Black Friday is Now! Don’t miss out on up to 60% OFF InvestingProCLAIM SALE

Earnings call: CrowdStrike reports resilient Q2 amid cybersecurity incident

Published 11/26/2024, 04:47 PM
© Reuters
CRWD
-

CrowdStrike Holdings, Inc. (NASDAQ:CRWD) presented its second-quarter fiscal 2025 earnings, demonstrating robust financial growth and strategic responses to a significant cybersecurity event that occurred on July 19th. The company closed the quarter with a 32% year-over-year increase in annual recurring revenue (ARR) at $3.86 billion and exceeded its revenue guidance with a total of $964 million. This performance aligns with CrowdStrike's commitment to transparency and customer trust, as well as its long-term goal of reaching $10 billion in ARR by fiscal year 2031.

Key Takeaways

  • CrowdStrike's Q2 ARR grew by 32% year-over-year to $3.86 billion.
  • The company experienced a major cybersecurity incident but responded with transparency and strategic actions.
  • New "Customer Commitment Packages" were introduced to bolster trust and are expected to seed long-term platform adoption.
  • Hyper-growth modules in Cloud Security, Identity Protection, and LogScale collectively surpassed $1 billion in ARR.
  • CrowdStrike remains committed to a $10 billion ARR goal by fiscal year 2031 and anticipates operating margin improvement in FY 2026.

Company Outlook

  • CrowdStrike is on track to achieve a $10 billion ARR by fiscal year 2031.
  • The company expects to see operating margin improvements in the next fiscal year.
  • An acceleration of business is anticipated in the latter half of the next year.
  • Q3 revenue is projected to be between $979.2 million and $984.7 million.

Bearish Highlights

  • The cybersecurity incident on July 19th impacted the final two weeks of the quarter.
  • Customer Commitment Packages introduced post-incident may temporarily affect upsell values and subscription term lengths.

Bullish Highlights

  • Despite the cybersecurity incident, the company achieved record non-GAAP operating income and strong free cash flow.
  • Hyper-growth modules have shown impressive year-over-year ARR growth, with Cloud Security and Identity Protection leading the way.

Misses

  • There were no specific financial misses reported in the earnings call.

Q&A Highlights

  • CEO George Kurtz emphasized the unchanged mission of CrowdStrike to stop breaches and the differentiated value of the Falcon platform.
  • CFO Bert Podbear reiterated the commitment to the $10 billion ARR target by the end of fiscal year 2031.

In summary, CrowdStrike's second quarter of fiscal 2025 has been marked by strong financial performance and a proactive approach to managing a significant cybersecurity challenge. The company's strategic initiatives, including the introduction of Customer Commitment Packages and a focus on hyper-growth modules, are designed to maintain customer trust and drive long-term growth. With a clear outlook for the future and a commitment to improving operating margins, CrowdStrike aims to continue its trajectory towards substantial ARR growth in the coming years.

Full transcript - CrowdStrike Holdings Inc (CRWD) Q2 2025:

Conference Operator: Hello and welcome to CrowdStrike's Fiscal Second Quarter 2025 Financial Results Conference Call. At this time, all participants are in a listen only mode. After the speakers' presentation, we will conduct a question and answer session. Please be advised that today's conference is being recorded. I would now like to hand the call over to Maria Riley, Vice President of Investor Relations.

Maria, please go ahead.

Maria Riley, Vice President of Investor Relations, CrowdStrike: Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co Founder of CrowdStrike and Bert Podbear, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections and expected performance, including our outlook for the Q3 fiscal year 2025 and any assumptions for fiscal periods beyond that are forward looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward looking statements represent our outlook only as of the date of this call. While we believe any forward looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties.

We do not undertake and expressly disclaim any obligation to update or alter our forward looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the Company's quarterly and annual reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non GAAP. A discussion of why we use non GAAP financial measures and a reconciliation schedule showing GAAP versus non GAAP results is currently available in our earnings press release, which may be found on our Investor Relations website at ir. Crowdstrike.com or on our Form 8 ks filed with the SEC today.

With that, I will now turn the call over to George.

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: I would like to start today's remarks with my apology to everyone impacted by our Channel File 2 91 incident, which transpired on July 19th. I also want to take this moment to show my gratitude to everyone who worked with us through the incident. Thank you to our customers and partners for your continued trust. Thank you to our team of relentless crowd strikers for living our mission. Thank you to the broader cybersecurity and IT community for standing with us as we face the most challenging event in our company history.

The magnitude of the July 19th incident will never be lost on me and my commitment is to make sure this never happens again. The days following the incident were among the most challenging in my career because I deeply felt what our customers experienced. Our response to the July 19th incident was immediate, deliberate and focused. We activated CrowdStrike's crisis response plan to lead through the incident. We clearly communicated status with customers, partners in the market at large in our website, social media, email, phone and broadcast.

Our technical teams devised new automated recovery techniques for accelerated response. Our efforts were 100% focused on bringing impacted devices back online with the highest level of speed and transparency. This included the mobilization of CrowdStrikeers in our partner community to communicate proactively and transparently with customers as well as the market at large and then recover impacted hosts. For many, recovery was within hours. We've already implemented the following actions to build a more resilient Falcon platform.

1st, enhance content visibility and control. While sensor version control was always a cornerstone of the Falcon operational experience, we've already released new content control configurations. This allows customers to choose when and where new Falcon content is deployed with new granular controls. 2nd, content QA enhancements. We already shipped an enhanced content validator and content interpreter, 2 of the components which did not properly function.

These components have been refactored to prevent shipping Aroney's content and were both made GA earlier in August. And third, external review and validation. We've engaged 2 independent third party software security vendors to review the Falcon sensor code and quality control process. This ongoing work focuses on enhancing security and resiliency over the short, medium and long term. These three major actions are in addition to an enhanced content release process.

