Modern society is full of devices that could be hacked at any time. Whether from an iPhone, a work laptop, or even a smart home product, people are at risk every day of having important personal information stolen by virtual thieves. Infrastructure such as CRM systems, cloud computing, and artificial intelligence are important tools for businesses of all sizes. However, none of these investments will bear fruit unless they are secure. Large corporate data breaches like that at Equifax, as well as the "new normal" of working from home, have bolstered the need for increased cybersecurity protocols. Endpoint security is an important component of the broader cybersecurity umbrella and has traditionally been controlled by incumbent players such as Microsoft, Broadcom, and McAfee. New innovators such as CrowdStrike (CRWD 0.58%) have entered the endpoint security landscape and are gaining market share at a staggering pace. Let's dig in and see if CrowdStrike is poised to dominate cybersecurity and how it stacks up against the competition.
How important is cybersecurity?
Companies of all sizes are investing heavily in different software systems and modules for their digital transformation efforts. Moreover, an increasing number of these tools are based in the cloud, which could benefit native cloud solutions such as CrowdStrike. According to a 2021 CIO survey performed by Morgan Stanley, roughly 25% of application workloads resided in public clouds in the fourth quarter of 2021, with the value forecast to increase to 44% by 2024. Additionally, security projects are the least likely of IT projects to get cut from company budgets, according to the survey.
Although CrowdStrike offers a number of different cybersecurity modules, the company specializes in endpoint security. An endpoint is a hardware that connects to a network. For example, a work laptop that connects to your employer's network is an endpoint. To understand how critical endpoint security is, consider the fact that IBM estimates the average data breach costs a large corporation about $4.3 million, whereas a successful endpoint attack costs about double that at between $7 million and $9 million according to the Ponemon Institute. In legacy network infrastructures it was common for cybersecurity measures to encompass endpoints, servers, and different applications. However, due to increasing IT investments, partially spurred by the pandemic, network perimeters have expanded. This means that cybersecurity protocols must encircle new applications in the cloud, remote workers, mobile devices, and more. This dynamic is beneficial for CrowdStrike because as companies rely more heavily on cybersecurity, its total addressable market should also increase.
The competitive landscape is big, and it's starting to heat up
Although the cybersecurity market is well-positioned for growth, CrowdStrike faces fierce competition from both larger and smaller industry players. According to its latest earnings results, Microsoft generated $15 billion of security revenue in 2021, which represented a 45% increase year over year.
Furthermore, Microsoft may be looking to bolster its security efforts, as the company was recently rumored to be considering acquiring cybersecurity firm Mandiant.
On the other end of the spectrum, CrowdStrike faces competition from smaller companies such as SentinelOne. Even though SentinelOne's annual recurring revenue of $237 million is much smaller than CrowdStrike's $1.5 billion, the company is growing its revenue base in the triple digits. SentinelOne reported revenue of $56 million in Q3 2021, representing 128% year-over-year growth. By comparison, CrowdStrike reported total revenue of $380 million, representing 63% year-over-year growth. However, when it comes to financial results, revenue growth is not the only factor to consider. SentinelOne's triple-digit revenue growth is coming at a high cost. The company's sales and marketing expenses and its research and development expensescomprise over 80% and nearly 70% of revenue, respectively. through the first nine months of calendar 2021. By comparison, CrowdStrike's sales and marketing and research and development expenses are in the mid-40% and mid-20% profiles, respectively.
It's important for investors to understand how quickly the endpoint security market is evolving. According to a 2016 Gartner analysis, Broadcom and McAfee were considered the dominant leaders in the space. However, this same study in 2021 illustrated that CrowdStrike, Microsoft, and SentinelOne have surpassed the legacy incumbents. It's not surprising that CrowdStrike has made a name for itself and taken a leadership position in endpoint security. Subscription customers that have adopted four or more modules, five or more modules, and six or more modules increased to 68%, 55%, and 32%, respectively, as of Oct. 31, 2021. As the company adds new modules and solutions that are critical for cybersecurity, customers inherently become more engrained and reliant on CrowdStrike's platform. As a result, the company's revenue base should continue to grow.
We're still in the early innings
Although CrowdStrike's revenue growth is impressive, it is important to keep in mind that the company has a long road ahead. Management provided guidance of $1.4 billion in total revenue for the calendar 2021 year. This is obviously much smaller than Microsoft's existing security revenue base of $15 billion. CrowdStrike is also not yet profitable, whereas Microsoft is a highly profitable enterprise.
It is encouraging that IT leaders are serious about cybersecurity infrastructure. Moreover, as more companies embrace remote work, the need for increased security measures should grow. As the addressable market expands, CrowdStrike has a unique opportunity to continue investing in its features and fuel future growth with the addition of more modules per customer. When it comes to cybersecurity, CrowdStrike represents an interesting investment opportunity as a company well-positioned for high-growth prospects in the years ahead.