CrowdStrike Will Take Hit From Outage But ‘Limit’ Longer-Term Damage: Analyst

Morgan Stanley has checked with CrowdStrike partners and is now ‘slightly more’ confident in the vendor’s recovery despite short-term impacts to recurring revenue.

While CrowdStrike will see an impact to new recurring revenue during the second half of the year in the wake of the historic Windows outage caused by its faulty update, the security vendor is poised to largely bounce back over the longer term, according to Morgan Stanley analysts.

In a note to investors Monday, Hamza Fodderwala, equity analyst at Morgan Stanley, wrote that the firm’s analysts have checked with CrowdStrike partners and are now more confident in the cybersecurity vendor’s prospects for recovery after the massive outage that started July 19.

The findings echo the sentiments of CrowdStrike partners who spoke with CRN last week, saying they believe the vendor is positioned to recover from the reputational damage over the incident.

The outage saw 8.5 million Microsoft Windows devices afflicted by the “blue screen of death,” becoming inoperable until they were fixed manually by IT teams. Widespread societal impacts included major disruptions to air travel, business and health care. One estimate suggested the costs to major corporations will reach into the billions of dollars.

For CrowdStrike itself, it’s likely that the vendor will see impacts to new annual recurring revenue (ARR) during the second half of the year (2H), according to the Morgan Stanley note.

“Our latest checks indicate -20% reduction in 2H Net New ARR post the outage, implying low-single digit % headwind to total ARR this year,” Fodderwala wrote, citing conversations with “multiple” CrowdStrike partners including “a large global reseller.”

At the same time, Morgan Stanley analysts are “slightly more constructive on CRWD's ability to limit long-term reputational damage post the outage given the company's swift response [and] partner checks indicating limited churn risk so far,” he said.

Speaking with CRN last week, Kin Mitra, president and CEO of Fort Lauderdale, Fla.-based Mission Critical Systems, said that it appears that most CrowdStrike customers will give the vendor another chance.

“I haven’t had a customer say, ‘Hey, we’re going to rip and replace CrowdStrike.’ That hasn’t happened,” Mitra said.

Ultimately, “they still have really, really good technology, and they kind of dominate the market,” he said. “Will they recover and go on to do bigger things? Yes, absolutely.”

Switching Costs Would Be High

Morgan Stanley analysts also pointed to “limited churn and market share shifts expected longer term” following the outage.

“Partners were largely constructive on CRWD's timely and transparent response to the outage,” Fodderwala wrote in the note to investors. “Our partner conversations indicate less than a quarter of customers were impacted and the majority among them saw minimal disruption.”

Additionally, given CrowdStrike’s position as an essential cybersecurity provider for many large corporations, “switching costs are also relatively high for existing CRWD customers,” he wrote, though he added that prospective new customers may “evaluate alternatives” such as SentinelOne and Microsoft.

In a statement provided to CRN Monday, CrowdStrike said that “we are focused on continuing to work with all of our customers to support them as we move forward.”

“While we do not comment on specific analysis undertaken by equity analysts as a matter of course, we welcome the comments from Morgan Stanley and J.P. Morgan that reflect the hard work of our customers, our partners and our team,” CrowdStrike said in the statement.

“We’ve worked together in real-time to ensure the swift and effective response” to the outage, CrowdStrike said in the statement. The company previously said that 97 percent of Windows sensors for Falcon were online as of Thursday.

Ultimately, “the positive feedback from our partners and the reaffirmation of our market leadership highlight our resilience and growth prospects,” CrowdStrike said in the statement Monday.

Improved Windows Resiliency Needed

Microsoft acknowledged Friday that the tech giant must improve resiliency for Windows following the widespread outage to the operating system.

“This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,” Microsoft executive John Cable wrote in a post.

In CrowdStrike’s “Preliminary Post Incident Review” post last week, the vendor specified that the update that led to the outage involved what’s known as “rapid response content,” which is used as part of performing "behavioral pattern-matching operations” to thwart future cyberattacks.

CrowdStrike disclosed in the preliminary review that a bug in its validation process for security configuration updates to its Falcon platform resulted in the outage.