Our content release process now mirrors the sensor release regimen. It consists of sample testing, internal lab and canary systems testing, early access soaking and lastly a staggered concentric ring deployment in adherence with customer policy settings. The July 19th incident starts a new chapter for CrowdStrike, one focused on ensuring that cybersecurity's best AI platform for SOC operations, protection, visibility, response and automation is also cybersecurity's most resilient platform. With built in redundancy modes, new content controls and enhanced safeguards, we've immediately addressed learnings from the incident and will continue to apply and evolve these lessons into our future. Moving to our Q2 results, our execution following the July 19 incident highlights the resiliency of CrowdStrike's business.

Our focus on transparency and accountability continues to inspire trust. Our track record and third party validation of delivering the industry's best AI powered protection continues to resonate at scale. As the July 19th incident was in the final 2 weeks of the quarter, when a meaningful portion of our sales typically close, it delayed deals into subsequent quarters. The vast majority of these deals remain in our pipeline. Despite this impact, I'm encouraged by the results we delivered.

The enduring trust that prospects, customers in the market have in Krauszweig is demonstrated by our Q2 performance. Ending ARR of $3,860,000,000 growing 32% year over year Q2 net new ARR of $218,000,000 up 11% year over year within our pre incident stated assumptions. Q2 revenue of $964,000,000 also ahead of our guidance. Record non GAAP operating income of $227,000,000 growing 46% year over year. GAAP profitability for the 6th consecutive quarter and free cash flow of $272,000,000 at 28% of revenue with a free cash flow rule of 60%.

These financial results illustrate the resilience of our business and our team. Customers, prospects and partners recognize CrowdStrike's technological leadership and role in serving the market need for ongoing platform consolidation. This is why they continue to choose CrowdStrike. In the hundreds of customer interactions I've had since the July 19th incident, organizations of all sizes thematically shared 3 messages with me. 1st, necessity to understand the incident, our response and our actions to ensure it doesn't happen again.

2nd, acknowledgment of our trust record, gratitude for CrowdStrike safeguarding their organization over the years. And 3rd, steadfast support for CrowdStrike continuing to be cybersecurity's innovation leader and their consolidation partner of choice. The breadth and depth of the Falcon platform spans 28 modules that revolutionize cybersecurity, stopping breaches for tomorrow's AI powered SOC. Covering cloud security, identity protection, device security, data protection, IT automation and next generation SIEM, our portfolio is diversified. CrowdStrike is much more than EDR, and we appeal to a variety of personas across cybersecurity, IT, digital, risk and compliance teams.

Over the past year, our large scale next gen SIEM, identity protection and cloud security businesses each expanded the power and reach of the Falcon platform, each representing resilient growth vectors outside of what was once considered our market back when I started the company. In Q2, our lock scale next gen SIEM, identity protection and cloud security hyper growth businesses together surpassed $1,000,000,000 in NDARR and grew more than 85% year over year. These results reaffirm our continued and increasing investment in innovation, ushering in the next chapter of the Falcon platform. Let me provide a few examples showcasing how these products are disrupting their respective markets. Importantly, each of these customer wins was closed after the July 19 incident began.

I'll start with Falcon Cloud Security, the industry's only integrated CSPM, ASBM, DSPM, CIEM, CWP agent and agentless solution. CrowdStrike's cloud security business is now more than $515,000,000 in ARR and grew faster than 80% year over year. 2 noteworthy post July 19 wins, an 8 figure deal in a major enterprise software firm where Falcon Cloud Security was already running on a part of the environment, replacing another next gen cloud security vendor allowed this customer the opportunity to standardize on Falcon Cloud Security for ease of management across broad distributions and superior cloud security protection. Next (LON:NXT), a 9 figure Falcon Cloud Security purchase across a 1000000 hosts in a large enterprise for their production environment. Falcon Cloud Security's leading protection, visibility and operational scoring in their evaluation placed Krauszweig ahead of other cloud security products.

Falcon Identity Protection continues to set the industry standard in the identity threat detection and response space. As of Q2, identity ending ARR surpassed $350,000,000 growing over 70% year over year. We pioneered this category and it's a key differentiator in our XDR value proposition. Now let's move to the LogScale next gen SIEM business, which is greater than $220,000,000 in ARR and grew more than 140% year over year. The SIEM market continues to be in a state of renaissance where organizations of all sizes are drafting their next chapter of security and IT data management.

Our lock scale next gen SIEM momentum showcases CrowdStrike's ability to displace legacy SIEMs at scale and capitalize on market demand for AI powered SOC operations. 2 exciting post July 19 wins include an 8 figure win in which large scale next gen SIM replaced 2 legacy SIMs. This customer was already a large CrowdStrike customer and the ability to store, visualize and action large amounts of first party CrowdStrike data natively in a platform significantly lowered cost by more than 60% while increasing functionality. Ingesting third party data into the Falcon platform is not only more cost effective but also differentiated in our incident workbench, which brings novel visibility and AI powered response to the hands of every SOC analyst. What once took 2 legacy SIEMs is now natively in Falcon.

And finally, a leading generative AI company that started using log scale next gen SIEM over a year ago standardized on the technology in a 7 figure win. Winning the totality of their SIM business as well as observability use cases was a function of log scale next gen SIM search speed, the native nature of Falcon data coupled with 3rd party data and response actions and improved TCO relative to their legacy SIEM. I'm reassured by customers' and prospects' feedback, wanting to do more with CrowdStrike post incident as evidenced by multiple 7 and 8 figure platform expansions with most opting for multi year deals. Eliminating complexity is a key component of achieving resilience and we see the Falcon platform continuing to help solve a wide range of customer problems, simplifying cybersecurity and most importantly stopping breaches. Our partner first go to market continues to deliver at scale, connecting our technology platform with new and existing customers.

