Texas Ten Thirty One Podcast - Promo

CrowdStrike (CRWD) Q3 2025 Earnings Call Transcript


CRWD earnings call for the period ending September 30, 2024.

Logo of jester cap with thought bubble.

Image source: The Motley Fool.

CrowdStrike (CRWD 0.17%)
Q3 2025 Earnings Call
Nov 26, 2024, 5:00 p.m. ET

Contents:

  • Prepared Remarks
  • Questions and Answers
  • Call Participants

Prepared Remarks:

Operator

Hello, and welcome to CrowdStrike’s fiscal third quarter 2025 financial results conference call. At this time, all participants are in a listen-only mode. After the speakers’ presentation, we will conduct a question-and-answer session. Please be advised that today’s conference call is being recorded.

I would now like to hand the call over to Maria Riley, vice president of investor relations. Maria, please go ahead.

Maria RileyVice President, Investor Relations

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, chief executive officer and founder of CrowdStrike; and Burt Podbere, chief financial officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth including projections, and expected performance including our outlook for the fourth quarter and fiscal year 2025 and any assumptions for the fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call.

While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company’s financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company’s quarterly and annual reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP.

A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George.

George KurtzCo-Founder, President, and Chief Financial Officer

Thank you, Maria, and thank you all for joining our third quarter FY ’25 earnings call. I’d like to start today’s comments by sharing three key themes that excite me about this quarter and our bright future. First, trust, the trust that customers, partners, and the market have in CrowdStrike. We grew ending ARR more than 27% year over year and maintained stable gross retention rates.

Second, widespread platform adoption. Our Falcon Flex subscription model is supercharging Falcon platform adoption. With CrowdStrike, cybersecurity consolidation is rapid, and ROI is measurable. Falcon Flex is increasing both our share of wallet and enterprise real estate, furthering CrowdStrike as cybersecurity’s AI native platform of record.

And third, trailblazing innovation. From cloud to device, data to GenAI, application to identity, and compliance to resilience, our innovation disrupts legacy markets and creates new categories. CrowdStrike is leading the future of AI-powered cybersecurity. The themes of trust, platform adoption, and innovation guide CrowdStrike’s customer obsession and continued strong execution.

Following the summer’s incident, as a company, we were tested. We responded with speed, care, and resolve, and we focused on becoming even better, continuing to deliver industry-leading cyber protection on the Falcon platform’s proven, resilient, and scaled AI native architecture. I’m encouraged by CrowdStrike’s Q3 results, our first full quarter post incident. First, ending ARR surpassed $4 billion, making CrowdStrike the fastest pure-play cybersecurity software company to achieve this reported milestone, tracking to our $10 billion ARR vision.

Second, Q3 revenue surpassed $1 billion. Subscription revenue grew 31% year over year, and total revenue surpassed $1 billion for the first time in company history. Third, free cash flow of $231 million or 23% of revenue, achieving a Rule of 51 on a free cash flow basis. Fourth, we closed more than 150 Falcon Flex transactions with these customers representing more than $600 million in total deal value.

And fifth, more recently, we announced and closed the acquisition of Adaptive Shield, adding SaaS posture management to our portfolio, further differentiating and connecting the Falcon platform’s Cloud Security Suite and Identity Protection offerings. In addition to these achievements, I’d like to provide some perspective on what we saw in Q3. First, Falcon customers are staying with CrowdStrike as their trusted cybersecurity platform of choice. Q3 gross retention was over 97%, down less than half a percentage point.

Strength in retention was driven by the value that customers receive from the Falcon platform. Second, Falcon customers are growing with us. Q3 dollar-based net retention was 115%, temporarily impacted by the incident and reflective of customers strengthening their commitment to CrowdStrike. Customers are leveraging our customer commitment package and Flex subscription model to both increase their long-term investment in CrowdStrike and increase their adoption of the Falcon platform.

And third, we’re seeing exceptional strength in key verticals and market segments. Health care saw a record quarter as providers are investing in cybersecurity’s criticality based on heightened and targeted attacks. Our corporate sales team covering organizations below 2,500 employees had their largest quarter ever, benefiting from Falcon Flex as well as successful competitive takeouts. These successes are in the context of CrowdStrike’s sustained Fortune 500 market leadership.

Our track record of AI innovation and market-leading protection delivered on our highly resilient and cybersecurity’s most performing architecture continues to resonate at scale. Our competitive win rates remain consistent to trending upwards and our total deal size for new business trended up over the last year, which we attribute to the continuous evolution of our platform solutions across cloud security, next-gen SIEM, identity protection, data security, and AI. Our revolutionary Falcon Flex subscription model and CrowdStrike’s amplified brand recognition and favorable market sentiment from our transparent and deliberate response to the summer’s incident. Through it all, we remain laser-focused on innovation, which is what drives our platform differentiation, customer stickiness, and superior protection outcomes.

This fall, we hosted the largest event in CrowdStrike’s history, Fal.Con, our global flagship ecosystem event in Las Vegas, where 6,000 attendees joined us from more than 60 countries and 100 exhibiting ecosystem partners showcased their Falcon-integrated solutions. More recently, we hosted our inaugural Fal.Con Europe in Amsterdam, where we welcomed more than 1,700 attendees from more than 50 countries and showcased nearly 40 exhibiting ecosystem partners. These events demonstrate our continued global momentum, innovation, and the strength of the crowd, cybersecurity’s ecosystem building with, through, and around CrowdStrike. Both events generated significant pipeline.

