CrowdStrike Co-Founder and CEO George Kurtz joins Yahoo Finance Live to discuss the company's latest quarterly results, the outlook for cybersecurity spending, and expectations for cyberattacks in 2023.
- Shares of CrowdStrike took a hit last week following weaker-than-expected guidance issued for the fourth quarter. The cybersecurity company did beat on third-quarter earnings expectations on the top and bottom lines. Revenue was up 53% year-over-year.
For more on the recent quarter and an outlook on the cybersecurity landscape, we're joined by CrowdStrike cofounder and CEO George Kurtz. George, thank you so much for being here. And George is joining us on the phone. First of all, we've had this backdrop during this more constrained corporate spending environment that perhaps cybersecurity would be one of the last things that people wanted to cut. Is that view still intact, given what you are seeing from your clients?
GEORGE KURTZ: Well, thanks for being-- for having me here. I do think it's one of the areas that's difficult to cut. And again, what we talked about were some delays in how some of the contracts were staged and when they wanted to actually start their subscription. So the contracts are there. There are some staggered start dates.
And I think security is one of those resilient areas. It's going to be difficult to cut. And what we're seeing is that customers are really looking to try to consolidate their security spend with fewer vendors. And CrowdStrike is one of those security platforms that they're looking to harmonize around. So we feel good about that. And, obviously, when you look at the current environment, the macro backdrop, there's a lot of uncertainties that companies are taking into consideration when they're thinking about their own spend.
- When you think about CrowdStrike's growth, do you believe that the company has to do any more acquisitions in the near term in order to continue growing out not just the customer base, but the range of solutions that you're packaging underneath of that parent umbrella?
GEORGE KURTZ: Well, if you look at the enterprise penetration that we have in terms of modern corporate endpoints, according to IDC, we're number one. But it's 12% and change in terms of share. So there's a massive opportunity that's out there for us in front of us.
And I think when you look at these uncertain macroeconomic times, we're really going to be in a great position to look at other acquisitions that are out there. And we've got almost $2.5 billion in cash on the balance sheet. There's going to be a lot of companies that are what I call stuck in purgatory. They're not going to be able to get out and become public. People don't want to reset their valuations with new round.
So we're going to see what's out there. We continue to look at the landscape. And, obviously, a combination of organic and some second acquisitions could be possible. But nothing definitive. And we'll wait and see how the landscape unfolds.
- George, what type of cybersecurity risks do you see companies preparing for for next year?
GEORGE KURTZ: I think it's a lot of what we talked about. Certainly identity is one of the areas that's been in focus. When you look at a lot of these breaches that you've covered or read about or seen, a lot of them are identity based. 80% of the attacks have some form of credential theft, meaning they've stolen Microsoft Active Directory credentials. And they're using those to move laterally in the environment.
And one of the areas that we have focused on and we did an acquisition a couple of years ago called Preempt. And it's now integrated into the product as identity threat detection and prevention. And that's been an unbelievable module for us in our new business segment, if you will. It's the number one that we have. And we're excited about being able to protect those identities, which are critical to stopping breaches.
- George, just really quickly, what's the biggest emerging threat that you see, the new thing, the next thing on the horizon?
GEORGE KURTZ: Well, I think there is-- well, it really continues to evolve, what I would call a supply chain attack. And that is when you think about how companies construct software today, a lot of it is assembly. They'll take open-source technologies. They'll take other bits. They'll assemble it together. They'll call it their own.
And in that assembly, it is very easy for malicious code to be inserted into that. And we've seen that over several big breaches that are well known. And I think making sure that that supply chain, that code that's being used in your own production environment, keeping that as pristine as possible is going to be very key to success in the future. So we've got to keep an eye on that market as well. And it's one of the areas of real risk that companies are concerned about.