Invest better with The Motley Fool. Get stock recommendations, portfolio guidance, and more from The Motley Fool's premium services.
*Average returns of all recommendations since inception. Cost basis and return based on previous market day close.
Cybersecurity is a mind-bogglingly complex topic. That's especially true for those of us who aren't tech professionals. When we encounter such complexities, it's usually best to put them in the "too hard" pile and move on.
I, too, have typically shied away from the industry. And yet, few niches are growing in importance at the same rate. That makes learning how to invest in cybersecurity stocks a profitable endeavor -- if we're willing to roll up our sleeves.
After doing that, there was only one stock I was comfortable with: CrowdStrike (CRWD +0.05%). What's more -- the reason I picked it should be understandable to just about anyone.
Image source: Getty Images
Things never turn out as we plan -- whether in investing or in life. Accepting this reality, we must ask: if things go terribly wrong, what will the consequences be?
Here's what I mean: my burger might not taste good upon a trip to the restaurant. What's the worst that could happen to the company? A bad review from me? Losing my business? No, one dissatisfied customer shouldn't ruin the entire pot.
With cybersecurity, the dynamics are different. Cybersecurity is supposed to protect you from digital villains. If those villains find a weakness, they won't just steal from one client -- they'll attempt to steal from them all. Such a breach quickly leads to a tarnished brand.
Perhaps that's an oversimplification, but those dynamics -- the fact that a single breach could bring a company down -- have historically been enough to keep me away from the sector.
Recently public CrowdStrike takes an entirely different approach to cybersecurity. But first, here's how it works: when a company signs on to use CrowdStrike (it has 10 modules and an app store), they are basically getting access to two tools:
By taking this approach, customers get non-clunky cyber-protection (agents) while still getting big data, number-crunching protection (threat graph).
This is where things get really interesting. Quoting from the company's prospectus:
Threat Graph processes, correlates, and analyzes over one trillion endpoint-related events per week in real time and maintains an index of these events for future use. Threat Graph continuously looks for malicious activity by applying graph analytics and AI algorithms to the data streamed from the endpoints.
Allow me to translate: With each additional data point, Threat Graph grows stronger and harder to fool. Why does that matter? Because each additional customer adds significant value (data for AI) to existing customers.
Think of it this way: If a new customer in Budapest is hacked by an organization using a brand-new approach, the rest of CrowdStrike's customers all over the world are instantly protected.
In a sense, CrowdStrike wants its customers to get hacked. It's like a flu shot: by injecting a little bit of the virus, the rest of your body (other CrowdStrike users) builds up an immunity.
Because CrowdStrike was the first company to deploy this cloud-based approach, the first-mover advantage is enormous. Why would you go with any other company when you know that CrowdStrike has the deepest well of data via the Threat Graph?
And if you want cold, hard data, the company's results provide that as well. There's a lot to like in the company's third-quarter conference call from December.
Let's start with the number of CrowdStrike customers.
Data source: SEC filings. Chart by author.
It's important to note that these figures are sequential -- not year-over-year. In other words, CrowdStrike added over 750 new customers in three months alone the last time it reported. Overall, this translates to a growth rate of 145%. Customers are more than doubling every year!
But that's not all. Increasingly, they are using more and more modules (remember, there are 10 to choose from right now) to help secure their operations. The company regularly reports the percentage of customers using four or more modules.
While it appears that growth here is stalling, there are two things to remember:
In the conference call, management also volunteered that 30% of customers are now using at least five tools.
Finally, when these forces combine -- more customers using more tools -- they lead to huge growth in annual recurring revenue (ARR).
Again, this is all presented on a sequential basis. Over the past two-plus years, ARR has jumped at a 118% rate.
Here's why all of this matters: CrowdStrike benefits from both high switching costs and network effects. Each additional customer adds more data ("flu shots"), making the entire system that much healthier.
Because the company is also a software-as-a-service (SaaS) play, it will increasingly be able to leverage this position for outsized free cash flows. In the previous quarter, in fact, the company generated $7 million in free cash flow -- a great sign for such a young company aggressively reinvesting in itself.
For all of these reasons, I'll be buying (more) shares of the company when Motley Fool trading rules allow. If you're interested in the sector, I suggest you consider doing the same.