Aside from the platform innovations we announced, attendees were captivated by our novel subscription model, Falcon Flex. We announced the Falcon Flex model a year ago at Fal.Con 2023, and we shared at our Fal.Con 2024 Analyst Day that accounts that had adopted Falcon Flex represented more than $700 million in total deal value. We saw remarkable and accelerating Falcon Flex adoption in Q3, bolstered by our customer commitment packages with over 150 Falcon Flex deals in the quarter. Unpacking this momentum, we did two Falcon Flex deals every business day of the quarter on average.

Accounts that have adopted the Falcon Flex model now represent more than $1.3 billion of total deal value, with the average Falcon Flex subscription being multiples larger than our typical contract value. Flex customers enjoy preferred pricing for both their contracted modules as well as other current and future modules in our portfolio. And it all comes with the flexibility of access to the products they want when they’re needed. Through Flex, platform consolidation is rapid, and ROI is real.

Falcon Flex also became the key delivery mechanism for our customer commitment package. We’ve already worked through a significant number of CCPs, with the remainder to be concluded in the upcoming quarters. We see Falcon Flex deal volume accelerating. Flex has ushered in a new tempo of module adoption.

We’ve seen customers accelerate their platform demand plans across our existing as well as new products. For example, upon announcing Adaptive Shield, we had a slew of Flex customers eagerly asking if they could use their Flex dollars for Adaptive Shield SSPM adoption. Flex enables us to rapidly commercialize innovation, whether organic or acquired, across our global sales team and partner network. Flex is already proving to be a rapid platform adoption accelerator across the customer base, giving us confidence in net new ARR acceleration in the back half of next year.

Flex also broadens the customer audience for CrowdStrike as a whole. We’ve talked about cybersecurity moving from the back room to the boardroom. With Flex, we’ve expanded our customer stakeholder audience to include the CFO. The Flex subscription model aligns cybersecurity investment and more specifically, platform consolidation with measurable dollars and cents.

And with CrowdStrike Financial Services, we bring even more tangible financial value to CFOs, deepening our relationship and relevance to this increasingly important CXO persona. As we steadily engaged with more CFOs over the past year, the feedback has been resoundingly consistent. With Falcon Flex, CFOs can see the economic benefits of platform consolidation. The Flex model solves today’s customer needs while seeding future growth.

Flex customers demonstrate the following Falcon platform characteristics: more Falcon platform adoption. Flex customers, on average, have adopted more than nine modules, and we expect to see these numbers continue to rise. Faster Falcon platform adoption. All of our Flex licensing has happened in the past 12 months.

In looking at this customer cohort, the amount of adoption we’ve seen at speed and scale is encouraging. With Flex, we have seen some customers more than double or even more than triple their module adoption. Increased investment in CrowdStrike. Flex has allowed us to increase our share of wallet, consolidating multiple point product vendors.

Looking at Q3, the average CrowdStrike customer spent hundreds of thousands, while the average Flex customer spent multimillions. At the same time, Flex seamlessly takes cost out of cybersecurity programs, eliminating organizational and product inefficiencies from the long list of legacy disjointed point product cybersecurity tools. Alongside Falcon Flex’s success and larger transactions overall was the announcement of CrowdStrike Financial Services, CFS, our financing arm that aligns customer cybersecurity and cash flow objectives. CFS gives customers financial flexibility while driving larger deals, faster deal cycles, and longer subscription duration.

In our first quarter of CFS, we closed more than $49 million in deal value, including two eight-figure deals. Here are a few Flex noteworthy wins: an eight-figure expansion deal with a Fortune 500 travel leader who sought CCP pricing to do more with CrowdStrike, growing their spend with us by over $15 million. Despite impact from the summer’s incident, our response and partner-assisted recovery solidified trust and inspired increased Falcon investment from the board to executives to the cybersecurity team. Through Flex, this customer expanded their Falcon demand plan to include Falcon Cloud Security, File integrity monitoring, firewall management, and data protection going from eight modules to 14 modules in a single Flex transaction.

An eight-figure new logo land with a Global 2000 technology manufacturer, where Falcon displaced legacy AV, a legacy SIEM, and a legacy vulnerability management product. Through Flex, the customer was able to go all in on the Falcon platform for EDR, Next-Gen SIEM, Falcon Complete MDR, Identity Protection, threat intelligence, and Exposure Management, consolidating four vendors in this initial Flex purchase. Consolidation goals achieved, protection outcomes delivered, and platform adoption success. Closing off on Falcon Flex, customers are spending more, entering into longer subscription terms, and taking the opportunity to achieve their consolidation objectives faster.

We expect to see faster and larger ARR uplift over time through the Falcon Flex model. Aligning the industry’s leading cybersecurity platform with our revolutionary subscription model is a lightning-in-a-bottle combination for current and future growth. Next, I’d like to share our innovation progress where we’re trailblazing new cybersecurity outcomes across Cloud Security, Identity Protection, and Next-Gen SIEM in addition to our data, AI, and IT investments. We’re incredibly excited by the innovation taking place within both our cloud and identity businesses.

We recently announced the acquisition of Adaptive Shield, a leading vendor in the fast-growing SaaS security posture management, or SSPM, market. Adaptive Shield builds on our AI leadership, giving us unmatched coverage of the rapidly growing SaaS threat plane, with more than 150 native integrations across everything from CRM tools to cloud backup to workforce productivity. More importantly, Adaptive Shield slots in perfectly as a complement to both our cloud and identity security businesses with multiple integrations already completed, another example of CrowdStrike charting the course ahead of the market. Within Cloud Security, the combination of Adaptive Shield with our core Falcon Cloud Security functionality gives us the broadest cloud security ecosystem coverage.

