Letter to the saver

CrowdStrike's game: push subscriptions after the 2024 crash

Cybersecurity. A group software had sent computers halfway around the world into a tailspin: today the stock is on the highs on the stock exchange. Challenge on margin support

7 July 2025

6' min read

Journey to hell. There and back. That is how one can describe - from a stock market perspective - the dynamics of CrowdStrike's stock over the past year. The US company, active in computer security and listed on the Nasdaq, literally collapsed in the second half of July last year. At the close on 16/7/2024 it was trading around $369. Then, on 5 August, its shares hit an intraday low of $200.8. The thud was 45.6%. Subsequently, the stock recovered and is currently trading at all-time highs.

The black out

Why? It happened that CrowdStrike was involved in one of the largest digital blackouts not caused by cyber attacks. Millions of Windows computers suddenly stopped working. Airports ground to a halt. Businesses ground to a halt. Hospitals in distress. The cause? A software update - at least that is the officially accepted version - released by CrowdStrike itself.

In particular, on 19 July - while many of the Redmond company's systems were crashing - one wondered what was going on. For a while, no explanation was forthcoming: it was not clear whether the 'fire' was in the product 'made in Microsoft' or in the CrowdStrike software. Only a few hours after the general shutdown - and many protests from customers - came the technical justification.

From there, the Californian group initiated various emergency measures: from the online publication of a guide on how to remove the defective file to the creation of intervention units at users' premises and the opening of hotlines with the users themselves. Then, beyond the first-hour response, there was the offer - by the cybersecurity company - of additional support and compensation (e.g. forms of credit or contract extensions). In addition: CrowdStrike announced - and materialised - the revision of internal software testing and release processes, adding extra checks before each update.

TIPOLOGIA DI RICAVI

Reactions

Of course! The problems were not solved overnight. Some parties, as the company itself indicates in its 10-Q file on the last quarter, have filed lawsuits against the IT security firm. Thus, among others - although it is not explicitly mentioned in the documents at the Security and Exchange Commission - it can be recalled that Delta Airlines is seeking USD 500-550 million for flight cancellations, operational disruptions and other damages. All by accusing CrowdStrike - which rejects the consideration - of negligence in the release of the software update. Not only that. The reputational front - the hi tech group itself, again in the 10-Q file, speaks of potential damage - has come under pressure. The corporate allure has tarnished somewhat.

The race to the rescue

Having said that, however, it is undeniable that the company has managed - in the context of its stock market performance - to put the chaos of last July behind it. Can this also be seen on the business front? The group answers yes: the company, in the quarter between the beginning of February and the end of April last year (first quarter of 2025-2026), says that 'the gross retention rate is steady at 97 per cent' there is 'solid net retention'. Put differently: users would not have abandoned the group. Not only that. The company points out the upward trend in recurring revenues (Arr). Here, to better understand the topic, it is first necessary to recall CrowdStrike's business model.

In the world of cybersecurity, one distinction is as follows: on the one hand, there is the so-called on premise cybersecurity. On the other is the so-called on cloud. The former, in simple terms, implies that the IT infrastructure (on which security is based) is internal to the company. The second, on the contrary, requires that the It mechanisms are outside, on servers outside the company and reachable through digital networks.

MARGINE INDUSTRIALE E DIVISIONI

So: in the first case, the customer buys the software (one-off or renewable) and pays fees for technical support or updates. As a result, revenues are normally high at the beginning but less predictable thereafter. In the second hypothesis, on the other hand, each user pays a monthly or annual fee (subscription), often depending on the number of protected devices and the defensive modules activated (antivirus, identity protection or cloud analysis). In such a context - it is clear - revenues tend to be more stable and predictable.

Well: CrowdStrike was in fact born aiming precisely at the computer cloud, additionally augmented by Artificial intelligence (AI). The company itself says - in document 10K - that it has created 'the first true native platform - CrowdStrike Falcon Xdr - for the cloud (...) with Artificial Intelligence at its core (...)'. Within such a context, one can well understand, then, why Annual recurring revenues (ARR) and their trend are essential.

