Of the many risks facing a cybersecurity company that’s trying to raise money through an initial public offering, here’s one that might surprise some investors: cyber attacks.
Cybersecurity is important for everyone as hackers and governments continue to develop new and unique ways of stealing or compromising private information, which is more accessible than ever. Cloud computing creates more access points vulnerable to hacking, such as mobile and remote workers’ laptops, smartphones, and other connected devices that are rising in numbers by the billion.
While this problem is concerning to businesses and government agencies that want to protect their data, it’s especially important to the companies that sell cybersecurity software intended to prevent or respond to cyber incidents, according to CrowdStrike, a Sunnyvale, CA, cybersecurity business that is seeking to raise as much as $414 million in an IPO. That’s because companies like CrowdStrike are targets of cybercriminals more often than you might think.
“In particular, because we have been involved in the identification of organized cybercriminals and nation-state actors, we have been the subject of intense efforts by sophisticated cyber adversaries who seek to compromise our systems,” CrowdStrike wrote in a securities filing.
The “risk factors” section of securities filings are meant to give potential investors clear information about possible dangers of investing in the company—a set of worst-case scenario factors that may or may not happen. Cybersecurity could easily be a problem an investor doesn’t think about for a business that sells subscriptions to cloud-based artificial intelligence software that constantly analyzes all its customer data in order to watch out for and prevent attacks.
While CrowdStrike does warn of the problems the company would face if it experienced a breach, it also notes the vast amount of testing, training, and other security efforts it takes to stem an attacsk, according to the securities filing. It also maintains insurance policies to cover liabilities.
Founded in 2011, CrowdStripe filed its initial IPO paperwork on May 14. It announced Wednesday morning it would seek to sell 18 million shares for between $19 and $23 apiece. The company plans to list on the Nasdaq under the ticker symbol “CRWD,” and plans to use proceeds for general purposes like sales, and research and development. If the company sells its stock at the mid-range price of $21 each, it’d raise $351.2 million (or $404.8 million if underwriters exercise an option to buy additional shares).
As Xconomy reported earlier this month, the company has reported steadily increasing revenue over the past three years, while its net loss also rose as it invested in growth. CrowdStrike reported revenue of nearly $250 million for its 2019 fiscal year, which ended January 31, yet its net loss was $140.1 million. That’s up from revenue of $52.7 million and a net loss of $91.3 million in 2017. The company expects losses to continue as it tries to grab greater market share, according to securities filings.
CrowdStrike is competing with a wide-range of cybersecurity companies, including McAfee, Symantec, Cylance, Carbon Black, Palo Alto Networks, and FireEye, as Xconomy previously reported. The company most recently raised $200 million a year ago in a Series E funding round led by General Atlantic, Accel, and IVP.
Despite competition, CrowdStrike believes there’s plenty of room for security services, estimating the global market opportunity to be $29.2 billion by 2021, up from $24.6 billion this year.