This move builds on both our organic developments as well as the recent acquisition of Bionic and Flow. With Adaptive Shield, CrowdStrike is the only platform delivering an end-to-end cloud security suite with runtime at the center of everything from code, data, and now SaaS to runtime. And with Adaptive Shield, we further enhanced our ability to secure the enterprise’s prolific adoption of AI. CrowdStrike pioneered the use of AI for security through our on-sensor model and Threat Graph and pioneered the use of GenAI for improving SOC analyst workflows through Charlotte AI.

We’ve also recently introduced bespoke services for AI security, pen testing AI models to reduce exposure, weaknesses, and data leakage risk. At CrowdStrike, we deliver both AI for security and security for AI. While our recently launched AI-SPM offering enables organizations to secure the adoption of AI within their cloud infrastructure, Adaptive Shield works by protecting the enterprise from GenAI risk. As more employees look to leverage GenAI tools for their everyday workflows, data leakage, data theft, and adversary espionage are on the rise.

The combination of AI-SPM and Adaptive Shield gives our customers more holistic AI protection from code to runtime and now to the end user. AI-powered cloud security wins in the quarter include a unicorn AI leader that took their Falcon deployment to the next level in an eight-figure Falcon Cloud Security expansion deal. Growing their Cloud Security footprint rapidly over the last few years, the combination of workload protection as well as our CSPM, CIEM, and more recently, our posture management for AI, data, and applications solidified our position as this company’s cloud security consolidator of choice. Once again, this customer set a new largest transaction record for our corporate sales team.

A Fortune 50 retailer expanded in an eight-figure deployment of Falcon Cloud Security. Seeing the difference that runtime protection makes, we seamlessly expanded from being the company’s EDR vendor of choice to its cybersecurity platform of record for the cloud and AI era. Falcon Cloud Security goes well beyond narrow CSPM use cases and associated alert fatigue. Falcon Complete’s CDR made securing their expansive multi-cloud and hybrid cloud estate, the easy and frictionless choice.

Within Identity Protection, Adaptive Shield builds on our continued organic innovation. Since launching our Identity Protection module, CrowdStrike has always had best-in-class coverage of Active Directory environments. However, with Adaptive Shield, CrowdStrike is now capable of securing identity where potentially malicious user behavior takes place. Whether on-device, in the cloud, or in a SaaS application, CrowdStrike offers holistic protection across critical identity touch points.

And we’re just getting started. We recently announced support of Microsoft Entra ID, formerly Azure Active Directory, making CrowdStrike capable of securing the rapidly emerging identity threat vector for all Microsoft customers from highly regulated enterprises to born-in-the-cloud AI disruptors. Here’s a representative identity win from the quarter. A Fortune 500 new logo in the travel and hospitality space saw the difference that our robust identity protection technology makes in stopping prolific e-crime actors.

Replacing a patchwork of legacy technologies, we were able to showcase the differentiation of Falcon Identity Protection to land a sizable platform win across identity, EDR, Next-Gen SIEM, and threat intelligence. Falcon Next-Gen SIEM has been a game changer, and we’re experiencing a hyper-growth inflection point. While we provide more granular detail during our Q2 and Q4 earnings calls, Next-Gen SIEM performed exceptionally well this quarter with net new ARR growth accelerating to over 150% year over year at multi-hundred-million-dollar scale. With 30 million Fusion SOAR workflows per week and over 2,000 Next-Gen SIEM customers, Falcon Next-Gen SIEM is quickly becoming our customers’ data foundation.

We’ve introduced several new groundbreaking features AI-generated parsers take the guesswork and learning curve out of integrating third-party data sources into Next-Gen SIEM. AI Investigator accelerates query speed and flattens analyst learning curves through a GenAI-powered query builder. And AI alert triage automates end-to-end workflows at the speed of AI. Yet the core differentiation for Next-Gen SIEM remains unchanged, unmatched speed and scalability, and an unmatched cost with Falcon Data natively resident from the start.

This is why more and more customers are ditching their legacy SIEM vendors for CrowdStrike. Next-Gen SIEM customer wins in the quarter include an eight-figure major national healthcare provider that replaced a competing SIEM, expanding their Falcon usage with Next-Gen SIEM. Using CrowdStrike Financial Services, we were able to close a sizable seven-year deal. Working across the customer C-suite, specifically with the CFO, we aligned cybersecurity innovation with cost reduction, platform consolidation with protection outcomes, and payment terms with ROI, delivering eight figures of customer business value benefits within three years of purchase.

CrowdStrike is now firmly rooted as the organization’s cybersecurity data platform of choice. A near eight-figure expansion deal with a Fortune 500 manufacturing giant, where we replaced a hyperscaler SIEM in a competitive deal against several SIEM vendors. Multiple consoles and a lack of security workflows created inefficiencies for this customer. The transaction was also an opportune time to grow with CrowdStrike, purchasing Charlotte AI and threat intelligence as SIEM enhancements as well as other modules such as Data Protection.

Having a single console in a single platform continues to differentiate Falcon customer experiences. All the while, our innovation investments continue to grow and show promise. Let me first talk about CrowdStrike’s AI innovation and the progress we’re making with Charlotte, our AI agent. Much like peer companies ServiceNow and Salesforce, we’re using advanced AI models to deliver proactive and autonomous outcomes.

Charlotte AI is capable of taking actions based upon observed data to achieve specific security goals. Going well beyond the capabilities of a chatbot, Charlotte addresses a critical skills gap in human capital need by automating detection triage, traditionally a labor-intensive process for all security personnel. Charlotte AI detection triage announced that Falcon eliminates a significant amount of routine EDR investigation tasks. Charlotte continues to evolve through customer use, leveraging the Falcon platform’s unique data advantage.