CrowdStrike's preeminent partner position as a top security vendor by business size and number of transactions serves as a competitive moat. In Q2, 66% of our new logo business was sourced by our partners, showcasing our best in class partner go to market. In Q2, our systems integrator business grew over 100% year over year, highlighting Falcon as an industry driver in delivering multidisciplinary cybersecurity transformation. Our partners were instrumental in helping customers recover with noteworthy engagement from Accenture (NYSE:ACN), KPMG and among a dozen others. Our strategic alignment and deep partnership extend our reach.

In this vein, global system integrators are increasingly becoming a central part of our partner strategy as the Falcon Flex (NASDAQ:FLEX) subscription model highly resonates with the transformative nature of GSI engagements. We unite and align our entire partner ecosystem with our use of cloud marketplaces in CrowdStrike's go to market. We've demonstrated the success and results of this strategy with AWS, helping customers not only secure their AWS cloud services, but also procure CrowdStrike for the full range of their cybersecurity needs. Now 2 quarters into our expanded relationship with Google (NASDAQ:GOOGL), CrowdStrike is the fastest growing cybersecurity vendor on the Google Cloud Marketplace this year. Customers of all sizes are increasingly looking to utilize their committed hyperscaler spend, adding an additional layer of resilience to our go to market.

Aligning our entire ecosystem from reseller to systems integrator, MSSPs distributors makes CrowdStrike cybersecurity's partner of choice. With CrowdStrike, the entire ecosystem wins together. Our resilient business platform and go to market position CrowdStrike to execute on our unchanged vision and mission, Whether on July 18 or today, on August 28, our TAM and market opportunity remain unchanged. This is because, first, the need for cybersecurity simplification. Organizations of all sizes remain eager to simplify, consolidate and rationalize their cybersecurity product lineups.

Streamlining operational processes goes hand in hand with SOC transformation with the goal of faster, more effective cybersecurity delivered at lower cost. Decreasing TCO and increasing efficiencies through AI and automation are clearly voiced organizational priorities and will be for years to come. 2nd, adversary proliferation and threat landscape acceleration. Released in our annual threat report several weeks ago, CrowdStrike's analyst and industry lauded threat intelligence is in a class of its own, now tracking over 2 45 adversary groups. In the past year, our threat intelligence teams uncovered threat actors applying to and actively working for more than 100 unique companies.

The realities of the threat landscape necessitate effective cyber protection and that is only intensifying. In the face of universally accepted market needs and adversary realities, the resounding feedback I hear from customers is that CrowdStrike is their number one and most effective cybersecurity control. This is not only because of product performance and efficacy, but also because of the organizational process and orchestration built on and around Falcon. With greater than 7 modules on average deployed in organizations spending $100,000 or more per year, the Falcon platform is firmly rooted with replacement requiring a multi vendor costly and time consuming process, abandoning the protection and TCO benefits of a single platform consolidation. Our best in class module adoption, supercharged by Charlotte AI, our generative AI SOC analyst, makes the Falcon platform sticky for all users as well as the data foundation of the SOC.

This is why we continue aggressively investing in innovation to advance our track record of revolutionizing cybersecurity. This is why customers are looking to not only stay with us, but also expand their Falcon platform adoption. This is why our upcoming annual customer and industry conference, Falcon, is what I refer to as our largest selling event of the year. It is already in overflow with more than 5,000 secondurity and more than 95 sponsoring partners. Our unchanged vision and mission propels us to become an even better, even more resilient and even more customer obsessed CrowdStrike.

In working with customers post incident, we quickly mobilized around customer loyalty. We took inspiration from our Falcon Flex subscription program, a licensing model that's been rapidly gaining traction across all of our customer segments. In the years since we built the Falcon Flex program, the customers who have subscribed to this new licensing model represent over $700,000,000 in total deal value. Flex supercharges platform adoption, making it easier and faster for organizations to displace other technologies through flexibility, turning on and moving between modules without procurement and legal friction. Customers love the flexibility as it makes it easy to use more Falcon.

In Falcon Flex, we also found a simple and effective mechanism to drive retention by offering compelling customer commitment packages. Our customer commitment package takes traditional module by module licensing into our Falcon Flex model, where customers can use any and all modules they wish at compelling economic values. Depending on need, the customer commitment package encompasses discounting, module adds, professional services, flexible payment terms, as well as adding duration to a customer subscription. Our best in class module adoption is differentiating and leading indicator of CrowdStrike customers' behavior. And post incident, our customer commitment package will drive even more Falcon utilization and platform value realization in both the short and long term.

Customers see this as an immediate win to realize maximum and differentiated value from the Falcon platform. It is also a long term win for CrowdStrike, cementing us as the organization's cybersecurity platform of record. Customer feedback has been extremely positive because we're proactive in our approach and customers benefit because they get what they want, more Falcon. The blueprint for our customer commitment packages or Falcon Flex deals like this Fortune 500 insurance firm that I referenced before in the NextGen SIM discussion. This customer has been with us for 5 years building over time from endpoint to identity.

They had aspirations of consolidation and saw CrowdStrike as a platform where they could achieve their protection, automation and economic objectives. In the midst of this deal discussion, the incident happened. We worked with them on a rapid recovery. Our trust record and value from the platform over time stood out. Through Falcon Flex, this customer accelerated consolidation.

They contracted for every Falcon module displacing 7 technologies. And through the AWS marketplace, their spend with CrowdStrike will grow from $2,200,000 in ARR to more than $5,000,000 in ARR over the subscription. Falcon Flex Group platform adoption through the subscription term and increased ARR over the multi year period. Our customer commitment package will grow Falcon adoption, increasing platform stickiness, ROI and protection levels. Customer commitment packages are a proactive and concerted investment we're making to build long term loyalty and seed long term platform adoption.

