half, during which time Olive Garden owner Darden Restaurants DRI.N gained about 6%, including dividends, while Domino’s Pizza DPZ.N shares were up by more than 40%. It took Chipotle roughly four years to regain the equity value that had been eaten away.
In CrowdStrike’s case, its $3.1 billion of revenue last year represents only a small portion of what it defines as a $100 billion market. Despite the lack of serious concentration, it isn’t easy to switch cybersecurity providers because of how deeply embedded the software is inside a company’s systems. It means customers are less likely to defect, but it could make it harder to attract new ones, who accounted for almost half of CrowdStrike’s 34% recurring-revenue growth last year.
The type of crisis matters, too. Accounting scandals are particularly damaging because they usually reflect a culture of dishonesty, unlike a glitchy update, which can be pinned on sloppiness. In extreme cases, as with energy trader and utility Enron, the disclosure of real numbers reveals a company that is worthless. Cyberattacks are more variable. A hack on mega-bank JPMorgan JPM.N in 2014 barely fazed shareholders. A data breach at Capital One Financial COF.N in 2019 erased more than 10% from the stock price in a week, but it only took roughly three months to recover.
Whatever the cause, culpability is key. A PricewaterhouseCoopers study in 2020 found that crisis-racked companies roughly split into two groups: winners, whose shares were up around 10% after 250 days, and losers, whose shares were down 15% over the same period. How management behaved in the fallout mostly determined the path.
Sometimes heads roll from the corner office. Equifax jettisoned CEO Richard Smith after a data breach which, he later said, was caused by an “individual” who had failed to heed security warnings. Wells Fargo WFC.N parted ways with boss John Stumpf as the bank tried to recover from years of fraudulently opening customer accounts and other misdeeds. It’s hard to imagine a similar outcome for CrowdStrike, where Kurtz is both founder and owner of 20% of the votes.
Besides, even a full management shake-up takes time. Stumpf’s successor, Tim Sloan, was gone in fewer than three years; Charlie Scharf still hasn’t fixed the problems he inherited. Dave Calhoun, Boeing’s BA.N post-crisis CEO, is stepping down at the end of this year, and his replacement has yet to be found. The aircraft manufacturer’s shares are roughly half where they were before the first of two fatal crashes involving its 737 MAX model in October 2018.
The other way out of a crisis – inevitably – involves spending to prevent more gaffes. The poster child is probably Citigroup C.N, the U.S. bank that has slipped on one banana skin after another, from money laundering to fat-finger trades. Boss Jane Fraser is now trying to address decades of underinvestment in systems and software, and the result is that expenses are chewing up more than two-thirds of revenue, compared with the 60% she is targeting. The bank persistently trades below its net asset value, whereas its biggest rivals command premiums to theirs.
It’s early for CrowdStrike, but the roadmap to rehabilitation is likely to involve both a hit to potential revenue and a rise in costs. Analysts expect the company’s top line to grow at an annual rate of 23% for the next five years, reaching $8.5 billion in 2029, according to Visible Alpha. But say that growth rate falls by 3 percentage points as new customers become hesitant or negotiate harder, crimping revenue to $7.6 billion. Then assume that as CrowdStrike invests to avoid any more blue death-screens, its EBITDA margin falls to 30% from 35%. That would mean profit fell by a quarter, close to what investors are implying.
Even that doesn’t factor in the hard part: convincing shareholders it won’t happen again. For every rogue actor or careless employee, there are usually many negligent or unobservant colleagues who failed to spot the problem. As Citi, Boeing and Wells Fargo have found, demonstrating a genuine change in culture is almost impossible. CrowdStrike’s task now is to persuade the market that its mishap is just a one-off, because the stain of recurring ineptitude is often very hard to remove.
Follow @johnsfoley on X
Graphic: Corporate crises tend to hit fast, and lift slowly Corporate crises tend to hit fast, and lift slowly https://reut.rs/3WydlmB
Graphic: CrowdStrike's valuation leaves little room for error https://reut.rs/3LzLXhN
Editing by Jeffrey Goldfarb and Sharon Lam
Powiązane aktywa
Najnowsze wiadomości
Wyłączenie odpowiedzialności: Każdy z podmiotów należących do XM Group świadczy usługę polegającą wyłącznie na realizacji zleceń i dostępie do naszej internetowej platformy transakcyjnej, umożliwiając danej osobie przeglądanie i/lub korzystanie z treści dostępnych na stronie lub za jej pośrednictwem, co nie ma na celu zmiany lub rozszerzenia tego zakresu, ani nie zmienia i nie rozszerza go. Taki dostęp i korzystanie z niego podlegają w każdej chwili: (i) Warunkom umowy, (ii) Ostrzeżeniom o ryzyku i (iii) Pełnemu wyłączeniu odpowiedzialności. Treści te są zatem podawane wyłącznie jako informacje ogólne. W szczególności należy pamiętać, że treści zawarte na naszej internetowej platformie transakcyjnej nie stanowią oferty ani zaproszenia do zawarcia jakichkolwiek transakcji na rynkach finansowych. Transakcje na każdym rynku finansowym wiążą się ze znacznym poziomem ryzyka dla twojego kapitału.
Wszystkie materiały publikowane na naszej internetowej platformie transakcyjnej są przeznaczone wyłącznie do celów edukacyjnych/informacyjnych i nie zawierają – i nie powinny być uważane za zawierające – porad ani rekomendacji dotyczących finansów, inwestycji, podatków lub transakcji, zapisu naszych cen transakcyjnych, ani też oferty lub zaproszenia do transakcji na jakichkolwiek instrumentach lub niezamówionych promocji finansowych.
Wszelkie treści pochodzące od podmiotów trzecich, jak i treści przygotowane przez XM, takie jak opinie, wiadomości, badania, analizy, ceny i inne informacje lub linki do stron podmiotów trzecich zawarte na tej stronie internetowej są udostępniane na zasadzie „tak, jak jest” jako ogólny komentarz rynkowy i nie stanowią porady inwestycyjnej. W zakresie, w jakim jakakolwiek treść jest interpretowana jako badania inwestycyjne, należy zauważyć i zaakceptować, że treść ta nie była przeznaczona i nie została przygotowana zgodnie z wymogami prawnymi mającymi na celu promowanie niezależności badań inwestycyjnych i jako taka byłaby uważana za komunikat marketingowy w świetle odpowiednich przepisów prawnych i regulacji. Upewnij się, że przeczytałeś(-aś) i rozumiesz nasze dokumenty Powiadomienie o zależnych badaniach inwestycyjnych oraz Ostrzeżenie o ryzyku, dotyczące powyższych informacji, do których można uzyskać dostęp tutaj.