Downtown Josh Brown
Posts
Owning a stock when disaster strikes

Owning a stock when disaster strikes

Why I decided not to sell CrowdStrike

Josh Brown
July 21, 2024

CrowdStruck

I’ve been a shareholder in CrowdStrike since 2020 and have ridden the ups and downs since taking my initial position, including the more than 50% drawdown of the 2022 tech bear market. It’s been a rewarding run and I still think the cybersecurity theme has years (decades) to play out. I want to be a long-term investor in cybersecurity and when I choose to do something like that, I try to own only the best. CrowdStrike became the best performing stock of the sector this year, celebrated five years since its IPO and joined the S&P 500.

The company looked unstoppable as spring turned to summer. And then, like a bolt from the blue, catastrophe struck.

CrowdStrike pushed a security patch to its corporate clients running Microsoft overnight from Thursday into Friday, something it does routinely. There was a glitch in the update and because CrowdStrike’s software agent is so highly privileged on desktops and computer systems everywhere, the glitch led to what’s being described as the biggest IT outage in history.

The media cycle switched from Trump’s speech at the Republican National Convention and the “will Biden drop out” storyline to Microsoft / CrowdStrike. The company went from being a little known cybersecurity company, mostly out of the public eye, to the name on everyone’s lips. Corporate and government employees were greeted with the “blue screen of death” when they fired up their terminals that morning. Airlines were canceling thousands of flights. Banks were affected. E-commerce was affected. For companies running CrowdStrike to secure their Microsoft network, everything ground to a halt. It became international news and everyone wanted to know how something like this could have possibly happened.

Wall Street Journal:

The global outage began with an update of a “channel file,” a file containing data that helps CrowdStrike’s software neutralize cyber threats, CrowdStrike said. The update was timestamped 4:09 a.m. UTC—just after midnight in New York and around 9:30 a.m. in India.

That update caused CrowdStrike’s software to crash the brains of the Windows operating system, known as the kernel. Restarting the computer simply caused it to crash again, meaning that many users had to surgically remove the offending file from each affected computer.

The nature of the patch meant that the impact was uneven, with people in the same office even experiencing the outage very differently. Apple Macs, which don’t use the affected Windows software, were OK, and servers and PCs that weren’t on and internet-connected didn’t receive the toxic update.

- The Software Patch That Shook the World (WSJ)

CrowdStrike has 29,000 customers including 300 of the Fortune 500. Not all of them are running Microsoft’s Windows and so it wasn’t a complete and total blackout, but the impact of this mistake was felt around the world. Investors sold out of the stock, which closed down nearly 15% on the day. Wall Street’s analysts are not at all confident that we’ve seen the worst of it:

But worries about the business impact will likely weigh on the stock for a while. Particularly since the incident took place in the last two weeks of the company’s fiscal second quarter—a period Joseph Gallo of Jefferies described as “the most important and will likely significantly constrain potential upside in F2Q as new customers await assurances that the situation has been handled.”

Ittai Kidron of Oppenheimer agreed. “This is a major blow to CrowdStrike’s reputation and would most likely weigh not only on investor sentiment but also on business activity for several quarters ahead,” Kidron said Friday.

There's also the risk of CrowdStrike's existing customers seeking restitution for the damage done to their own businesses from the outage. "We worry there is a non-zero chance that after CrowdStrike helps customers get their systems up and running, legal battles will be fought," Peter Weed of Bernstein wrote in a report Friday afternoon.

- Heard on the Street: CrowdStrike May Get More Than a Slap (WSJ)

Leadership

People were angry and justifiably so. They will be angry for awhile. If this affected money movement for a transaction or left you stranded in an airport, it’s unforgivable. It’s been estimated that some 8.5 million Windows machines were affected and over 1,100 flights have been canceled, 2,867 delayed in the US alone. We don’t know what the financial fallout will be but reputational damage may linger long after the checks and refunds have gone out. It’s a terrible situation no matter how you look at it.