In closing, the past few weeks have been some of the most formative for CrowdStrike. Beyond apologies, I want our actions to speak even louder than our words. We work to recover customers quickly. No matter the location or need, we focused on helping customers. Challenging and unprecedented moments like these are the true tests of companies, teams and individuals.

Our response has shown me that the golden rule I've led CrowdStrike with since day 1, put the customer first always, isn't just alive and well, it's thriving. Cybersecurity's mission critical role in today's digital society is undeniable. CrowdStrike's contribution to cybersecurity, bringing cybersecurity to the cloud, bringing AI to cybersecurity has profoundly redefined the industry and we will continue to do so. We continue to invest in growth and innovation as well as safeguards to build cybersecurity's most resilient AI powered platform. The mission of We Stop Breaches rings just as true today as it did prior to July 19.

The most important part of CrowdStrike is the crowd, the people. Working at CrowdStrike isn't a job, it's a mission. The fight, the creativity and the will to make the world a safer place by stopping breaches is here. Our mission is alive and well, and I know that CrowdStrike's very best days are ahead of us. Thank you for your unwavering trust.

And now I'll turn the call over to our CFO, Bert Podbear.

Bert Podbear, Chief Financial Officer, CrowdStrike: Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non GAAP. In today's discussion, I will briefly summarize our Q2 financial results and provide our assumptions and investment priorities for the second half of the fiscal year. The strength of our Q2 results we believe demonstrates our resilience, focused execution, commitment to financial discipline and the long term durability of our business. Despite the challenges of the last couple of weeks of the quarter, we delivered better than expected revenue, operating profit and net income.

In Q2, ending ARR grew 32% year over year to $3,860,000,000 of which $218,000,000 was net new added in the quarter, up 11% over Q2 of last year and within our previously stated assumptions for the quarter. In Q2, we achieved our 2nd largest quarter of all time for net new customer additions, expansion business and net new ARR contribution from Cloud, Identity and LogScale combined. Prior to July 19, we are on pace to deliver net new ARR growth well ahead of these results. The July 19 incident had a significant impact on the last 2 weeks of the quarter as we rapidly mobilized teams to assist customers, but we continued to close deals, including a 9 figure in deal value expansion. While deals can push in any given quarter, this quarter we experienced elevated levels with more than $60,000,000 in deals that we had line of sight for the quarter and remain open as of Monday.

We expect these deals to close in future quarters. Our retention metrics and module adoption metrics remained strong in Q2, highlighting our deep partnership with customers and the significant value the Falcon platform delivers. Our dollar based gross and net retention rates were consistent with our expectations for the quarter. Subscription customers with 5, 6 7 or more modules represented 65%, 45% and 29% of subscription customers, respectively. Notably, deals with 8 or more modules grew by 66% over the prior year.

And 48% of all customers with $100,000 or more in ending ARR adopted at least 8 modules, an increase of more than 10 percentage points over the prior year. Moving to the P and L. Total (EPA:TTEF) revenue grew 32% over Q2 of last year to reach $963,900,000 ahead of our expectations for the quarter. Subscription revenue grew 33% over Q2 of last year to reach $918,300,000 Professional services revenue was $45,600,000 representing 10% year over year growth. The sequential decrease in professional services revenue was primarily attributed to deploying complementary remediation services to help customers impacted by the July 19 incident.

Record total gross margin of 78% increased by approximately 80 basis points year over year. Record subscription gross margin of 81% increased approximately 90 basis points over the prior year. Total non GAAP operating expenses in the Q2 were $529,100,000 or 55 percent of revenue compared to 56% of revenue in the prior year. Consistent with our plan, we increased the pace of hiring, primarily in the areas of sales and marketing and R and D, growing total headcount by 22% year over year. In the 2nd quarter, non GAAP operating income grew 46% year over year to reach $226,800,000 and operating margin increased by more than 2 percentage points year over year to reach 24%.

We delivered GAAP net income attributable to CrowdStrike of $47,000,000 growing more than 5x over Q2 of last year. Non GAAP net income attributable to CrowdStrike grew 45 percent to reach $260,800,000 or $1.04 on a diluted per share basis. Cash and cash equivalents grew to $4,040,000,000 Free cash flow grew 44% over Q2 of last year to reach $272,200,000 or 28 percent of revenue, in line with our expectations. And we delivered a rule of 60 on a free cash flow basis. In regards to the impact of potential legal exposure related to the July 19 incident, I would like to note the following.

The outcome of litigation is inherently difficult to predict, particularly in the early stages, and it is still too early for us to estimate any potential legal exposure we may have at this time. Our customer agreements contain provisions limiting our liability, and we maintain insurance policies intended to mitigate the potential impact of certain claims and have a strong cash position. We continue to work hand in hand with our customers to ensure their success and are well positioned to continue investing in the business for long term growth. Turning to our outlook, taking care of our customers has always been and will continue to be our number one priority. We believe this focus and commitment will benefit us and them over the long term.

Customer retention remains remarkably strong, and we do not expect this to meaningfully change in the foreseeable future. Gross retention was 98% at the end of Q2, and dollar based churn in the last 5 weeks as of Friday was modestly lower than the same period last year. However, visibility into the back half of the year is less than typical. We expect the following factors to impact our near term results. 1st, we delayed the vast majority of outbound pipeline generation activities for a few weeks following the July 19 incident.

