CrowdStrike in cursed grip of corporate klutz club
The author is a Reuters Breakingviews columnist. The opinions expressed are his own.
By John Foley
NEW YORK, July 24 (Reuters Breakingviews) -Accidents happen all the time. Forgiveness, however, is granted less often. CrowdStrike CRWD.O, the cybersecurity software developer, marks the latest big company to gauge the willingness of investors to move past an unforeseen, value-destroying catastrophe. Others have crafted a roadmap, but not all roads lead back to rehabilitation.
What CrowdStrike CEO George Kurtz described as a “defect” in a routine update last week led to chaos everywhere from banks to hospitals. Some 8.5 million Microsoft-enabled MSFT.O devices were left showing the so-called blue screen of death that signifies something gravely wrong. While a bug-free version had been released little more than an hour later, flights were still being grounded by outage-stricken airlines three days later.
CrowdStrike has lost 20% of its market capitalization in the aftermath. The decline mirrors similar collapses elsewhere. A study by Australian consultant Senate SHJ looked at 70 companies that experienced a crisis, and found that the average stock-price drop was about 12%, but the results are highly dependent on industry and what specifically went wrong. Equifax EFX.N, the credit-scoring agency that suffered a data breach in 2017, and German carmaker Volkswagen VOWG_p.DE, whose emissions data turned out in 2015 to have been falsified, both dropped around 35% in short order.
Miners and drillers tend to suffer the worst, with an average drop of 22%, presumably because their accidents often involve loss of life. BP’s BP.L shares tumbled by half in the two months that followed the 2010 Deepwater Horizon spill. The technology industry is exposed largely because so much depends on unproven future growth. CrowdStrike was trading at 19 times this year’s forecast revenue, according to LSEG, versus just 5 times for software makers overall.
For certain, it could be worse. The easier it is for customers to get what they need elsewhere, the more painful a misstep will be. Chipotle Mexican Grill CMG.N, the U.S. fast-food chain, found out the hard way when its burritos sickened diners in 2015. Within a year, the stock had fallen by almost half, during which time Olive Garden owner Darden Restaurants DRI.N gained about 6%, including dividends, while Domino’s Pizza DPZ.N shares were up by more than 40%. It took Chipotle roughly four years to regain the equity value that had been eaten away.
In CrowdStrike’s case, its $3.1 billion of revenue last year represents only a small portion of what it defines as a $100 billion market. Despite the lack of serious concentration, it isn’t easy to switch cybersecurity providers because of how deeply embedded the software is inside a company’s systems. It means customers are less likely to defect, but it could make it harder to attract new ones, who accounted for almost half of CrowdStrike’s 34% recurring-revenue growth last year.
The type of crisis matters, too. Accounting scandals are particularly damaging because they usually reflect a culture of dishonesty, unlike a glitchy update, which can be pinned on sloppiness. In extreme cases, as with energy trader and utility Enron, the disclosure of real numbers reveals a company that is worthless. Cyberattacks are more variable. A hack on mega-bank JPMorgan JPM.N in 2014 barely fazed shareholders. A data breach at Capital One Financial COF.N in 2019 erased more than 10% from the stock price in a week, but it only took roughly three months to recover.
Whatever the cause, culpability is key. A PricewaterhouseCoopers study in 2020 found that crisis-racked companies roughly split into two groups: winners, whose shares were up around 10% after 250 days, and losers, whose shares were down 15% over the same period. How management behaved in the fallout mostly determined the path.
Sometimes heads roll from the corner office. Equifax jettisoned CEO Richard Smith after a data breach which, he later said, was caused by an “individual” who had failed to heed security warnings. Wells Fargo WFC.N parted ways with boss John Stumpf as the bank tried to recover from years of fraudulently opening customer accounts and other misdeeds. It’s hard to imagine a similar outcome for CrowdStrike, where Kurtz is both founder and owner of 20% of the votes.
Besides, even a full management shake-up takes time. Stumpf’s successor, Tim Sloan, was gone in fewer than three years; Charlie Scharf still hasn’t fixed the problems he inherited. Dave Calhoun, Boeing’s BA.N post-crisis CEO, is stepping down at the end of this year, and his replacement has yet to be found. The aircraft manufacturer’s shares are roughly half where they were before the first of two fatal crashes involving its 737 MAX model in October 2018.
The other way out of a crisis – inevitably – involves spending to prevent more gaffes. The poster child is probably Citigroup C.N, the U.S. bank that has slipped on one banana skin after another, from money laundering to fat-finger trades. Boss Jane Fraser is now trying to address decades of underinvestment in systems and software, and the result is that expenses are chewing up more than two-thirds of revenue, compared with the 60% she is targeting. The bank persistently trades below its net asset value, whereas its biggest rivals command premiums to theirs.
It’s early for CrowdStrike, but the roadmap to rehabilitation is likely to involve both a hit to potential revenue and a rise in costs. Analysts expect the company’s top line to grow at an annual rate of 23% for the next five years, reaching $8.5 billion in 2029, according to Visible Alpha. But say that growth rate falls by 3 percentage points as new customers become hesitant or negotiate harder, crimping revenue to $7.6 billion. Then assume that as CrowdStrike invests to avoid any more blue death-screens, its EBITDA margin falls to 30% from 35%. That would mean profit fell by a quarter, close to what investors are implying.
Even that doesn’t factor in the hard part: convincing shareholders it won’t happen again. For every rogue actor or careless employee, there are usually many negligent or unobservant colleagues who failed to spot the problem. As Citi, Boeing and Wells Fargo have found, demonstrating a genuine change in culture is almost impossible. CrowdStrike’s task now is to persuade the market that its mishap is just a one-off, because the stain of recurring ineptitude is often very hard to remove.
Follow @johnsfoley on X
Graphic: Corporate crises tend to hit fast, and lift slowly Corporate crises tend to hit fast, and lift slowly https://reut.rs/3WydlmB
Graphic: CrowdStrike's valuation leaves little room for error https://reut.rs/3LzLXhN
Editing by Jeffrey Goldfarb and Sharon Lam
免責聲明: XM Group提供線上交易平台的登入和執行服務,允許個人查看和/或使用網站所提供的內容,但不進行任何更改或擴展其服務和訪問權限,並受以下條款與條例約束:(i)條款與條例;(ii)風險提示;(iii)完全免責聲明。網站內部所提供的所有資訊,僅限於一般資訊用途。請注意,我們所有的線上交易平台內容並不構成,也不被視為進入金融市場交易的邀約或邀請 。金融市場交易會對您的投資帶來重大風險。
所有缐上交易平台所發佈的資料,僅適用於教育/資訊類用途,不包含也不應被視爲適用於金融、投資稅或交易相關諮詢和建議,或是交易價格紀錄,或是任何金融商品或非應邀途徑的金融相關優惠的交易邀約或邀請。
本網站的所有XM和第三方所提供的内容,包括意見、新聞、研究、分析、價格其他資訊和第三方網站鏈接,皆爲‘按原狀’,並作爲一般市場評論所提供,而非投資建議。請理解和接受,所有被歸類為投資研究範圍的相關内容,並非爲了促進投資研究獨立性,而根據法律要求所編寫,而是被視爲符合營銷傳播相關法律與法規所編寫的内容。請確保您已詳讀並完全理解我們的非獨立投資研究提示和風險提示資訊,相關詳情請點擊 這裡查看。