CrowdStrike Holdings, Inc.
Loading chart...
Overview
Founded in 2011, CrowdStrike reinvented cybersecurity for the cloud and artificial intelligence (“AI”) era and transformed the way cybersecurity is delivered and experienced by customers. When we started CrowdStrike, cyberattackers had an asymmetric advantage over legacy cybersecurity products that could not keep pace with rapid changes in adversary tactics, a dynamic that has intensified as adversaries increasingly leverage automation, identity abuse, and AI to operate at machine speed.
We took a fundamentally different approach to solve this problem with the AI-native CrowdStrike Falcon cybersecurity platform, which serves as the operating system for cybersecurity. CrowdStrike built the first, true, cloud-native platform with AI at the core, capable of harnessing vast amounts of security and enterprise data to drive real-time security decisions and response – stopping breaches at scale through a single lightweight sensor.
The CrowdStrike Falcon platform is designed to be the definitive platform for cybersecurity consolidation, purpose-built to stop breaches. The platform’s single, lightweight sensor collects and integrates data from across the enterprise, including endpoints, cloud workloads, identities, and third-party sources. This data is ingested once and reused across multiple security functions, forming the foundation for detection, investigation, and response across the platform. We use this to train our AI to detect and prevent threats and drive workflow automation to give security teams machine speed advantage to stop adversaries. By consolidating and replacing legacy point products and fragmented platforms across key areas of security and IT, the Falcon platform delivers a unified, modern approach that increases capabilities, reduces complexity, and lowers costs – all while stopping breaches.
We believe our approach has defined a new category called the AI Security Cloud, which has the power to transform the cybersecurity industry the same way the cloud has transformed the customer relationship management, human resources, and service management industries. Using cloud-scale AI, our AI Security Cloud enriches and correlates trillions of cybersecurity events per week with indicators of attack, threat intelligence, and enterprise data (including data from across endpoints, workloads, identities, DevOps, IT assets, configurations and AI interactions). This data is continuously curated, labeled, and validated through real-world security operations, including managed detection and response, threat intelligence, and incident response activities, creating high-fidelity intelligence grounded in real adversary behavior and outcomes – cyber Reinforced Learning from Human Feedback (“RLHF”) at scale.
This intelligence is used to train and refine our AI models, enabling the Falcon platform to provide real-time context on adversary behavior, inform security decisions, and automatically prevent threats across our customer base. The more data that is fed into our Falcon platform, the more intelligent the AI Security Cloud becomes, the stronger our ability to anticipate and counter evolving adversary tradecraft, and the more our customers benefit, creating a powerful network effect that increases the overall value we provide.
CrowdStrike: The Architectural Purpose Behind the Platform
Our Falcon platform was purpose-built in the cloud to harness the power of data and AI to deliver the next generation of automated protection and provide threat hunters with the intelligence required to stop sophisticated attacks, including malware-free and fileless attacks. This approach has made CrowdStrike an industry leader in protection across endpoints, cloud workloads, identity data, and AI systems, delivering consistent security execution across hybrid and cloud environments, and allowing us to rapidly extend this best-in-class protection across new and emerging areas of enterprise risk.
Today, we offer 33 cloud modules on our Falcon platform via a SaaS subscription-based model that spans multiple large markets, including corporate endpoint and cloud workload security, managed security services, security and vulnerability management, IT operations management, identity protection, next-generation security information and event management (“SIEM”) and log management, threat intelligence services, data protection, SaaS security posture management, Security Orchestration, Automation and Response (“SOAR”) and AI powered workflow automation, and security for generative AI and AI-driven systems through AI detection and response.
4
Our Falcon platform is composed of tightly integrated, proprietary technologies that enable us to deliver superior protection and performance, while reducing complexity for our customers. Our Falcon platform consists of our easily deployed, intelligent lightweight sensor, and our Enterprise Graph, which unifies our ground-breaking graph technologies into a single, connected intelligence layer.