Outbound prospecting has since fully resumed and is rising to pre incident levels of responses. 2nd, we expect to see extended sales cycles for both new and existing customers, with additional scrutiny requiring higher levels of approval at the CEO and in some cases Board of Directors level. 3rd, as George mentioned, through our customer commitment packages, we are encouraging customers to commit to more of the Falcon platform for longer periods of time. We are focused on making sure these commitments to the Falcon platform are one of the best decisions that IT and security teams make. As reflected in our revenue guidance, in the short term, we expect our commitment packages will result in temporarily muted upsell dollar temporarily muted upsell dollar values and temporarily higher than typical levels of contraction due to elongated subscription terms.

We estimate these packages will impact net new ARR and subscription revenue by approximately $60,000,000 and professional service revenue by high single digit $1,000,000 in the back half of FY 'twenty five. In the long term, we expect our customer commitment packages will ultimately lead to higher platform and module adoption and deeper partnerships with customers. And 4th, specific to free cash flow, we expect to have increased flexible payment terms for our customers, and we will incur additional G and A costs associated with the July 19th incident. At this point in time, we are not providing a free cash flow margin expectation for the full year. We will maintain our long standing focus on financial discipline and the bottom line with our attention squarely on the highest and best use of every dollar.

As reflected in our guidance for the remainder of the year, while we will shift some planned investment from sales and marketing to further R and D, quality assurance and customer support, we are continuing to invest in our FY 2025 plan for the remainder of the year at this point in time. This will enable us to remain focused on our customers, protect the world against cyber threats and stay on track with our long term investment and growth priorities. We expect these headwinds to remain in varying degrees for about a year with acceleration starting in the back half of next year. From the longer term perspective, we expect to see operating margin improvement on an annual basis in FY 'twenty 6. Additionally, we remain committed to reaching $10,000,000,000 in ending ARR by the end of fiscal year 2,031 and achieving our target non GAAP operating model on an annual basis by fiscal year 2029.

I will provide a detailed update of our long term model and FY 'twenty six outlook after the conclusion of fiscal year 2025. Moving to our guidance. For the Q3 of FY 'twenty five, we expect total revenue to be in the range of $979,200,000 to $984,700,000 reflecting a year over year growth rate of 25%. This includes an estimated $30,000,000 impact from the customer commitment package we discussed earlier. We expect non GAAP income from operations to be in the range of $166,700,000 to $170,800,000 and non GAAP net income attributable to CrowdStrike to be in the range of 200 and $1,200,000 to $205,200,000 We expect diluted non GAAP net income per share attributable to CrowdStrike to be approximately $0.80 to $0.81 utilizing a weighted average share count of approximately 252,000,000 shares on a diluted basis.

For the full fiscal year 2025, we currently expect total revenue to be in the range of $3,890,000,000 to $3,902,200,000 reflecting a growth rate of 27% to 28% over the prior fiscal year. This includes an estimated $60,000,000 impact from the customer commitment package we discussed earlier. Non GAAP income from operations is expected to be between $774,700,000 $783,900,000 We expect fiscal 2025 non GAAP net income attributable to CrowdStrike to be between $908,800,000 $918,000,000 Utilizing approximately 252,000,000 weighted average shares on a diluted basis, we expect non GAAP net income per share attributable to CrowdStrike to be in the range of $3.61 to $3.65 As George mentioned, Falcon 20 24 is going to be our biggest customer event yet. The investor briefing will be held on September 18th and will feature conversations with customers and partners. To join Falcon in person, please contact our IR team for the registration information.

The briefing will also be webcast live on our IR website. We look forward to seeing many of you there. George and I will now take your questions.

Conference Operator: Thank you.

Hamzah, Analyst: Great. Thank you for taking my question. And congrats on the strong results. I wanted to commend you, George, Mike, and the entire CrowdStrike team for, for your response and, and transparency since the outage event. So there's been a lot of talk, George around whether Microsoft (NASDAQ:MSFT) or customers perhaps may want to limit kernel access for future updates.

I'm curious in response to this outage, whether or not CrowdStrike will have to re architect their approach, to the Falcon agent. And if so, would that be a meaningful undertaking that might push you away from the future innovation roadmap? Thank you.

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: Thank you, Hamzah. Let me just try take you through this with a little bit of detail. So despite a lot of the false narratives and misinformation from our competitors, I want to be clear that this was not a kernel update. This was a code update. It was not a code update, it was a configuration update and we already covered the remediation in our prior remarks.

When we think about the architecture of what we've built and re architecting it, I've got to set the record straight on that as well. We have best in class architecture and we lead the industry for a reason. We have greater efficacy, greater manageability and greater scalability than our competitors. And I just want to give you an example of that. If you look at the latest MITRE results, Falcon had 98% coverage, our NextGen competitor had 79% coverage.

It took Falcon 4 minutes for mean time to detection, it took our competitor 47 minutes. And the list goes on and on. If we think about the architecture as well, we have a very lightweight agent, requires 100 megs of storage. Our competitor as a heavy agent requires 3 gigabytes of storage in the Windows environment. So, we didn't become number 1 in the market by having a poor architecture.

We became number 1 by having a great architecture. We talked about, what we've changed here in terms of our configuration updates, and we feel confident about that going forward and our customers feel confident about that. So, we'll continue to work with Microsoft as part of the ecosystem as they look to provide further enhancements around Kernel Access. But just to be clear, there are thousands of software kernel drivers that are out there that go well beyond security like VPN, virtualization software, IT management software, backup software and a lot more. So we are one part of the ecosystem and we're certainly a player that's going to help and work with Microsoft as they think about adding other mechanisms to allow the ecosystem to flourish.

Conference Operator: Our next question comes from Brian Essex with JPMorgan. Please unmute your line and ask your question.

