Comment by mv4
3 days ago
Even without fraud, the markets seem incredibly forgiving. For example, one would think that what Crowdstrike outage did to the airlines and businesses worldwide (and the levels of incompetence displayed) in 2024, would have destroyed the company. Instead, the stock has recovered nicely and it's business as usual. Or the massive security breaches - same outcome, it's as though nobody cares.
People don't invest because they think a company is competent. They invest because they are looking for a return.
The mistake CrowdStrike made will likely have little to no effect on their revenue. Since the stock dropped a bit (emotional investors getting out) it became a good value proposition, so people bought it cheap.
The reasons companies use CrowdStrike haven't gone away. Existing contracts can't just be terminated. By the time it comes up for renewal few will remember the incident, fewer still will care.
What you see as "levels of incompetence" others see as "made a mistake". You don't fire suppliers for a mistake- that's experience to them, and they're unlikely to make that mistake again anytime soon.
Plus of course, replacing anything like that at scale is a lot of work, expensive, and career-risky. Who, in the enterprise, is taking on that task? Who is advocating for it?
The market is forgiving because the outlook remains strong. The outlook remains strong because the business fundamentals remain strong.
There are consequences, with significant financial impact, not necessarily world ending for them.
There are already lawsuits filed around this incident. If a court sides with the customers or if CrowdStrike settles them, it will not be cheap.
Even if they don't end up loosing or settling, the lawyers will not be cheap with so many suits , I don't think there is a major class action, every contract is unique after all, customers can easily afford their own lawyers and don't need to share.
Beyond that, in next renewal cycle, customers are likely to demand much stronger penalty clauses in the contract, they won't let the mistake of not putting strong financial penalties slide while they may not change the vendor. This will make insurance for CrowdStrike much more expensive, another mistake would be far more financially expensive even if this one doesn't turn out to be.
The insurer will also want a stronger internal process controls and paperwork which also won't be cheap.
Consequences in B2B are never immediate but over time they do happen, larger an org longer it takes, but eventually it does catches up, look at Intel or Boeing today.
There will absolutely be consequences. And that'll cost real money.
But that is just a 'cost of doing business'. And ultimately will just work it's way into the price.
Intel and Boeing are not "one off mistakes". The root problems there are structural, cultural and fundamental.
If CrowdStrike have more issues this year, then that'll have an impact because it suggests there's a root problem. But a single bad rollout is just a bad rollout.
1 reply →
Lawsuits will take years by which time the company will either be gone or swimming in cash.
6 replies →
There was a case of food contamination in a fast food joint (can't remember which, let's say it was burger king). The stock fell as a result, but recovered relatively quick afterwards - you would've made bank buying it low.
The thing is, individual, one off events usually don't break a company, but the stock falls temporarially as a result of some people expecting it to. Of course, it's possible that one event breaks a company, and this is the risk you do take buying it low after the event.
> There was a case of food contamination in a fast food joint (can't remember which, let's say it was burger king). The stock fell as a result, but recovered relatively quick afterwards - you would've made bank buying it low.
I think this was some years ago and it was Chipotle. They had to remove some menu items altogether IIRC.
1 reply →
Exactly. There's news every day. It takes a lot of bad news to break a company.
And frankly unless it's criminal (Enron, Theranos etc) it's not a big deal. An oil spill here, a data leak there, these are not things that affect customer behavior.
The market is only interested in results. It doesn't care about the news. Those stock dips you see are uneducated emotional investors making bad decisions for the wrong reasons.
Has anyone actually fired Crowdstrike over the incident? Heck, did Delta fire Crowdstrike?
I think the stock market is accurately realizing that it takes a lot of effort to fire a company embedded in your security infrastructure and that the incident probably won't change sales.
Equifax should not be in business anymore
We work closely with them and I've been impressed with how broad their product reach is. Whether they should be in business or not is a question for regulators, but the market rewards their unique position. If you to own something valuable that everyone else needs or wants, they will pay you for it.
There's a bigger question about how to properly price and penalize negative externalities. From a business perspective there isn't much difference between an oil spill and a mass data breach — "Whoopsie, we'll try not to do that again. In the meantime don't you need gas for your car?"