The Accounting Indicator

In this sense: the group recalls that the Arr at the end of 2024-2025 stood at USD 4.24 billion, up 23% year-on-year. Not only that. The expansion continued in the first quarter of 2025-2026, with the indicator exceeding 4.4 billion. All roses and flowers, then? The reality, as always, is more complicated. Firstly, some experts point out that the very duration of the subscription means that any disaffection from CrowdStrike's solutions will only be seen a little later. If, in Q2 and Q3, the increase continues, then it will mean that the issue is really over. Furthermore, other experts point out a fact: in the last three quarters - i.e. after the July event - the rate of increase of the Arr has slowed down. In the third quarter and fourth quarter of 2024-2025 the new Annual recurring net revenues were 153 and 224 million respectively (223 and 282 the addition in the two quarters a year earlier). For the first quarter of the current financial year, on the other hand, the indicator was EUR 194 million and compares with the figure of EUR 212 million for the same period in 2024-2025. Against this trend, however, it should be noted that the decline is gradually reducing in intensity. The decline was more than 31% in the third quarter of 2024-2025, while in the most recent survey, the drop is 8.5%. In short: the negative long wave seems to be slowing down.

But it is not just a question of revenue. There is also marginality. The gross margin in the first quarter of 2025-2026 was 74%, compared to 76% a year earlier. This figure is the effect of two causes. The first is the slight decrease of the industrial margin in the area of subscriptions, where the increase in share-based compensation expenses had an impact. The second, however, is the weight of the contraction of the gross margin in consulting. Here, on the one hand, the rise in operating expenses in the wake of the 2024 blackout and, on the other hand, the higher charges due to the business expansion programme made themselves felt.

SPESE OPERATIVE

A growth project which, among other things, bets on the so-called Falcom Flex. What is this? It is a flexible subscription model for the company platform which, instead of buying individual modules, allows the customer to pay a predefined annual amount. After that, the user can freely activate any service on the platform within that budget. It is clear that, on the one hand, the Californian company will offer a discount on the subscription (hence, also, the general slowdown in marginality); but, on the other hand, it allows the hi-tech group to increase the solutions offered to the individual customer, increasing the relationship with the same and reducing the churn rate. In this sense, it is interesting to note that - in the last quarter - the share of customers who have adopted 8 or more modules rose slightly to 22% (it was 21% the previous quarter). Nothing transcendental, for goodness sake! But evidently, the strategy is starting to bear some fruit.

Yeah, some fruit. Those offered - again in the first quarter of 2025-2026 - and with reference to future prospects did not seem attractive to the market. The company indicated revenues - for the fiscal year 2026 - between USD 4,743.5 and 4,805.5 million. Non-GAPP operating profit, on the other hand, was expected to be between USD 970.8 million and USD 1,010.8 million. The outolook - together with the quarterly numbers - turned the market's nose up at it. So much so that the stock fell 5.7 per cent after the release of the numbers.

Having said that, however, the shares have indeed reached an all-time high. A context in which, according to Seeking Alpha, CrowdStrike's stock market multiples are higher than those of the reference sector. In other words: the stock is expensive.

Beyond that, technical analysis can be useful in such a scenario. 'The shares, which have a strong correlation with the Nasdaq,' explains Silvio Bona, an independent chartist, 'are set to rise. Between mid-March and the end of April, they made a double minimum figure. Currently, considering the so-called Elliot wave approach, we are facing the exhaustion of the third wave'. Consequently, it is possible that 'there will be a correction, useful to "unload" the market before the last push'. From there, there should "be final bullish momentum, but with lower relative strength and divergence of other indicators". So: caution.

Further reading

The stock trend

Vittorio CarliniRedattore
Luogo: Milano
Lingue parlate: Italiano, Inglese
Argomenti: Finanza, Tecnologia, Analisi fondamentale
Scheda autore
Trust project