Our single, lightweight-sensor approach has changed how organizations experience cybersecurity, delivering protection without impacting the user, resources or productivity. With the lightweight sensor installed on each endpoint and cloud workload, our Falcon platform automates detection and prevention capabilities in real time across our entire global customer base. This also enables our Falcon platform to intelligently ingest data once and stream high fidelity data back into the Security Cloud to be re-used for multiple use cases, continuously improve our Falcon platform’s AI algorithms and make its real-time decision-making faster and smarter to keep customers ahead of changing adversary tactics.
Our Enterprise Graph correlates and contextualizes the vast data of our Security Cloud to transform raw signals into authoritative security context, enabling us to collect data once and reuse it repeatedly to support real-time detection, investigation, and response across the platform. By creating a living, connected model of the enterprise, the Enterprise Graph makes signals immediately actionable by both AI-driven workflows and human analysts. The highly advanced graph technologies underpinning the Falcon platform include:
•Our Threat Graph, which uses a combination of AI and behavioral pattern-matching techniques to correlate and analyze trillions of cybersecurity events, enriched with threat intelligence, and third-party data to identify and link threat activity together to automatically prevent threats in real time across CrowdStrike’s global customer base. This also provides customers with increased visibility of attacks for proactive threat hunting and timely detection and remediation of novel threats.
•Our Intel Graph, which analyzes and correlates data and threat intelligence to visualize the connections between adversaries and attacks to help customers prioritize investigations and gain a deep understanding of the threat landscape. The latest intel on adversaries, tactics, techniques, and procedures is delivered seamlessly within the CrowdStrike Falcon platform and is mapped to the MITRE ATT&CK® framework.
•Our Asset Graph, which dynamically monitors and tracks the complex interactions among assets, providing a single holistic view of the risks those assets pose. Asset Graph provides graph visualizations of the relationships among all assets such as devices, users, accounts, applications, cloud workloads and operations technology, along with the rich context necessary for proper security hygiene and proactive security posture management to reduce risk in their organizations - without impacting IT.
The Falcon platform was purpose-built with the foresight that the future of cybersecurity would need to be cloud-native and AI-driven. While AI is revolutionizing many technology fields, including cybersecurity solutions, to be truly effective, algorithms that enable AI depend on the quality and volume of data that trains them and the selection of the right differentiating features from that data.
This is why we believe our Security Cloud and our cloud-native architecture creates a fundamental differentiator from our competitors. The expansive amount of high fidelity data crowdsourced and captured in our Security Cloud enables the continuous training of our algorithms. We call this cloud-scale AI. Our technology is uniquely effective because we not only have a massive amount of high fidelity data to continuously train our AI models but also because we couple that data with deep human cybersecurity expertise, which supports our industry-leading efficacy and low false positives.
By analyzing and correlating information across our massive, crowdsourced dataset, we are able to deploy our AI algorithms at cloud-scale and build a more intelligent, effective solution to detect threats and stop breaches that on-premise, cloud-hosted and hybrid products cannot match due to the inherent architectural limitations those products have with respect to data storage and analysis. The more data that is fed into our Falcon platform, the more intelligent the Security Cloud becomes, and the more our customers benefit, creating a powerful network effect that increases the overall value we provide.
5
Industry Background: The Trends Driving a Need for a New Approach to Security
We believe there are a number of important trends that drive the need for a new approach to security. These include:
•The Increasing Speed, Sophistication and Disruption of Cybersecurity Threats: Adversary sophistication continues to increase as militaries and intelligence services of well-funded nation-states, technically advanced criminal organizations and hackers advance their tactics. In addition, the commoditization of technologies like generative AI makes it easier for low-skilled adversaries to move faster and launch more sophisticated attacks. This includes non-malware based attacks like social engineering that exploit user identities and credentials. These attacks are pervasive, targeting a broad range of industries including technology, transportation, healthcare, financial services, governments and political organizations, utility, retail, and public infrastructure. The number and scale of attacks continue to increase. The typical attack cycle starts with attackers attempting to penetrate endpoints to establish a beachhead. Once inside, adversaries steal and exploit legitimate credentials to escalate privileges, move laterally and progress and attack, often downloading malware or ransomware. At this stage in the threat lifecycle, the adversary is able to encrypt, destroy, or silently exfiltrate sensitive data.
