Mandatory Disclosure: A Paradigm Shift in Cybersecurity
Starting Monday, public companies will be obligated to disclose any “material” cybersecurity incidents. Kurtz highlights that this shift, as enforced by the Securities and Exchange Commission (SEC), signifies the transformation of cybersecurity from a backroom operation to a prominent concern in boardrooms.
Comprehensive Solutions and Rapid Growth
CrowdStrike’s core business revolves around its Falcon security platform, which safeguards millions of computers against hacking attempts. Nevertheless, the company also offers professional services to aid businesses, regardless of size, in responding to ongoing cyberattacks. According to financial filings, CrowdStrike’s professional services unit has witnessed year-over-year double-digit growth. Recent high-profile victims of hacking, such as Caesars Entertainment, Clorox, and MGM Resorts, underscore the importance of companies’ readiness to combat cyber threats. These incidents resulted in significant financial losses for the affected organizations, with Caesars paying a $15 million ransom and MGM Resorts incurring a $100 million hit for the quarter.
A Win-Win Situation: Incident Responses Driving Revenue
For every dollar companies invest in CrowdStrike’s hacking response services, the company generates, on average, approximately $6 in new subscription revenue. In its most recent quarter, CrowdStrike’s professional services unit, responsible for emergency response, witnessed a remarkable 57% year-over-year revenue growth. Kurtz emphasizes the inevitability of cyberattacks, stating that in most organizations, it is not a matter of “if,” but “when” an attack will occur. Thus, CrowdStrike’s expertise in incident response plays a crucial role in helping public companies determine whether to disclose cyber breaches based on the intelligence gathered during the response process.
Looking Towards Prevention and Collaboration
While incident response remains a significant facet of CrowdStrike’s business, Kurtz underscores the company’s primary focus on preventing attacks and providing proactive visibility to its customers. There is a growing acknowledgement of the prevailing cyber threats by the Cybersecurity and Infrastructure Security Agency, led by its director, Jen Easterly. Despite the time it takes for progress within the government, Kurtz notes the notable advancements made in recent years.