CrowdStrike’s highly curated threat data and high-fidelity security events. We had a record triple-digit growth quarter for Charlotte AI, fueled by customer demand for increased time savings and workflow automation. Data security, with our largest data security quarter to date, driven by customer desire to replace legacy DLP without additional overhead. Falcon for IT.

We’re seeing continued demand from large enterprises seeking to unify security and IT management while eliminating vendors to further their consolidation objectives. The Falcon platform continues to resonate at scale with partners of all types. In Q3, nearly 70% of our new subscription business was partner-sourced, illustrating the commitment and stickiness of our winning partner ecosystem. Our GSI partners are building Next-Gen SIEM practices across the world.

Our hyperscaler partners are seeing CrowdStrike records, with AWS Marketplace transaction values up more than 100% year over year, as organizations pursue their Falcon Flex licensing on their hyperscaler platforms of choice. Our technology partners continue to win with us. We announced a strategic partnership with Fortinet, the global firewall market share leader by shipments. We’re already seeing Fortinet take us into their accounts, and we’re doing the same.

Helping us reach the long tail of SMBs, our MSSP business continues to expand at a rapid triple-digit pace through The Pax8 Marketplace, NinjaOne, and leading MSPs who contract with CrowdStrike. And lastly, in Q3, SHI became our fourth billion-dollar partner, bringing the Falcon platform to their customers. This is highlighted by their success bringing Next-Gen SIEM, Cloud Security, Identity Protection, and Falcon Complete MDR to market. We ended Q3 with deal registrations up year over year, a marked turnaround from incident levels.

Our business results speak to the conviction partners have in the Falcon platform and the multi-TAM transformation opportunity that only CrowdStrike offers. Our continued market and technology leadership isn’t only recognized by customers and partners. It is also lauded by industry analysts. Several recent noteworthy accolades include, one, the Gartner Magic Quadrant for Endpoint Protection.

Even after the summer, CrowdStrike was placed highest for ability to execute and furthest for vision in the whole Magic Quadrant, ahead of all competitors in every dimension. Two, in Gartner’s critical capabilities, CrowdStrike earned the highest scores ahead of all vendors evaluated in both core endpoint protection and managed security services for the second year in a row. Three, Falcon Cloud Security was recognized as a Frost Radar Leader in Cloud Workload Protection Platforms for the second consecutive year, ahead of CSPM start-ups and industry peers. Four, attack surface management was positioned as a leader in the Q3 2024 Forrester Wave, showcasing our emergence in a new market category with significant TAM opportunity.

And five, Falcon Next-Gen SIEM was named a major player in the latest SIEM IDC MarketScape, underscoring our success displacing the legacy SIEMs. In closing, customers and partners remain firmly committed to CrowdStrike as their cybersecurity platform of record. Our Flex licensing model delivers accelerated platform adoption, and Falcon innovation isn’t stopping. These themes set up a Q4 of continued progress in an upcoming year of back-half net new ARR acceleration growth.

Our future is bright. A vivid example that struck me this past quarter is the scale and consistency at which we’re doing substantial transactions. We set a new record of million-dollar-plus transactions, closing more than 260 this quarter, equating to an average of four more million-dollar-plus deals every business day. Results like these demonstrate the customer conviction, partner commitment, and market sentiment for CrowdStrike as cybersecurity’s innovation leader and security platform of record.

Before turning the call over to Burt, I would like to thank all CrowdStrikers for their dedication to our mission of stopping breaches, our partners for helping us win and continuing to build large businesses with us, and of course, our customers for their commitment and unwavering trust in CrowdStrike. I’ll now turn the call over to our CFO, Burt Podbere.

Burt W. PodbereChief Financial Officer

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. We delivered third-quarter results above our stated expectations across all guided metrics. Our third quarter results reflect our focused execution and relentless customer-first mindset, which drove a strong finish and quarter-over-quarter increase in pipeline despite continued headwinds and a pause in pipeline generation at the start of the quarter following July 19.

In Q3, ending ARR surpassed the $4 billion milestone, growing 27% year over year to reach $4.02 billion, of which $153 million was net new added in the quarter. As expected, the July 19 incident resulted in near-term headwinds to net new ARR as we experienced extended sales cycles with both existing and prospective customers and one-time incentives offered through our customer commitment packages, which resulted in increased contraction and muted upsell rates. Sales cycles increased by approximately 15% year over year within enterprise accounts. As of last Friday, we closed more than half of the push deals that had remained open at the time of our Q2 call.

While we normally recognize ARR contraction in the quarter a transaction is subject to renew, in Q3 FY 2025, we excluded approximately $26 million from ARR after a distributor in the federal space provided notice of its intention to exercise transferability rights with respect to a transaction, and we concluded that the transaction would not recur. In compliance with U.S. GAAP revenue recognition rules, this transaction remains in revenue. In total, our Q3 dollar-based gross retention rate of over 97% held resilient with less than half a percentage point decrease from Q2’s strong performance.

And given the July 19 incident, we are also pleased with our Q3 dollar-based net retention rate of 115% as customers embraced our customer commitment packages and more of the Falcon platform. We estimate that customer commitment packages impacted net new ARR by approximately $25 million in Q3 within our expectations. The majority of deal value that closed in the quarter with customer commitment packages included additional product or Flex dollars rather than extended time and professional services. That, coupled with the timing and linearity of in-quarter Q3 revenue, limited the impact to Q3 revenue and contributed to the strong revenue beat in the quarter.

Our customer commitment packages are helping fuel an increase in platform and module adoption. Subscription customers with five, six, and seven or more modules grew to 66%, 47%, and 31% of subscription customers, respectively. Notably, we reached a new milestone for module adoption in the quarter as customers with eight or more modules grew to 20% of subscription customers. This momentum in increased module adoption, and our Falcon Flex program gives us confidence in our customer commitment strategy and ability to reaccelerate net new ARR growth starting in the back half of fiscal year 2026.