Brian Essex, Analyst, JPMorgan: Great. Good afternoon and thank you for taking the question. Congratulations from me on 1, a fantastic response to the incident and then 2, execution on the back of that is impressive. I guess, George, for me, obviously, you've got peers out there talking about benefit in our pipeline. We still have to see that in their numbers.

But from your perspective, we'd love to get insight into what you're seeing from the pipeline. Obviously, you've called out that the $60,000,000 in deals that kind of pushed into 3Q. But from a competitive perspective, what are you seeing in terms of the number of peers that are invited into the process? The convert and maybe a little color around the conversations that having at the C level that are leading to some of those extended sales cycles that would be really helpful to get that insight?

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: Sure. Obviously, there's a lot of noise in the marketplace and we can only control what we can control. And I think the best way for me to articulate that is to just recount some of the conversations. I had 2 customer calls this morning and most of them started out the same. They talk about our response, how transparent we were and how we dealt with the problem.

We talk about some of the mitigating steps that we've taken. And it generally ends with we want to do more with CrowdStrike. I had one this morning, which was a customer that had an impact. We talked through it. They were satisfied with the controls we put in place.

And in fact, on the call, they basically said we won the next gen SIM project they had, which we won against another next gen SIM competitor. So this is what we're seeing. And again, I'm recounting my calls and many, many of them sort of start and end the same way. So that gives me encouragement again that we've built a lot of trust with our customers over time. And we put a lot of trust in the bank.

Yes, we had an issue on July 19th. We've been very clear about that and very transparent. But consistently the calls have been you have saved us way more times than this incident and we are all in on CrowdStrike and we're all in for all the reasons we've talked about in the past. The consolidation play, the ability to save time, money, get better outcomes and take 4, 5, 6 and 7 products and move them to the Falcon platform. That hasn't changed before the 19th July and hasn't changed after the 19th July.

And this is what customers are coming back to us with.

Conference Operator: The next question comes from Saket Kalia with Barclays (LON:BARC). Please unmute your line and ask your question.

Saket Kalia, Analyst, Barclays: Okay. Great. Can you hear me? Hey, George, can you hear me?

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: Yes. We can hear you.

Saket Kalia, Analyst, Barclays: Sorry about that. Awesome. Sorry about Thanks a ton for taking my question and offer my congrats as well just on the resilience here in the face of a very tough couple of weeks. George, maybe my question is for you. I'd love to just touch on FalconFlex a little bit.

This was something that you were investing in before the outage as well, but it sounds like it's something that can also be helpful for customers to maybe drive better security outcomes as well. Can you just maybe touch on that and how it's maybe helping that conversation post outage?

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: Sure. Well, when we think about Falcon Flex, this was born out of demand from our customers. If you look at our module attach rates, which we've gone through again many times in the past and they continue to go up as customers rely more and more on CrowdStrike, they came to us and said, hey, we want an easier and more flexible way to consume your Falcon platform. When you start with 1 module, when I started the company and you're at 28 today is a lot that you have to go through with a customer. And we wanted to meet customers where they wanted us to be, which is more CrowdStrike, make it easier through procurement cycles and then ultimately allow them to consume it how and when they wanted to consume it.

So we started down this journey a while back and it continues to gain a lot of traction with our customers. We've taken this and you heard this in my prepared remarks and we are able now through our customer commitment package to be able to offer Falcon Flex and again some of the things that we went through whether it's modules or time or what have you, we can allow our customers to be able to consume that as part of the customer commitment package. And we think overall it's great for customers because we're coming to the table and solving business problems. And also it's great for CrowdStrike long term because we're allowing them a very flexible model to continue to consume CrowdStrike, which they know and love.

Conference Operator: Our next question comes from Tal Liani with Bank of America. Please unmute your line and ask your question.

Tal Liani, Analyst, Bank of America: Oh, here we go. Now I now you can hear me. Last night, there was one of your competitors that said that customers would be more afraid now to buy to put all the eggs in one basket, meaning buy more modules from a single vendor and they'll opt for the diversification of customers, sorry, vendors. And for you, at least in previous quarters, I didn't calculate this quarter, but about 2 thirds of your growth came from upsell to existing customers. And the question is whether you have any evidence if the events change the appetite of customers to buy from a single vendor, to buy from you specifically?

Have you seen any change of customers willing to buy up for your ability to upsell to them the other modules, etcetera? And there is just I know it's one question, but there is just one thing that is a follow-up on something. But the full year EPS guidance translates into a very big 4Q EPS, if you can somehow go over it to make sure that we have the right numbers? Thanks.

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: Okay, Todd. Let me take the first part. So when we think about more modules, it gets back to what I just went through. Customers want to do more with us. Obviously, we talk about what happened, why it's not going to happen again, but they want to buy more from us.

And again, customers' comments back to me are they don't want to go backwards, they don't want a bunch of disparate products, they don't want a bunch of different consoles. And they specifically told me that the adversary lives in the gaps between products, in the seams between products. So what they're looking for is the ability to cover more of their estate, right, to have a complete view. And when you look at next gen SIM, it allows us to take telemetry and logs in from other systems beyond the 1st party data that Crouch Rec is generating. So I would say the long and the short of that is customers don't want to go backwards and have

Saket Kalia, Analyst, Barclays: a patchwork of products. They're still focused on the consolidation piece

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: and they're They are still focused on the consolidation piece and they're looking at us as one of the key consolidators in the market. Yes. So on your question with respect to EPS, as we thought about

Bert Podbear, Chief Financial Officer, CrowdStrike: the impacts to non GAAP, as we thought about the impacts to non GAAP operating income, we talked about the some of the headwinds that we had, mostly driven from revenue side of the house. And we tried to be consistent in the way that we approached the guide on both Q3 and full year. So that's how we thought about it when we gave our guidance.

