Cybersecurity firm CrowdStrike said that in the wake of a massive computer outage it caused last month it will give customers about $60 million in credits to remain with the company, possibly a mere fraction of the damages those clients say they incurred.
The company also cut its guidance for full-year earnings by about $86 million to $109 million. But that still leaves CrowdStrike expecting to make $3.9 billion on the year. All told, the earnings report cheered investors, who sent the stock more than 5% higher in trading Thursday following the Wednesday quarterly reportly.
The credits that clients will receive on future billingsvare part of what the company calls a “customer commitment package.” The company told investors Wednesday that it still had a 98% customer retention rate following the incident.
A CrowdStrike spokesperson on Thursday said the credits were not necessarily directly due to losses clients might have suffered during the outage.
In addition, CrowdStrike told CNN the compensation was not necessarily all the expected cost to the company following the outage. In a call with investors Wednesday, CFO Burt Podbere said that it is too soon know the outcome of any potential litigation related to the incident but that the company has insurance to limit the cost impact of some of those claims.
The forecast for client compensation may prove to be low. Delta Air Lines, one of the clients most affected by the outage, estimates its losses alone came to about $500 million from lost revenue from thousands of canceled flights, passenger compensation and other costs. CrowdStrike has said that its contract with Delta limits it liability to less than $10 million.
The company’s guidance on the cost of compensation and full-year earnings came as part of a strong earnings report. It said that it had record adjusted earnings of $260.8 million for for the quarter that ended July 31, up 47% from a year earlier. And its strong results left it with $4 billion in cash on its balance sheet, up $300 million from what it had at the start of the quarter.
At the market’s close on Wednesday, CrowdStrike (CRWD) shares were still down more than 20% since the outage. But they were up 33% from the post-outage low they hit three weeks ago.
The strong results were better than Wall Street expectations, but even with the global computer meltdown that caused massive problems at everyone from retailers to delivery companies to hospitals and airlines, CrowdStrike earnings had been predicted to rise. That’s because it takes time for its customers, even if they are furious with the company, to find an alternative to CrowdStrike as they seek to protect themselves from malicious hackers.
The company has admitted the problem was caused when it uploaded a flawed software update into the systems of its customers running Microsoft programs.
No one was hit harder than Delta Air Lines, which took nearly a week to resume normal operations due to problems getting its crew tracking software working once again, which meant that it couldn’t find the pilots and flight attendants that it needed to operate.
Delta estimates the problems cost it $500 million in lost revenue and increased expenses, and it is preparing to sue CrowdStrike and Microsoft in an attempt to recover those costs.
CrowdStrike and Microsoft both have criticized Delta, blaming the airline for the extended problems when other airlines were quickly back to normal operations. A letter from CrowdStrike’s legal counsel to Delta’s lawyer said it is prepared to fight any lawsuit, and that its liability was contractually capped in the single millions.
Investors might be left with more questions than answers after CrowdStrike’s financial report and call with investors Wednesday, said Raj Joshi, a senior vice president with Moody’s who follows CrowdStrike, ahead of the report.
“If performance is deteriorating, it’s not going to show up in the numbers immediately. There’s a lag,” he said. And he said part of that lag is it will take time even for companies that do decide to drop CrowdStrike as their cybersecurity firm to make the move to a rival.
“The process can be anywhere from three to six to nine months,” he said. The bigger problem for CrowdStrike, he said, is that it will be more difficult to sell additional services to its existing customers who suffered through the outage already. Much of the company’s growth comes from that kind of repeat business from existing customers, he said.
Moody’s had only upgraded CrowdStrike from junk bond status to an investment grade credit rating in May. At that time it had a positive outlook, meaning it expected further upgrades in the next year to a year in a half. It did not downgrade the company after the outage, but it did reduce its outlook from positive to neutral, meaning its growth is likely to be hurt, even if it doesn’t lose many customers.
“The question is will the company be able to manage its customer relationships and give (them) confidence that this was a one off thing?” said Joshi.
This story has been updated with additional reporting and context.