The estimated $60 million CrowdStrike lost due to global computer outages is a fraction of the damages customers are claiming

New York
CNN
—

Cybersecurity firm CrowdStrike said it will give customers about $60 million in credits in response to the massive computer outage it caused last month so they can stay with the company. That may be just a fraction of the damage those customers say they suffered.

The company also lowered its full-year profit forecast by about $86 million to $109 million. But that still leaves CrowdStrike expecting to earn $3.9 billion for the year. All told, the earnings report was a boost for investors, who sent the stock up more than 5% in Thursday trading following Wednesday’s quarterly report.

The credits customers will receive on future invoices are part of what the company calls a “customer retention package.” The company told investors Wednesday that it still had a 98% customer retention rate after the incident.

A CrowdStrike spokesperson said Thursday that the funds are not necessarily a direct result of losses customers may have suffered during the outage.

Additionally, CrowdStrike told CNN that the compensation did not necessarily cover all of the company’s anticipated costs following the outage. In a call with investors on Wednesday, CFO Burt Podbere said it was too early to know the outcome of any potential litigation related to the incident, but that the company has insurance to help mitigate the cost impact of some of those claims.

The outlook for client compensation could be low. Delta Air Lines, one of the clients hardest hit by the outage, estimates losses alone could reach about $500 million from lost revenue from thousands of canceled flights, passenger compensation and other costs. CrowdStrike has said its contract with Delta limits its liability to less than $10 million.

The company’s guidance on compensation costs and full-year profits came as part of a strong earnings report. The company said it had a record adjusted profit of $260.8 million for the quarter ended July 31, up 47% from a year earlier. And the strong results left the company with $4 billion in cash on its balance sheet, up $300 million from what it had at the start of the quarter.

At market close on Wednesday, CrowdStrike (CRWD) shares were still down more than 20% since the outage. But they were up 33% from the post-outage low they hit three weeks ago.

The strong results beat Wall Street expectations, but even with the global computer crisis causing massive disruptions for everyone from retailers to delivery companies to hospitals and airlines, CrowdStrike’s profits were predicted to soar. That’s because it takes time for customers, even if they’re furious with the company, to find an alternative to CrowdStrike as they try to protect themselves from malicious hackers.

The company has admitted that the problem was caused by uploading a faulty software update to customers’ systems running Microsoft programs.

No one was hit harder than Delta Air Lines, which took nearly a week to resume normal operations after problems getting its crew-tracking software up and running again left the company unable to find the pilots and flight attendants it needed to operate.

Delta estimates the problems have cost the company $500 million in lost revenue and increased costs, and it is preparing to sue CrowdStrike and Microsoft in an attempt to recover those costs.

CrowdStrike and Microsoft have both criticized Delta, blaming the airline for the ongoing problems as other airlines quickly returned to normal operations. A letter from CrowdStrike’s legal counsel to Delta’s attorney said the company was prepared to fight any lawsuit and that its liability was contractually capped at several million dollars.

Investors may be left with more questions than answers after CrowdStrike’s financial report and Wednesday’s call with investors, Raj Joshi, a senior vice president at Moody’s who covers CrowdStrike, said ahead of the report.

“If performance goes down, it’s not going to show up in the numbers right away. There’s a lag,” he said. And he said part of that lag is that it will take time, even for companies that decide to drop CrowdStrike as their cybersecurity company, to make the switch to a competitor.

“The process could take three to six to nine months,” he said. The bigger problem for CrowdStrike, he said, is that it will be harder to sell additional services to existing customers who were already affected by the outage. Much of the company’s growth comes from that kind of repeat business from existing customers, he said.

Moody’s had only upgraded CrowdStrike from junk bond status to investment grade credit ratings in May. At the time, it had a positive outlook, meaning it expected further upgrades in the coming year to a half. The company wasn’t downgraded after the outage, but it did cut its outlook to neutral from positive, meaning its growth would likely be hurt even if it doesn’t lose many customers.

“The question is can the company manage its relationships with its customers and give them the confidence that this was a one-time event?” Joshi said.

This story has been updated with additional reporting and context.