Moving to the P&L. Total revenue grew 29% over Q3 of last year to reach $1.01 billion, ahead of our expectations and our first quarter exceeding the $1 billion milestone. Subscription revenue grew 31% over Q3 of last year to reach $962.7 million, and professional services revenue was $47.4 million. Total gross margin of 78% was flat year over year, and subscription gross margin remained strong at 80% of revenue.

Total non-GAAP operating expenses in the third quarter were $591.7 million compared to $436.1 million in the prior year. As outlined in our last earnings call, we continued to invest in our FY 2025 plan and bolstered our R&D, quality assurance, and customer support programs. In the third quarter, non-GAAP operating income grew 11% year over year to $194.9 million and operating margin was 19%. GAAP net loss attributable to CrowdStrike was $16.8 million, primarily due to $33.9 million in expenses related to the July 19 incident.

Non-GAAP net income attributable to CrowdStrike grew 18% to $234.3 million or $0.93 on a diluted per-share basis. Cash and cash equivalents grew to $4.26 billion. Free cash flow was $230.6 million or 23% of revenue and was impacted by the July 19 incident as well as planned investments in data center and workload optimization, R&D, and sales and marketing. Additionally, the $49 million in deals financed through CrowdStrike Financial Services had a de minimis impact to Q3 free cash flow as expected.

Turning to our outlook. We are encouraged by our continued high dollar-based gross retention rate, success of our customer commitment packages with customers opting for more product or Flex dollars, the continued strong adoption of the Falcon platform and growing module adoption rates, and quarter-over-quarter growth in pipeline. All of these positive indicators give us confidence in our ability to reaccelerate net new ARR growth starting in the back half of FY 2026. However, in the near term, visibility remains limited given the headwinds related to the July 19 incident that we outlined last quarter, including the delay of the vast majority of outbound pipeline generation activities for a few weeks following the July 19 incident, extended sales cycles for both new and existing customers and continued deployment of customer commitment packages resulting in muted upsell rates and potentially higher-than-typical levels of contraction.

While in Q3 customers strongly embraced the additional modules and Flex options associated with our customer commitment packages rather than additional time, it is still too early to determine if that trend will remain the same in Q4. Recognizing our continued reduced visibility, we are maintaining our estimated impact of approximately $30 million to both net new ARR and subscription revenue in Q4 from our customer commitment packages. As we discussed last quarter, the aforementioned headwinds are additive to the expected quantified impact. While we do not typically comment on analyst estimates, we wanted to note that the vast majority of analysts are modeling Q3 to Q4 net new ARR seasonality well above historical levels.

We request that you keep historical sequential seasonality in mind when updating your models. Additionally, as we discussed last quarter, the modeling of ARR and subscription revenue should be decoupled in the short term, given the customer commitment packages. Our Fal.Con 2024 investor presentation has additional details on this dynamic. Moving beyond the top line, we expect to incur additional GAAP tax expense in Q4 of approximately $58 million due to previous acquisitions.

Additionally, we closed our acquisition of Adaptive Shield last week, which is expected to have a $0.01 to $0.02 impact to non-GAAP EPS as reflected in our Q4 guidance. Moving to cash. We expect Q4 free cash flow to reflect a significantly more pronounced July 19 impact in comparison to Q3. This is due to collections impacted by increased flexible payment terms under customer commitment packages for deals closed in Q3, the incremental sales compensation expenses, and the timing and size of G&A costs, all relating to July 19.

As a result, we do not expect to see sequential free cash flow margin leverage in Q4. We continue to expect CrowdStrike Financial Services to have a de minimis impact to free cash flow in Q4. We remain committed to achieving $10 billion in ending ARR by the end of fiscal year 2031 and achieving our target non-GAAP operating model on an annual basis by fiscal year 2029, which includes a free cash flow margin target between 34% and 38%. Moving to our guidance.

For the fourth quarter of FY 2025, we expect total revenue to be in the range of $1,028.7 million to $1,035.4 million, reflecting a year-over-year growth rate of 22%. We expect non-GAAP income from operations to be in the range of $184.0 million to $189.0 million and non-GAAP net income attributable to CrowdStrike to be in the range of $210.9 million to $215.8 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $0.84 to $0.86, utilizing a weighted average share count of approximately 252 million shares on a diluted basis. For the full fiscal year 2025, we currently expect total revenue to be in the range of $3,923.8 million to $3,930.5 million, reflecting a growth rate of 28% to 29% over the prior fiscal year.

Non-GAAP income from operations is expected to be between $804.4 million and $809.4 million. We expect fiscal 2025 non-GAAP net income attributable to CrowdStrike to be between $937.5 million and $942.6 million. Utilizing approximately 251 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $3.74 to $3.76. George and I will now take your questions.

Questions & Answers:

Operator

Thank you. [Operator instructions] In the interest of time, participants will be limited to one question. Our first question comes from Saket Kalia. Please unmute your line and ask your question.

Maria RileyVice President, Investor Relations

Hello? Saket, are you there? Operator, is he there? If not, please go to the next question.

Operator

OK, great. Not a problem. We will move forward with the next question.

Saket KaliaAnalyst

Hey, guys, can you hear me?

Maria RileyVice President, Investor Relations

No, wait. He’s there.

Saket KaliaAnalyst

Guys, can you hear me?

Maria RileyVice President, Investor Relations

Yeah.

Saket KaliaAnalyst

Hi. There we go. There we go. Thank you.

Sorry about that. Absolutely. So, George, maybe for you, lots of helpful detail. I wanted to start sort out, just zooming out a little bit.