Conference Operator: The next question comes from Joel Fishbein with Truist. Please unmute your line and ask your question.

Joel Fishbein, Analyst, Truist: Thanks for taking my question and also really great transparency, George and Bert. Thank you very much. My question is on guidance methodology. Bert, can you just go through a little bit of how you came up with the guide for the back half of the year considering all the moving pieces? And I guess the question, how it changed relative to how you've done your guidance before?

That would be really helpful. Thank you.

Bert Podbear, Chief Financial Officer, CrowdStrike: Sure. On the revenue side, the biggest impact comes from the customer commitment package that George walked through. So that's the one that's going to drive the biggest impact. And we walked through the numbers in terms of revenue, the impact. We said $60,000,000 in the back half, dollars 30,000,000 in Q3 $30,000,000 in Q4.

So that was the biggest driver on revenue. And then obviously, that falls down to non GAAP operating income. And so we did as we thought about it and we thought about how it impacts everything from revenue to EPS, we really took that prudent approach. There has been nothing in terms of big changes in terms of how we got it. We guide to what we see, not to what we don't see.

But again, the biggest impact was the how the customer commitment packages impacted both the top and bottom. And they were consistent in how we applied the approach.

Conference Operator: Our next question comes from Gabriela Borges with Goldman Sachs. I would love to get a little bit more detail, George and Bert, on the customer commitment packages. And you mentioned a couple of dynamics there alongside duration and concessions. So maybe just a little more on how you came up with that $30,000,000 number in 3Q and 4Q? And what are some of the guardrails and how you think about the appropriate amount of duration or discounting or concessions that you want to give a customer to keep them happy and satisfied with the CrowdStrike platform?

Thank you.

Bert Podbear, Chief Financial Officer, CrowdStrike: Thanks, Gabriela. So in terms of how we came about the $60,000,000 in the back half, we'll just focus on the net new ARR. We thought about 3 things, right? We thought about, hey, we've got, we talked about the delay in pipeline generation, so that has an impact. We talked about longer sales cycles, that's due to increased scrutiny.

And that's not just for us, but that's for I think most people in software and tech. And then we talked about the muted upsell value. So we took all those things into consideration when we thought about the impact on the customer commitment packages. As far as the packages themselves, you're right, we have different pieces within the package, George, outlay them pretty well. We talked about some of them being discounts.

We talked about some of them being duration. Duration has an impact, of course, on net new ARR. But we also talked about product, and product will have an impact more on COGS. So that's going to impact the bottom. So we took all those factors together to come up with our guide and that's how we came up with the 60,000,000

Conference Operator: dollars Our next question comes from Rob Owens with Piper Sandler. Please unmute your line and ask your question.

Rob Owens, Analyst, Piper Sandler: Yes. Bert, I guess as a follow on to that, thanks for taking my question here, is $60,000,000 through the remainder of this year, but you talked about some of the weakness potentially persisting for a year in terms of net new ARR. So I know you're not guiding to the out year, but as we kind of contemplate this, should we think about this more on a 12 month basis? And then as the selling of these customer commitment packages starts to anniversary a more normalizing relative to net new ARR growth and relative to maybe where margins were historically? Thanks.

Bert Podbear, Chief Financial Officer, CrowdStrike: Thanks, Rob. So I think that this type of incident has a half life, right? So there'll be a diminishing impact over time. So Q3 will be harder than Q4, Q4 will be harder than Q1 and so on and so forth. I think the biggest piece for us is that when we get to the back half of next year, we'll start to see an acceleration in the business.

And that's the big picture, and that's what I want everybody to walk away from.

Conference Operator: Our next question comes from Matt Hedberg with RBC. Please unmute your line and ask your question.

Saket Kalia, Analyst, Barclays: Thanks for taking my questions. Actually, maybe a little bit of a follow-up to Rob's question. I think, Bert, you kind of addressed it. I mean, do you think part of that acceleration is some of these commitments then expanding usage? In other words, what's a bit of a headwind now is part of that broader commitment that just kind of compounds itself?

In other words, is that part of that tailwind that we should think about next year is this renewal cycle of these commitments?

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: Yes, this is George. So when we think about the consumption of Falcon Flex, typically what we've seen is customers consume more of it faster than they originally anticipate because we're providing value. So when we think about to Bert's comments next year, obviously, there'll be more modules in use and I think we have the ability to go back to those customers and understand what other things we can do for them, including looking at additional flex opportunities based upon what they've been using over the last period of time. Anything to add to that?

Bert Podbear, Chief Financial Officer, CrowdStrike: Yes. No, I think it's what George talked about, it's seeding for the future. And I think that starts to take play back half of next year.

Conference Operator: Our next question comes from Fatima Boolani with Citi. Please unmute your line and ask your question. Good afternoon. Thank you for taking my questions. I appreciate it.

George and even Bert, please chime in. So on this procurement vehicle Falcon Flex, clearly you've seen a tremendous amount of positive data points. You shared them in the script, dollars 700,000,000 deal value created with just 1 year in the market. I'm wondering if this is now going to be the predominant go to market approach for you all in terms of incentivizing broader portfolio adoption? And then related to that, Bert, as we think about extrapolating some of the financial implications in the out years beyond your framed guidance, how should we think about renewal cycles and renewal conversations coming up that you could potentially steer towards these contracts such that you do still get an elongated period of maybe net new ARR growth?

Can you help me sort of straddle those 2? Thank you.

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: Yes. So when we think about Falcon Flex, again, born out of what customers wanted, we've seen tremendous success with it because it opens up the entire product portfolio to our customers. They can pick and choose what modules they want. They can leverage it where they want it. As they acquire new companies, as an example, it's very easy for them to add new modules or new endpoints or cloud workloads.

