Few companies ever had a worse quarter than cybersecurity firm CrowdStrike, which caused a global computer outage on July 19 that led to massive problems at everyone from retailers to delivery companies to hospitals and airlines.
But when it reports financial results after the bell Wednesday for the second fiscal quarter, which ended about two weeks after the outage, it likely won’t be bad at all. That’s because it takes time for its customers, even if they are furious with the company, to find an alternative to CrowdStrike as they seek to protect themselves from malicious hackers.
Analysts have forecasted that adjusted second quarter earnings are likely to be up about 30% from a year earlier, and most analysts have left their estimates unchanged since the outage. While shares of CrowdStrike (CRWD) are down more than 20% since the outage, they’re up 33% from the post-outage low they hit three weeks ago.
The company has admitted the problem was caused when it uploaded a flawed software update into the systems of its customers running Microsoft programs.
No one was hit harder than Delta Air Lines, which took nearly a week to resume normal operations due to problems getting its crew tracking software working once again, which meant that it couldn’t find the pilots and flight attendants that it needed to operate.
Delta estimates the problems cost it $500 million in lost revenue and increased expenses, and it is preparing to sue CrowdStrike and Microsoft in an attempt to recover those costs.
CrowdStrike and Microsoft both have criticized Delta, blaming the airline for the extended problems when other airlines were quickly back to normal operations. A letter from CrowdStrike’s legal counsel to Delta’s lawyer said it is prepared to fight any lawsuit, and that its liability was contractually capped in the single millions.
The company did insist in July that it has the resources it needs to weather whatever costs it does end up having to pay. At the end of its previous fiscal quarter it had $3.7 billion in cash on its books and an additional $750 million credit line, as well as “insurance policies which are intended to mitigate the potential impact of certain claims.”
Investors might be left with more questions than answers after CrowdStrike’s financial report and call with investors Wednesday, said Raj Joshi, a senior vice president with Moody’s who follows CrowdStrike.
“If performance is deteriorating, it’s not going to show up in the numbers immediately. There’s a lag,” he said. And he said part of that lag is it will take time even for companies that do decide to drop CrowdStrike as their cybersecurity firm to make the move to a rival.
“The process can be anywhere from three to six to nine months,” he said. The bigger problem for CrowdStrike, he said, is that it will be more difficult to sell additional services to its existing customers who suffered through the outage already. Much of the company’s growth comes from that kind of repeat business from existing customers, he said.
Moody’s had only upgraded CrowdStrike from junk bond status to an investment grade credit rating in May. At that time it had a positive outlook, meaning it expected further upgrades in the next year to a year in a half. It did not downgrade the company after the outage, but it did reduce its outlook from positive to neutral, meaning its growth is likely to be hurt, even if it doesn’t lose many customers.
“The question is will the company be able to manage its customer relationships and give (them) confidence that this was a one off thing?” said Joshi.