You spend a lot of time with customers. I guess the question is what are they telling you about some of the puts and takes to security spending next year? I mean, you’ve got plenty of tailwinds like lower interest rates and potentially a better macro but also different policies out of the federal government. So, how do you think about those factors as you maybe gauge the health of security spending next year?

George KurtzCo-Founder, President, and Chief Financial Officer

Sure. Thanks, Saket. I think if you’re — and everyone probably is following some of the news. You’d see the security environment is only getting worse.

E-crime groups have been prolific, and we continue to see ransomware and extortion where — be very, very successful for big dollars. So, from a security environment perspective, customers want the best products. They want the best platform. They want something that’s going to stop the breach and be most effective.

That hasn’t changed. Two, they want to consolidate. This hasn’t changed either. This complexity normally breeds inconsistencies and seams in protection gaps within multiple technologies, so a broad platform approach is something that aids in stopping the breach.

And they want to drive down their overall operational cost, and that hasn’t changed, and I don’t think that is going to change based upon my interactions with companies in the coming year. So, we’ll see how it all unfolds, but we’re certainly encouraged by the forward-looking environment based upon just what we see. And companies, whether it’s the threat environment or regulatory pressures, they’re going to have to spend money on the best technologies. And we’re certainly going to be there to be able to capitalize on it.

Saket KaliaAnalyst

Very helpful. Thanks, guys.

Operator

Our next question comes from Hamza Fodderwala with Morgan Stanley. Please unmute your line and ask your question.

Hamza FodderwalaAnalyst

Great. Can you hear me?

George KurtzCo-Founder, President, and Chief Financial Officer

Yes.

Hamza FodderwalaAnalyst

All right. Great. Good evening. Thank you so much for taking my question.

Burt, maybe for you just to comment on the ARR or net new ARR seasonality that you spoke about for Q4. If I look at the last few years, last Q4, we had a pretty strong budget flush, pretty strong Q4 overall. The year before that, I think it was a bit more muted. When you speak on Q4 net new ARR seasonality this year, is that assuming that budget flush that we saw a year ago or something similar to what we saw maybe two years ago? Thank you.

Burt W. PodbereChief Financial Officer

Hamza, thanks for your question. So, when we think about Q4, I talked about some of the things that impact us and certainly, one of them is the limited visibility that we have. It’s just too early to tell. We have a lot of things that are going to be in play for Q4, the continued CCP packages that we have.

And with that, it just limits our visibility in terms of how we think about Q4. Generally, it is, of course, our biggest quarter, and we have the most that’s subject to renew, but we still need to sell through it.

Operator

Our next question comes from Brian Essex with JPMorgan. Please unmute your line and ask your question.

Brian EssexAnalyst

Hi. Good afternoon, and thank you for taking the question. George, great to see the durability of the growth retention rates, particularly in light of the event in July 19. Is there anything that you can call out in terms of trends that you’re seeing as you’re speaking with customers, both on the churn side? Like what tend to be some of the themes of customers that are churning off? And then also on the better adoption side, what are some of the more durable factors that are leading to better adoption rates on the platform? Thank you.

George KurtzCo-Founder, President, and Chief Financial Officer

Well, thank you, and good question. As you probably know, I spend a lot of my time with the larger customers and really haven’t had a lot of conversations around churn. And the conversations that I have had have been recognition that we do have the best technology in the market and a recognition of how we handled the July 19 outage. And I think that’s an area where we turned crisis into a customer trust-building opportunity.

And of course, we’re trying to make it right for customers. So, from my perspective, I certainly haven’t seen a lot in the larger to midsized deals. In fact, our corporate business, as I called out, had the best quarter ever. So, from a churn perspective, you could see some churn in the very small MSP space.

It’s an area where it really doesn’t matter, the vendor. It’s easy to kind of move in and out. But I’m encouraged by the conversations that I’m having with our largest customers and a reflection on the fact that they realize that we have the best tech in the industry and the ability to stop breaches and drive down their overall operational cost from a platform perspective.

Operator

Our next question comes from Patrick Colville with Scotiabank. Please unmute your line and ask your question.

Patrick ColvilleAnalyst

Hey, Tim, thank you so much for taking my question. I guess I want to ask George. I mean, 2024 was the year of copilots, including Charlotte AI. In your prepared remarks, George, you talked about kind of detection triage.

I guess the topic du jour among the investment community is agentic AI. You didn’t mention that in your prepared remarks. So, I guess how is CrowdStrike thinking about internal usage of agentic AI or possibly the ability for agentic AI to help CrowdStrike’s customers? Thank you.

George KurtzCo-Founder, President, and Chief Financial Officer

Thanks, Patrick. And I covered that a bit in the prepared remarks in the fact that Charlotte AI was built to be something more than a copilot. We probably built it before it even had a term, which is now fashionable agentic AI. And the whole idea with Charlotte AI was not only to take the collective wisdom of CrowdStrike over the last decade, all of our threat indicators, all of the sort of workflows that we’ve created around triaging events and answer those questions but go beyond that to actually do work on behalf of customers.

So, today, and it’s the way we built it, it actually will do work on behalf of customers. And that’s the entire piece of SOC transformation. And just to give you an example, we talked about alert triage and some of those things in the prepared remarks, but we had a customer that would take four days to create what’s called a sit rep, a situational report, and that manually, they would create these reports. It now takes them one hour.

So, that’s the level of efficiency that we’re seeing with Charlotte. And you couldn’t do that if it was just a chatbot. It’s the agentic nature of Charlotte AI, and that’s what we’re delivering to customers. Internally, we’re certainly leveraging a lot of what our great partners put together, whether that’s Salesforce or ServiceNow or what have you.

