The stock has recovered to near all-time highs, but $1-3B in potential litigation liability and Microsoft's kernel access restrictions create downside risk the market isn't pricing at 60x forward earnings.
When CrowdStrike's faulty Falcon sensor update crashed 8.5 million Windows machines in July 2024, I wrote that the incident would be a watershed moment for the company — either a one-time stumble that strengthened the platform's reputation through transparent response, or the beginning of a trust erosion that would take years to repair.
Eighteen months later, the stock has recovered to near all-time highs. Revenue grew to $4.2 billion in FY2025. The net retention rate remained above 120%. By every surface-level metric, CrowdStrike has moved on.
I'm not convinced the market is seeing the full picture.
Credit where it's due: CrowdStrike's response to the July 2024 outage was textbook crisis management. George Kurtz was visible, transparent, and accountable. The company deployed remediation tools within hours, provided $60 million in customer credits, and launched a comprehensive review of its software testing processes.
The financials reflect genuine resilience. Revenue grew 31% year-over-year in FY2025. The company added more new logos in the two quarters after the outage than in the two quarters before. Module adoption — the critical metric showing customers expanding from endpoint to cloud, identity, and observability — continued to deepen. Gross margins held above 75%.
The data shows companies survive worse reputational hits. Microsoft recovered from the SolarWinds compromise. Equifax recovered from a breach that exposed 147 million Americans' data. CrowdStrike's recovery is real. My concern isn't the recovery. It's what the recovery is obscuring.
TickerXray Report
Get the complete CrowdStrike report with all 12 quantitative models, AI-generated investment thesis, and real-time data.
CrowdStrike faces a lawsuit from Delta Air Lines seeking $500 million in damages from the outage. Delta claims the faulty update caused 5,000 flight cancellations and $380 million in direct losses. CrowdStrike has countersued, arguing Delta's outdated IT infrastructure exacerbated the impact.
Delta is the headline case, but it's not the only one. Multiple class action lawsuits are pending from shareholders and affected businesses. The total potential liability — while impossible to quantify precisely — could range from $1-3 billion if cases go to trial and juries are unsympathetic to a cybersecurity company that crashed the systems it was supposed to protect.
Here's what worries me specifically: CrowdStrike's insurance coverage for this type of event is estimated at $500 million-$1 billion. Any liability above that ceiling comes directly off the balance sheet. The company has $3.3 billion in cash and $750 million in debt — the balance sheet can absorb it, but it would meaningfully impair the capital return programme and potentially force a dilutive capital raise if the worst-case scenarios materialise.
CrowdStrike's Falcon platform runs as a kernel-level agent on every protected endpoint. That architectural decision — which provides the deepest visibility and fastest response times in the industry — is also the single greatest source of systemic risk. A kernel-level agent that crashes takes the entire operating system down with it. That is exactly what happened in July 2024.
Microsoft, following the outage, announced plans to restrict third-party kernel access in future Windows releases. If Microsoft follows through — and there are strong commercial incentives to do so, as it would advantage Microsoft's own Defender product — CrowdStrike would need to redesign its fundamental architecture. That redesign would take 18-24 months and could temporarily reduce detection efficacy.
I've been tracking this dynamic closely. Microsoft's messaging has been deliberately ambiguous, but the technical direction is clear. CrowdStrike at 60x forward earnings with a pending architectural risk from its largest platform partner is the key risk to watch.
CrowdStrike is the best pure-play cybersecurity platform in the market. The recovery from the July outage has been impressive, and the underlying business momentum is real. I am not arguing the company is broken.
What I am arguing is that at 60x forward earnings, the stock prices in zero litigation risk, zero architectural risk from Microsoft's kernel access changes, and continued 25%+ growth for the next five years. All three of those assumptions carry meaningful uncertainty. If the Delta lawsuit results in a $500 million+ verdict, or if Microsoft restricts kernel access in Windows 13, the stock could correct 25-30% in a matter of days.
I'd need to see CrowdStrike at 35-40x forward earnings — implying a 30-35% pullback — before the risk-reward makes sense. That might require a catalyst the bulls don't want to think about, but catalysts have a way of arriving uninvited. I'm bearish at this price and waiting patiently for a better entry.
Full forensic analysis of CrowdStrike
+ 6 more models included
150,000+ stocks covered
Global coverage across 60+ exchanges. Every report includes all 12 quantitative models and AI analysis.
View plansEvery report runs 12 quantitative models and generates an AI investment thesis. From Piotroski scores to manipulation detection -- get the full picture in seconds.
12 forensic models
Piotroski, Altman, Beneish, DuPont & more
AI investment thesis
Synthesized outlook on every stock
Manipulation detection
Spot red flags before they hit the news
150,000+ tickers
Global coverage across 60+ exchanges
Expected return
Forward return projections for every stock
Real-time data
Live prices, insider trades, news sentiment
Free accounts get 1 report per month. Pro gets unlimited.
CrowdStrike at $96 billion market cap versus Cloudflare at $59 billion — both are growing revenue at 25%+, both are unprofitable on a GAAP basis, and both claim to be the platform that wins cybersecurity. One is overvalued.
Customer churn from the July 2024 outage has been negligible, but at 80x earnings and 15x revenue, CrowdStrike is priced for perfection again.
With $4 billion in ARR, 78% gross margins, 120%+ net retention, and 75% of customers on 5+ modules, CrowdStrike is winning the cybersecurity platform consolidation war.