solarseven/iStock by Getty Images
Company Overview
CrowdStrike is a fast-growing, innovative cloud security company in a very fragmented market with a massive tailwind. The company is growing rapidly, but appreciation is still a concern. I rate CrowdStrike a hold here. The company is the first to move the next generation of cloud platforms: After Salesforce (CRM) with CRM software in 1999, ServiceNow (NOW) with service management in 2004 and Labor Day (WDAY) with HR in 2005, CrowdStrike introduced the world to cloud security in 2011.
The cloud-based cyber security market is still fragmented, offering many opportunities for companies like CrowdStrike to gain market share. In the graphic below, you can see that from 3.3% in 2018 to 9.2% in 2020 for the corporate endpoint security segment.
Part of the corporate security software market (Statistician)
In the next article, I will discuss the tailwinds of the industry and I will review the final revenues based on my Software as a Service (SaaS) checklist.
A Large And Growing TAM To Support Growth
According to Fortune Business Insights, the global Cyber Security market is expected to grow from $ 165.8 billion in 2021 to a whopping $ 366.1 billion in 2028, representing a stunning 12% compound annual growth rate (CAGR). To more accurately establish CrowdStrike’s TAM, we need to look at their niche: Cloud-based Cyber Security. Fortune Business Insights estimates that the Cloud (Cyber) Security market will grow from $ 29.26 billion in 2021 to $ 106.02 billion by 2029, representing an 18.1% CAGR, which is more impressive than the fast-growing overall Cyber market. Security. In the graphic below, you can see that Cloud Security is expected to grow from 17.6% to 25.9% of the total Cyber Security market by 2029. As companies move their operations to the cloud, so does their security.
Part of Cyber Security TAM (Author’s model)
The Crisis in Ukraine Brings Cyber Security to the Top of Mind
With Russia’s invasion of Ukraine, a new focus was set on new forms of warfare. Especially cyber warfare and cyberattacks are on people’s minds. For example, the Biden administration is calling for a new focus on cyber security to secure vital organizations.
Furthermore, according to CrowdStrike’s 2021 Thread report, the number of data leaks related to ransomware increased by 82% annually. Furthermore, we recently saw 2 major exploits and hacking using the Log4Shell exploit (estimated up to $ 10 billion in damages) and the Okta hack (up to 15000 organizational data was affected). All of these factors have brought Cyber Security to the minds of companies and will accelerate the increase of Security budgets and thus customer spending for CrowdStrike.
SaaS Checklist Final Revenue Report
I have a checklist of factors to look at for SaaS companies, so let’s take a look at the final earnings report and see how CRWD is performing with respect to:
- Retention rates
- Customers of many products
- Number of modules
- Rule 40
Maintenance Rates
SaaS businesses need to have high retention rates. We will look at both Gross retention and Net retention. The Gross retention rate tells you how many current customers are still in the company, so it doesn’t include new customer winnings. The opposite of this number is customer churn. As we can see in the graphic below, CRWD has maintained a stable overall retention of between 97% and 98% for the last 15 quarters. These are outstanding numbers. This means that the churn rate never exceeds 3% during this period. A 2% -3% churn leads us to a customer life expectancy of 33-50 years with the company.
Next is the Net retention rate. This metric shows us how much the current customer is paying compared to last year. Net maintenance should always be more than 100%, otherwise you’re in trouble. CrowdStrike has a benchmark of 120%, which they have been able to surpass for 16 consecutive quarters. The current NRR of 123.9% is a very healthy number. Retention rates: Check.
CrowdStrike Retention Rates (CrowdStrike investor presentation)
Multiple Product Customers
An important way to grow revenues for a SaaS business is to upsell existing customers with more and more products and services. Not only does it increase revenue per customer but it also increases stickiness. A customer who has built his entire cyber security strategy around certain CrowdStrike products is hard to convince to use another service provider for additional needs in the future. In the graphic below we can see that CrowdStrike over the past two and a half years has done a great job at converting existing customers into more products and services. Customers with 4 or more Modules went from 50% in fiscal Q2 20 to 69% in Q4 22. Customers with 5 or more Modules also had an impressive runway, which grew from 30% in Q3 20 to 57% in Q4 22. Finally, customers with 6 or more Modules increased from 22% in Q4 21 to 34% in Q4 22. Everything is happening according to plan for CrowdStrike about upselling.
Multi-Product Customer (Model authors, Data from CrowdStrike IR)
Number of Modules
In order to upsell existing customers with the new modules, of course, CrowdStrike needs to continue to develop more modules. In the IPO prospectus in 2019, CrowdStrike has 9 Modules in 4 different sections. In Q4 22 they have 23 Modules in 9 different sections. So we can see that over the years, CrowdStrike has been able to drastically increase its product offering. Some new additions will be announced in Q4:
- Introduced the Falcon XDR Module, a Module to extend their leadership in endpoint detection and response capabilities.
- The Falcon Identity Threat Protection Complete Module was introduced, an extension to the Falcon Complete managed package of services.
- Launch of Falcon Zero Trust Assessment on macOS and Linux.
Another check on the checklist.
Rule 40
The rule of 40 is a metric to see if a SaaS company is growing healthily. The rule is calculated by adding the growth rate to the profit margin. There are different versions of the 40 rule, depending on the type of profit margin used. CrowdStrike uses Non-GAAP Operating margin, but I prefer to use Free Cash Flow margin.
In Q4 22 CRWD had 63% revenue growth and a 29% FCF margin. This leaves CrowdStrike wit’s a mindblowing 92! As the nAme suggests, the goal of the 40 rule is to exceed a mark of 40. However, we should keep in mind, that on the basis of Net income the calculation will look different. CrowdStrike currently has a net income margin of -16%. That would leave us with 47, still beating the 40 rule.
Appreciation
CrowdStrike was guided with approximately $ 2.15 billion in revenue in FY 23, a 48% revenue growth. This continues their trend of deceleration over the past few years. We should note that 48% revenue growth is still large, but growth rates have dropped from 110% in 2019 to the expected 48% in 2022. For a fast -growing company like CrowdStrike, I’d like to look at Enterprise Value (EV)/Sales and EV/Gross revenue. Since CrowdStrike is already positive on Free Cash Flow, I will also look at the EV/FCF yield. During the height of the Covid hyper-growth bubble, CrowdStrike traded 45 times forward sales and 95 times following total revenue. The multiples contracted around 50% to 24 times and 49 times respectively, which was too expensive for me. I am interested in starting a position if we see the stock around 15 times forward sales or 30 times total revenue. On the basis of Free Cash Flow, the stock is also not cheap with 0.87% yield.
Appreciation of CRWD (Koyfin)
Conclusion
CrowdStrike is a great moat established business and has a strong tailwind in the industry. The company does a great job to maintain and grow customer relationships. CrowdStrike is on my watch list and is now a hold if I already own the shares. If we see lower multiples, whether through a market selloff or an acceleration in growth, I would be interested in starting a position.