There’s many technologies that we leverage, including many of the GenAI technologies to help us create greater efficiencies.

Operator

Our next question comes from Tal Liani with Bank of America. Please unmute your line and ask your question.

Tal LianiAnalyst

Hello. Thank you. So, Burt, I know you’re cautious but your net new ARR was not bad at 150 given that we had 250 before the outage. It’s — some people expected it even to be negative.

And I hear you now on 4Q cautious again. And the question is what are the — how are the factors changing in 4Q? Meaning you said that you have a big renewal quarter. Outside of the renewal — or can you speak about, for example, what was your experience with renewals this past quarter? I would have thought that 4Q would be better than 3Q just because we don’t have an outage in the middle, so it eliminates these 10 days or 14 days that people were kind of unclear about what’s happening. So, I want to understand how 4Q changes and why wouldn’t 4Q be actually better than 3Q.

Thanks.

Burt W. PodbereChief Financial Officer

Thanks, Tal. So, although true that we are a little further from the sun. We’re still kind of fighting through the incident. But I’ll give you some additional color in terms of the things that I went through when I thought about Q4.

And I talked a little bit about limited visibility with Hamza. So, one is when we think about what happened shortly after the incident, the lay of the vast majority of our outbound pipeline-generating activities, for the first few weeks following the incident, that certainly has an impact for Q4. So, that’s one. I think we’re still going to see extended sales cycles for both new and existing customers.

I think customers have additional scrutiny, additional layers of approvals, all that sort of thing. And I think we’re going to continue to deploy customer commitment packages. This is going to result in muted upsell rates and potentially higher-than-typical levels of contraction. You factor all those things together, and I still want to be mindful of those things taking place and the activities that the sales team has to do to sell through all of that.

Well, I’ll add a couple of other things. While in Q3 customers strongly embraced the additional modules and Flex options associated with CCPs, rather than additional time, it is still too early to determine if that trend will remain the same for Q4. I want to give caution in terms of what customers are going to choose with respect to CCP. We don’t know yet.

We had one quarter, and so that really impacts our ability to really understand what’s going to happen in the dynamics in Q4. And then finally, I do want to talk about the fact that we are maintaining our estimated impact of approximately $30 million to both net new ARR and subscription revenue in Q4 from our customer commitment packages. And remember, the two of those, you have to decouple both of them. And we talked about that last quarter, and we talked about it in our Fal.Con 2024 investor presentation, and it has the details on that dynamic.

Operator

Our next question comes from Joel Fishbein with Truist. Please unmute your line and ask your question.

Joel FishbeinAnalyst

Thanks for taking the question. I guess one for Burt. Burt, on the Falcon Flex, obviously, it sounded like it was ahead of your guys’ expectations in terms of adoption. The one thing that I didn’t get, which I would love, from you is the average deal term or duration of those deals.

That would be really helpful. Really appreciate it.

Burt W. PodbereChief Financial Officer

Hey, Joel, thanks for the question. We didn’t give a specific number, but we did see deals being slightly longer, and so that excited us for sure.

Operator

Our next question comes from Gabriela Borges with Goldman Sachs. Please unmute your line and ask your question.

Gabriela BorgesAnalyst

Hi. Good afternoon. Thanks for taking the question. Burt, I wanted to connect the dots here on what you’re saying about Falcon Flex and the potential for reacceleration next year.

Is there anything you’re seeing in the Falcon Flex cohorts post July 19 versus those before July 19 in terms of average ARR increases, average deal sizes, etc., that would lead you to think that the conversion rates or the upsell rates on today’s Falcon Flex deals could look different a year from now versus the baseline that you already have?

Burt W. PodbereChief Financial Officer

Hi, Gabriela. So, I talked a little bit about the fact that we’ve seen deals being slightly larger, which is great. Still too early to tell what’s going to happen as these renewals come due. But certainly, it goes back to how we already thought about this and how we talked about it last quarter with respect to seeding the future and having the ability to do upsell on the renewal and getting customers to enjoy us more and wanting to use more.

We had over 150 Falcon Flex deals and that’s a great number. And then I think that we had accounts — at the end of the day, the accounts that have adopted the Falcon Flex model now represent more than $1.3 billion of total deal value, and in there with an average Falcon Flex subscription being multiples larger than our typical contract value. So, those are important takeaways. Flex customers, on average, have adopted more than nine modules.

So, if you factor all those things together, we get encouraged, again, by reacceleration in the back half of next year.

Operator

Our next question comes from Matt Hedberg with RBC. Please unmute your line and ask your question.

Matt HedbergAnalyst

Thanks, guys. Can you hear me OK?

Burt W. PodbereChief Financial Officer

Yep.

Matt HedbergAnalyst

OK. Great. George, a question for you. You talked about Next-Gen SIEM in the prepared remarks.

It’s really good to hear the growth that you’re seeing there. I guess I’m wondering, what are you seeing really from a competitive perspective? I think we all are thinking that there’s a good opportunity there, but just wondering about that. And then what are pushing some customers to change, I guess, is ultimately the question.

George KurtzCo-Founder, President, and Chief Financial Officer

Yeah. I think when you look at the Next-Gen SIEM market and one of the things that we really, again, helped, I would say, create and pioneer, it’s greater efficiencies, speed, and scalability, which is just not available in legacy products. The fact that we can basically give immediate outcomes because it’s all built into our system, right, this is concept of first-party data, which comes from CrowdStrike, a third-party data, well, we’ve created an incredible ecosystem and opened up the platform now where these workflows can be done within the Falcon platform and then aided by Charlotte AI. So, customers are putting more and more data into the technologies.