It minimizes procurement cycles. So it's a great thing for customers, it's a great thing for us. And it is a prime one of the primary mechanisms we're using from a go to market motion going forward. So it is something that we put in place. We've seen the tremendous results from it, and we'll continue to lead with that into our customer base.

Bert Podbear, Chief Financial Officer, CrowdStrike: Yes. So all those things are the things that we're looking for. And as I think about the future in terms of our renewal opportunities, the Flex does offer more ability for the customers to consume more, to take on more, and that just bodes well for our renewal cycles, right? We want them to do that. And so by seeding them now, that's only going to bode better for us in the future and better for the customers more importantly.

I think they're going to benefit more and more as, look, we're going to come up with new products, right? And those are going to be available to them. And so that's how we think about the renewals and the new renewal possibilities as we look out into the future.

Conference Operator: Our next question comes from Andrew Nowinski with Wells Fargo (NYSE:WFC). Please unmute your line and ask your question.

Maria Riley, Vice President of Investor Relations, CrowdStrike0: Okay, good afternoon. Thank you for taking the question. And I'm assure every organization that was impacted appreciates the transparency and the contrite response you have today. So I wanted to ask about really on the renewal cycle as well. I was wondering if you could just give us any more color around the mix of renewals throughout the year.

I would imagine Q4 is typically has the most renewals out of all 4 quarters. But maybe if you could just provide more color on the mix. Maybe which quarter do you think there's more risk to a higher mix of renewals in case they don't potentially renew? Thank you.

Bert Podbear, Chief Financial Officer, CrowdStrike: Thanks, Andy. So two things. So one, there is definitely seasonality right in our business and we've talked about it. You've highlighted Q4. That's typically our highest quarter of deals.

And I think second, what I've talked about earlier, it's this idea of a half life. The closer you are to the sun, the hotter it is, the more difficult it is in terms of the headwinds. And as you move farther and farther out, you see more relief. So the impact gets less. So if you combine those two things, that's how I would think about the renewal cycle.

Conference Operator: Our next question comes from Roger Boyd with UBS. Please unmute your line and ask your question.

Maria Riley, Vice President of Investor Relations, CrowdStrike1: Great. Thanks for taking the questions and I will add my congrats on the response and resilience demonstrated over the last month. George, just on the hyper growth modules, nice to see that group pass $100,000,000,000 collectively or $1,000,000,000 collectively. It sounded like the timeline, you reiterated the $10,000,000,000 ARR targets, it sounded like the timeline got pushed towards the longer side of the 5 to 7 year range you provided before. Would just love to get kind of your view on the durability of growth there.

I get there's a lot of uncertainty, but just kind of any view on how you expect it to play out as the right view that you just see this as kind of a 1 year speed bump towards those longer term guidance?

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: Yes, I'll start and then I'll turn it over to Bert. When we think about the durability of CrowdStrike, I think we've demonstrated it this quarter. We've had a history of durable growth because we're solving real problems for customers. And when you look at some of the businesses that we talked about, identity and cloud and Next Gen SIM, dollars 1,000,000,000 is incredible when you look at the growth rate. So we've got multiple vectors of growth for CrowdStrike.

We've got a massive TAM opportunity that's only getting bigger. And we always at CrowdStrike have and will continue to take a long term view of the market. So we're going to deal with this in the short term. And then obviously, I think this sets us up well for the future. Bert?

Bert Podbear, Chief Financial Officer, CrowdStrike: Yes. So, Roger, the key here is that we remain committed to reaching the $10,000,000,000 in ARR by the end of 2,031. I mean, that's the that was part of the range that we gave out in prior periods, and we're still committed to it.

Conference Operator: Our next question comes from Joseph Gallo with Jefferies. Please unmute your line and ask your question.

Saket Kalia, Analyst, Barclays: Hey, guys. Thanks for the question. Can you just update us on the federal momentum? You're entering their biggest quarter and how should we think about that business? Does the IT outage slow momentum there given they're typically pretty conservative?

Thanks.

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: Sure. Well, Q3 obviously is the federal quarter. I think we've got good momentum. We've done, I think, well with the sister relationship that we have. And as many things in the federal space, it takes time and we continue to build momentum and win deals in those categories.

And not only federal, but we think about state and local, incredibly strong across the board. And we're just talking about the U. S, right? We do this for the rest of the world. So we like our opportunity there.

Those are always long term opportunities, we're certainly encouraged in terms of the success that we've had so far.

Conference Operator: Our next question comes from Greg Moskowskowitz with Mizuho (NYSE:MFG). Please unmute your line and ask your question.

Maria Riley, Vice President of Investor Relations, CrowdStrike2: Okay. Thank you for taking the question. And also well done in terms of the transparency. I had a clarification just on the customer commitment packages and CrowdStrike's future expansion strategy. Is part of the plan effectively giving away, you know, modules to existing customers for upwards of a year?

In other words, when you speak about an expectation of muted upsell dollar values and temporarily higher levels of contraction, Is this part of the seeding strategy that you're referring to?

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: I'll start with we always want to do the right thing for the customer. And customers we're solving business problems and they like our technology, they love our technology, right. So when we think about the opportunity to drive greater platform adoption, certainly that should be added into the conversation. And what we've seen over time and we've built a history of greater module adoption. You can see that since you've been tracking this from our IPO.

So from that standpoint, we do think the long term opportunity proves well for CrowdStrike. And having customers use more modules is always a good thing. And that's what we're focused on.

Conference Operator: Thank you. This concludes today's question and answer session. I would now like to turn the call back over to George Kurtz for closing remarks.

George Kurtz, President, CEO, and Co-Founder, CrowdStrike: So thank you all for your time today. We appreciate your continued support and look forward to seeing you at our upcoming investor event at Falcon. Thank you.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.