I posted Friday, June 11, that investors looking for a theme to buy in an expensive market had turned to Cyber Security stocks. Makes sense, I noted, with ransomware attacks running at a fast pace and forecast pointing to even more attacks on corporate and government systems in the months (years?) ahead. I wrote that in this sector I already owned Palo Alto Networks in my Jubak Picks Portfolio where the stock is up 79% since I added this position on June 27, 2019, and in my 50 Stocks Portfolio where it is up 50% since I added this position on January 21, 2020, and in my new Millennial Portfolio where the position is up 0.94% since I added it on May 21, 2021. And that I would be adding another Cyber Security stock, CrowdStrike Holdings, to my Jubak Picks and Millennial portfolios on Monday, June 14
Estimates for the increase in detected ransomware attacks in 2020 over 2019 are all over the block from from 150% from Group-IB to 485% by Bitdefender. But I think it’s safe to say that the growth rate is fast.
And that it’s likely to get faster. The proliferation of Internet of Things devices, for example, is feeding into the growth., Many IOT devices use proprietary operating systems and these seem to be exceedingly vulnerable to attack. Bitdefender reports that IOT devices with proprietary operations systems account for 34% of the devices that consumers own, but were the subject of 96% of detected vulnerabilities. Smart TVs, for take a specific example, saw a 338% increase in detected vulnerabilities in 2020 over 2019.
Even in this context, though, the first quarter fiscal 2022 results reported by CrowdStrike Holdings (CRWD) on June 3 are eye popping. First-quarter fiscal 2022 non-GAAP earnings of 10 cents per share, beating the Wall Street consensus by 67%. The year earlier quarter saw earnings of just 2 cents a share. First-quarter revenue of $302.8 million was up 70% year over year and beat the consensus projection of $251 million quite easily. Subscription revenues surged 73% year over year to $281.2 million.
For fiscal 2022, management raised its revenue guidance in the range of $1,347 million to $1,365.7 million from the previous range of $1,310.4 million to $1,320.7 million. And the company now anticipates non-GAAP EPS of 35 cents to 41 cents up from 27 cents to 30 cents.
And the quarter contained the foundation for future growth beyond the end of this fiscal year. The number of subscription customers rose by 82% with the company adding 1,524 net new subscription customers during the quarter. That brought there total number of subscription customers to 11,420 as of April 30. Those cusmters are also buying more modules from CrowdStike with the number of subscription customers who adopted four or more cloud modules increasing to 64%, those with five or more cloud modules rosing to 50%, and for six or more cloud modules climbing to 27%.
The company added $143.8 million to its net new annual recurring revenue (ARR), achieving $1.19 billion, up 74% from the year-ago quarter’s levels. The dollar-based net retention rate exceeded 120% at the end of the quarter. Non-GAAP gross margin expanded 150 basis points on a year-over-year basis to 77%. Subscription gross margin advanced 100 bps to 79%.
All these numbers about subscriber growth and retention are especially important at CrowdStrike because of the company’s business and technology model. CrowdStrike’s cloud-native security software is built around the idea that its platform would continuously digest data from all attacks anywhere in among its subscribers and then use that crowd-sourced (hence the CrowdStrike name) data to improve its algorithms to detect more attacks, more effectively. That crowd-sourced information comes not just from in-house networks but from devices ranging rom servers to laptops and includes attacks on virtual machines and cloud networks. That technology approach has the advantage of making CloudStrike’s protection more effective as the company adds subscribers.
As a business model, the technology leads to the kind of “the big get bigger” and better approach that leads to very low rates of switching and a very persuasive marketing pitch. (The protection is, of course, only as good as the algorithms and the company’s artificial intelligence systems. The biggest danger that I can see to CrowdStrike would be news of a big attack on a customer that wasn’t caught by the company’s software. That is a danger to all Cyber Security stocks.) And this approach seems especially well-suited a wold where cyber attacks are increasingly sophisticated.
The stock closed at $231.27 on Friday, up 1.17%. I’m adding it to both the Millennial and Jubak Picks portfolios. My one-year target price in my Jubak Picks Portfolio is $277 a share.
Full disclosure: I own shares of Palo Alto Networks in my personal portfolios. I will be adding shares of CrowdStrike to my personal portfolios three days after this buy is posted.