The silver lining (if there is one) is that the company immediately accepted responsibility and threw its entire workforce at the issue. It won’t be enough for critics of the company (and of Microsoft, which is also attracting its share of the blame), but it’s the best they could have done in the aftermath.

George Kurtz, the company’s co-founder and CEO, dutifully appeared on television everywhere to own responsibility for the incident, apologize to the people who were impacted and keep the world updated on its progress to get customers up and running again. He was contrite, matter of fact, professional and fully transparent. This was the only option, but you’d be amazed at how many corporate chieftains would have tried another route. George didn’t. He had made so many appearances by mid-morning Friday he practically choked up during a barrage of questions on The Today Show (probably not an appearance he thought he’d ever have to make when he went to bed the night before.

George Kurtz is not the first chief executive to have found himself at the center of a shitstorm like this - Boeing, BP, Chipotle, Sony, Facebook, Wells Fargo, it’s a long list. And he won’t be the last. And sooner or later, you and I will own shares in another company that finds itself in this position. This is part of the single-stock risk you are always assuming, whether you know it or not. Something, somewhere, is always on the verge of going very wrong.

It’s not whether or not you will make a mistake in this world. You will. Everyone does. And the more high profile you are, the more the mistake you make will be magnified for all the world to see. The more successful you have been leading up to the mistake, the worse the backlash will be - nobody has pity on a hundred billion dollar software company and, quite frankly, this lack of pity is fair. You wanted to be in this position - well, here you are. You get all the benefits and drawbacks that come with it. No, being perfect is not the thing. It’s what you do immediately following a mistake that matters most. Believe me, I know about making mistakes. I also know about recovering from them.

I shot a note of encouragement and support to George and his team today via email and told them I am rooting for them. They have tens of thousands of customers and a million ordinary people around the world counting on them to get it right and never let it happen again.

Sell?

So the question for shareholders now is whether or not you think the company can recover and learn from this event. I am not selling my shares, regardless of the tough road ahead, because I think the company can. It’ll be awhile. The reverberations are only just beginning to be felt.

What do you do when you’re a shareholder in a company that is at the epicenter of a catastrophe? I don’t think there’s a great absolute answer to this question because there are always differences and nuances in these situations that can make a big difference in the outcome. If you’re a shorter-term trader, the right answer is probably sell now and let the dust settle before buying back in. If I were holding a trading position in the stock, I probably would have sold it already, as many traders obviously did. As a longer-term holder (with a very low cost basis), I have to accept the “roof” that will now be hanging over the stock until enough time has passed.

I would also point out that many traders took the next step and asked “Cui Bono?” - who stands to benefit? In the chart below you can see that Palo Alto Networks and Sentinel One - two direct competitors - caught a bid late in the day Friday as Wall Street pivoted from surprise to profit-seeking. That train’s never late.

Todd Sohn on The Compound and Friends

Huge thanks to our friend Todd Sohn of Strategas who came by on short notice for the show this week and absolutely crushed it. He was a tornado of charts and insights about the recent rally in small caps, the rise and fall of thematic ETFs and so much more. Michael and I are very fortunate to have a network full of insanely talented market commentators to draw upon as we make the show for you each week. This week we celebrated 150,000 subscribers and our 150th episode. It’s been a long, hard road to get here but conversations like the one we had with Todd make all of our effort worth it. We are committed to bringing you the most informationally nutritious content we possibly can but in order to do that we need some help. Thank you, Todd!

You can watch it here or listen on the podcast app of your choice at the link below:

Small Caps Rip

On episode 150 of The Compound and Friends, Michael Batnick and Downtown Josh Brown are joined by Todd Sohn , ETF and Technical Strategist at Strategas, to discuss:…

podcasts.thecompoundnews.com/show/TCAF/small-caps-rip

That’s it for me today. Wishing you a relaxing weekend, talk soon! - Josh