Comment by mv4 3 days ago
Even without fraud, the markets seem incredibly forgiving. For example, one would think that what Crowdstrike outage did to the airlines and businesses worldwide (and the levels of incompetence displayed) in 2024, would have destroyed the company. Instead, the stock has recovered nicely and it's business as usual. Or the massive security breaches - same outcome, it's as though nobody cares.
There are consequences, with significant financial impact, not necessarily world ending for them.
There are already lawsuits filed around this incident. If a court sides with the customers or if CrowdStrike settles them, it will not be cheap.
Even if they don't end up loosing or settling, the lawyers will not be cheap with so many suits , I don't think there is a major class action, every contract is unique after all, customers can easily afford their own lawyers and don't need to share.
Beyond that, in next renewal cycle, customers are likely to demand much stronger penalty clauses in the contract, they won't let the mistake of not putting strong financial penalties slide while they may not change the vendor. This will make insurance for CrowdStrike much more expensive, another mistake would be far more financially expensive even if this one doesn't turn out to be.
The insurer will also want a stronger internal process controls and paperwork which also won't be cheap.
Consequences in B2B are never immediate but over time they do happen, larger an org longer it takes, but eventually it does catches up, look at Intel or Boeing today.
There will absolutely be consequences. And that'll cost real money.
But that is just a 'cost of doing business'. And ultimately will just work it's way into the price.
Intel and Boeing are not "one off mistakes". The root problems there are structural, cultural and fundamental.
If CrowdStrike have more issues this year, then that'll have an impact because it suggests there's a root problem. But a single bad rollout is just a bad rollout.
CrowdStrike problems are also structural the incident timeline hardly seemed like a fat finger mistake, but series of fundamental poor practices a org in their position should not have. We only get to see the one newsworthy incident like the door blowing off the airplane.
The "cost of business" will catchup to them is the point, Unlike Intel or Boeing it is not duopoly business with little to no options for CrowdStrike's product. It is notoriously brutal for large organizations in tech to stay competitive over 20-30 years time horizon.
Most likely trajectory for a company in their position, their growth slows - this incident being a key contributor to that slow down, then stock starts to fall, it will eventually become attractive for a company to acquire them, perhaps rebrand the product and keep the customers and cash flows.
Lawyers have to paid now till then.
Companies settle much faster typically to reduce some of this costs, it ends up being cheaper.
Also many of these will be resolved through their arbitration clauses that would be present in the contracts. Arbitration is much faster and usually appeal proof
There was a case of food contamination in a fast food joint (can't remember which, let's say it was burger king). The stock fell as a result, but recovered relatively quick afterwards - you would've made bank buying it low.
The thing is, individual, one off events usually don't break a company, but the stock falls temporarially as a result of some people expecting it to. Of course, it's possible that one event breaks a company, and this is the risk you do take buying it low after the event.
> There was a case of food contamination in a fast food joint (can't remember which, let's say it was burger king). The stock fell as a result, but recovered relatively quick afterwards - you would've made bank buying it low.
I think this was some years ago and it was Chipotle. They had to remove some menu items altogether IIRC.
It's a recurring thing. Back in the 90s it was Jack in the Box (https://en.wikipedia.org/wiki/1992%E2%80%931993_Jack_in_the_...)
Exactly. There's news every day. It takes a lot of bad news to break a company.
And frankly unless it's criminal (Enron, Theranos etc) it's not a big deal. An oil spill here, a data leak there, these are not things that affect customer behavior.
The market is only interested in results. It doesn't care about the news. Those stock dips you see are uneducated emotional investors making bad decisions for the wrong reasons.
Has anyone actually fired Crowdstrike over the incident? Heck, did Delta fire Crowdstrike?
I think the stock market is accurately realizing that it takes a lot of effort to fire a company embedded in your security infrastructure and that the incident probably won't change sales.
We work closely with them and I've been impressed with how broad their product reach is. Whether they should be in business or not is a question for regulators, but the market rewards their unique position. If you to own something valuable that everyone else needs or wants, they will pay you for it.
There's a bigger question about how to properly price and penalize negative externalities. From a business perspective there isn't much difference between an oil spill and a mass data breach — "Whoopsie, we'll try not to do that again. In the meantime don't you need gas for your car?"
People don't invest because they think a company is competent. They invest because they are looking for a return.
The mistake CrowdStrike made will likely have little to no effect on their revenue. Since the stock dropped a bit (emotional investors getting out) it became a good value proposition, so people bought it cheap.
The reasons companies use CrowdStrike haven't gone away. Existing contracts can't just be terminated. By the time it comes up for renewal few will remember the incident, fewer still will care.
What you see as "levels of incompetence" others see as "made a mistake". You don't fire suppliers for a mistake- that's experience to them, and they're unlikely to make that mistake again anytime soon.
Plus of course, replacing anything like that at scale is a lot of work, expensive, and career-risky. Who, in the enterprise, is taking on that task? Who is advocating for it?
The market is forgiving because the outlook remains strong. The outlook remains strong because the business fundamentals remain strong.