And they’re seeing the performance and the speed and maybe, more importantly, the cost differences between some of the legacy providers that are out there. And we go into a POV, and we go through all of the stats, and people kind of scratch their heads sometime to go, “OK, prove it.” And then when we get through it, they’re like, “We’ve never seen anything this fast or performant or get the outcome that we’re looking for.” So, we’re really excited about it. We keep broadening the ecosystem there. And I think it represents a tremendous opportunity for us in the short, medium, and long term.

It’s a huge business, Next-Gen SIEM, and we’re going to be front and center in it.

Operator

Our next question comes from Andy Nowinski with Wells Fargo. Please unmute your line and ask your question.

Andrew NowinskiAnalyst

OK. Good evening. Thanks for taking the question. First off, congrats on getting through what was likely your most challenging quarter you probably had in company history.

So, I wanted to ask a question again on Falcon Flex. I know you booked $1.3 billion in deals, and you talked about how it’s supercharging the adoption of your platform. But if I’m thinking about it correctly, I would think it’s also supercharging your customer retention rates because as customers deploy more modules, like you said, it seems like it makes it increasingly difficult to leave the platform. So, I guess, first, am I thinking about that correctly in terms of customer retention? And are you factoring in any improvement to ARR due to Falcon Flex going forward?

George KurtzCo-Founder, President, and Chief Financial Officer

Well, I’ll take the first part, and Burt, you can feel free to chime in. It absolutely makes the platform stickier. The more modules — we know this is a fact. The more modules customers use, the stickier the platform becomes.

And you’re talking nine, 10. We’ve talked about, I think, one of 14. That’s incredibly sticky because a lot of processes are built around that. So, from our perspective, it is a great opportunity for customers and for us, makes it stickier.

They get a better value. And again, what we’re seeing is, in general, we’re seeing customers adopt more faster, right, which if they adopt more and faster, that gives us the opportunity to go back in and top up those Falcon Flex pools. So, we are excited about the licensing mechanism. Customers are.

We talked about Adaptive Shield. The day we announced that, we were at Fal.Con Europe and a customer said, “OK, if I’m a Falcon Flex customer, can I use it Day 1 when it closes?” And we’re like, yes, since we closed the deal and we get it SKU-ed up, you’ll be able to use it, which again removes a lot of friction and aids in the adoption. So, anything to add, Burt?

Burt W. PodbereChief Financial Officer

Yeah. I think all the things that George said gives us more confidence in our ability to reaccelerate in the back half of next year.

Operator

Our next question comes from Gregg Moskowitz from Mizuho. Please unmute your line and ask your question.

Gregg MoskowitzAnalyst

OK. Great. Thank you very much. Your RPO growth accelerated quite strongly this quarter and your RPO bookings growth, which at least by our estimates, is greater than 60%.

That appears to be the highest we’ve seen since fiscal 2022. Now, clearly, the customer commitment packages, and Flex had a significant impact here. And so, I guess with that in mind, it would just be helpful, Burt, to get your perspective on, A, how the cRPO performance was; and B, how we should generally be thinking about what these strong bookings might mean for revenue recognition and ARR when we look down the road. Thanks.

Burt W. PodbereChief Financial Officer

Thanks, Gregg. So, I think, ultimately, when we think about RPO and we think about the increase, it does talk to just longer deals, longer duration. I think all the things that we’ve talked about, whether it’s CCP, whether it’s CrowdStrike Financial Services, they all add in terms of helping customers do more with us for longer periods of time, and that’s reflected in our RPO number.

Operator

Our next call comes from John DiFucci with Guggenheim. Please unmute your line and ask your question.

John DifucciAnalyst

Thanks for taking my question. Burt, listen, you’ve always been really clear, which has, I think, been great for investors and great for the stock, too. And ARR is always — and revenue have always been great — had a great connection over time. Can you — and I know there’s some small print, and I — but I don’t — can you explain to us what’s making this coupling diverge? And I don’t know, hopefully, it’s not a long explanation.

It’s probably why you haven’t said it. But can you do that? Can you give us like even if it’s temporary here? Because I don’t want to see — my model works great for you and you’re the first ones to do this. And it’s really clear and you put it right out there for everybody to see. But why is that going to diverge? Why could it diverge in the short term?

Burt W. PodbereChief Financial Officer

So, thanks, John. So, number one, for all your comments, appreciate all your comments that you made. So, first, big picture, it’s temporary. The divergence is temporary.

And I think it just talks to when you have a CCP and out of the gate, there is, for example, extended time that’s offered, there’s going to be a more immediate hit on ARR than revenue. It’s going to lag. And so, that’s how we think about it and that’s how I’ve tried to be clear on explaining it. Hopefully, that helps, John.

Operator

Thank you. This concludes today’s question-and-answer session. I would now like to turn the call back over to George Kurtz for closing remarks.

George KurtzCo-Founder, President, and Chief Financial Officer

OK. Thank you, operator. So, thank you all for your time today. We appreciate your continued support and look forward to seeing you at our upcoming investor events.

Duration: 0 minutes

Call participants:

Maria RileyVice President, Investor Relations

George KurtzCo-Founder, President, and Chief Financial Officer

Burt W. PodbereChief Financial Officer

Saket KaliaAnalyst

Hamza FodderwalaAnalyst

Burt PodbereChief Financial Officer

Brian EssexAnalyst

Patrick ColvilleAnalyst

Tal LianiAnalyst

Joel FishbeinAnalyst

Gabriela BorgesAnalyst

Matt HedbergAnalyst

Andrew NowinskiAnalyst

Gregg MoskowitzAnalyst

John DifucciAnalyst

More CRWD analysis

All earnings call transcripts



Source link

About The Author

Scroll to Top