CrowdStrike, the company responsible for the IT outage described as the worst the world has ever seen, has been a Wall Street darling over the past year.
So far in 2024, the share price has risen 96%, making it one of the best performing stocks on both the tech-heavy Nasdaq index and the broader S&P 500 index, which it was recently added to. This means the company was valued at £84bn at the close of trading on Thursday evening.
Money blog latest How CrowdStrike Got Investors ExcitedWhat excited investors was how the Austin, Texas-based company sold itself as a one-stop shop for so-called "endpoint" security and how much of what it did was AI-driven.
Endpoint protection originally started as simple antivirus software, but over the past decade has evolved into a range of services aimed at protecting endpoints, the physical devices (computers, laptops, mobile phones, tablets and servers) connected to a network.
These services include threat detection and investigation, data breach prevention and network management.
The huge market share made it so popularSeveral factors in particular made CrowdStrike so popular. First, it had a market share of about 24% of the endpoint protection market.
Secondly, there was the migration of data and provision of IT services to the cloud. This transformative change created an increased demand for cybersecurity services.
By the end of last year, less than half of the world's workloads had migrated to the cloud, indicating that demand will continue to grow significantly in the future.
A key moment for cybersecurity spendingThird, and perhaps most importantly, new rules were announced in late 2023 by the Securities & Exchange Commission, the U.S.'s top financial regulator. These rules require publicly traded companies to disclose cybersecurity incidents and annually disclose their cybersecurity risk management, strategy and governance.
That too was seen as a key driver of demand, as was increased spending on cybersecurity by governments around the world, and particularly in the United States.
CrowdStrike and its prospects were so highly valued that it was trading at a great rating. Investors traditionally value companies based on a multiple of their earnings (the price-earnings ratio), and the higher the multiple, the higher the rating.
Based on CrowdStrike's expected earnings for the year through the end of April 2025, the company was valued at a multiple of 98 as of Thursday's close, compared with the current multiple of 28 for the S&P 500.
So it was a company in which a lot of hope was placed.
Who is George Kurtz?The story of CrowdStrike, and that of its president and chief executive, George Kurtz, is that of endpoint protection itself. Mr. Kurtz, whose stake in CrowdStrike was valued at $4.2 billion on Thursday night, was a qualified accountant who founded an anti-virus software company called Foundstone in October 1999.
In 2004, he sold it to McAfee, another antivirus software vendor, for $86 million and became the company's Chief Technology Officer.
In 2009, he also wrote Hacking Exposed: Network Security Secrets & Solutions, the world's bestselling book on cybersecurity.
In 2011, he became frustrated with the way McAfee was evolving in response to the changing nature of cyber threats. The situation reached a head when he saw another passenger on an airplane spend 15 minutes downloading McAfee's service onto his laptop.
He later told business magazine Forbes in 2020: "This guy was talking to the flight attendant, he was reading his newspaper and he was doing all this stuff while the software was grinding away and I just sat there and thought, Oh my God. I'm the CTO of this company and this is horrible."
He then left to join Warburg Pincus, a private equity firm, with a vision to build a cloud-based service that provides endpoint security, as it is now known, based on an "intelligence-first" approach.
That was the genesis of CrowdStrike, whose original slogan was "We Stop Breaches."
Stopping US Government Attacks and Identifying Election InterferenceThe company attracted widespread attention when it announced in June 2016 that it had identified attempts by two Russian intelligence agencies, codenamed Cozy Bear and Fancy Bear, to hack several U.S. government agencies, including the White House, the State Department and the Joint Chiefs of Staff.
Latest Global IT Outages: Massive Disruption Hits Travel and Doctors' Offices WorldwideIt also revealed that the hackers had infiltrated the Democratic National Committee in what is now seen as an attempt by Russia to interfere in that year's U.S. presidential election. It emerged that the hackers had stolen emails from the DNC and Hillary Clinton's campaign and given them to Wikileaks.
Mr. Kurtz, who got his first computer at age 10 - a Texas Instruments 99/4A machine on which he quickly designed games - was big news, as was CrowdStrike. VCs and other investors, including Google, fell over themselves to invest in the company.
CrowdStrike listed on the Nasdaq in June 2019 with a value of $11 billion, valuing Kurtz's stake at $1.7 billion.
Dealing with a crisisIt's been a spectacular story so far, but how Kurtz handles this crisis will be crucial.
He looked exhausted as he apologized to CrowdStrike customers during an interview with NBC today, saying, "We are so sorry.
"That update contained a software bug and caused a problem with the Microsoft operating system.
"We identified this very quickly and resolved the issue."
A quarrelsome one relationship with MicrosoftHowever, these comments could further damage the already strained relationship between CrowdStrike and Microsoft.
In April of last year, Kurtz accused Microsoft during a presentation to investors of "following the same failed model that McAfee and Symantec have used for the last 25 years." He also alleged that CrowdStrike regularly beat Microsoft when the two were competing.
He reiterated these comments when asked about Microsoft's move into cybersecurity last December, saying, "Given Microsoft's history, it's like the doctor selling cigarettes to the patient."
In May this year, after the US Cyber Safety Review Board criticized Microsoft for failing to prevent a cyberattack in 2023, Cyber attack on his cloud service he launched a service called Falcon for Defender, claiming that the service would stop attacks that were missed by Microsoft's own Defender service.
Biggest supportersHe said: "We have decided enough is enough. There is a widespread crisis of confidence among security and IT teams across the Microsoft customer base."
For now, some of CrowdStrike's biggest supporters remain confident.
Dan Ives, managing director and senior equity research analyst at Wedbush Securities and one of Wall Street's most prominent tech watchers, told clients today: "CrowdStrike has a strong brand and global marketing presence that will need to step up in the coming weeks and months to limit the damage from this situation.
"Today, CrowdStrike has become a household name, but not in a good way. It will take some time for this to settle, but it does not change our positive view of CrowdStrike or the cybersecurity industry in the long term."
Long-term effectsMeanwhile, Microsoft is doing everything it can to distance itself from this crisis.
But this incident will have major long-term consequences.
JD Vance, Donald Trump's vice presidential nominee, is a vocal critic of big tech.
Concerns that a handful of large technology companies have an unhealthy grip on their markets, and that control over the world's critical IT infrastructure is too concentrated, are likely to grow in the coming days.
Microsoft will likely have to draw on its decades of experience battling politicians and regulators.