•An Expanded Attack Surface Driven By Cloud, AI and Distributed Environments: Organizations everywhere are embracing digital transformation and are becoming more distributed as they adopt the cloud, increase workforce mobility, and grow their number of connected devices. They are adding more workloads to a myriad of different endpoints beyond the traditional cybersecurity perimeter, exposing an increasingly broad attack surface to adversaries. This trend accelerated significantly with the need to support an increasingly remote workforce in 2020 due to the COVID-19 pandemic and we believe this trend continues today.
•A Growing Cyber Skills Gap: Trained cybersecurity professionals are in high demand, and organizations continue to face a dire shortage of talent to fill much needed cybersecurity positions. As a result, existing cybersecurity teams are often overwhelmed by the velocity of cyberattacks and the operational burden created by fragmented tools, siloed data, and high volumes of low-fidelity alerts that require manual investigation and correlation across multiple systems. Adversaries exploit this complexity by accelerating attacks, while AI-enabled techniques compress response windows, increasing the need for automation and AI-driven security execution to keep pace.
•The Need to Reduce Complexity and Simplify Security Operations: Organizations are increasingly looking to reduce the complexity of their security and IT stack. Modern security requires fewer point products, fewer agents and technologies that consume fewer resources. Increasingly, organizations are looking to standardize on trusted platforms that deliver an immediate return on investment and lower total cost of ownership.
Competitive Market: Existing Security Solutions Are Limited and Exacerbate Ongoing Trends:
We believe the aforementioned trends are exacerbated by the architectural limitations of legacy cybersecurity products and fragmented platforms, which are characterized by:
•On-Premise Security and Bolt-On Cloud Products That Lead to Constrained and Impacted Users: On-premise products are siloed, lack integration, and have limited ability to collect, process, and analyze vast amounts of data—attributes that are required to be effective in today’s increasingly dynamic threat landscape. Meanwhile, these solutions often require more sensors on the endpoint as new capabilities are patchworked together, which can have a dramatic negative impact on user performance.
Many on-premise vendors have tried to solve this problem by simply extending on-premise products to the cloud. Since their products were not purpose built to run in the cloud, traditional on-premise issues such as complex deployments, data silos, lack of integrations, limited scalability, and high maintenance costs continue to manifest. We believe that any product that was originally designed for on-premise deployments and migrated to the cloud cannot by definition be a cloud native solution.
Some other vendors attempt to solve this problem by acquiring disparate products and stitching them together into fragmented platforms. This can force customers to focus on implementing integrations, not security outcomes and stopping the breach. The resulting complexity can impede workflows and slow down response time.
6
•Legacy Signature-Based Products That Are Not Effective Against Unknown Threats: Signature-based products are designed to detect attacks that are already cataloged as previously identified threats. As a result, such products are fundamentally unable to prevent unknown threats resulting from shifts in attacker tradecraft. An attacker may be able to bypass a signature-based defense with just a slight modification to an existing attack. Many significant breaches seen in the last two decades have involved the failure of a legacy signature-based antivirus product to detect a previously unknown or modified version of a previously known attack.
•Malware-Focused Products That Miss Sophisticated Attacks: Traditionally, organizations have focused on protecting their networks and endpoints against malware-based attacks. These attacks involve malware built for the specific purpose of performing malicious activities, stealing data, or destroying systems. Our 2026 Global Threat Report observed that 82% of detections were malware-free. Therefore, a malware-centric defensive approach will leave the organization vulnerable to attacks that do not leverage malware.
•Application Whitelisting Products That Are Ineffective: Application whitelisting products resort to an “always allow” or “always block” policy on an endpoint to allow or prevent processes from executing. Whitelisting relies in part on manually creating and maintaining a complex list of rules, burdening end users and IT organizations. This does not prevent fileless attacks from exploiting legitimate whitelisted applications, compromising the integrity of the whitelisting product.
•The Limitations of Legacy SIEMs: Originally designed years or even decades ago for a vastly different cybersecurity landscape, legacy SIEM solutions struggle to meet the demands of modern security operations. These systems lack the scalability to handle today’s data volumes and adversary speed, while escalating costs make centralized data collection and retention increasingly difficult. Poor scalability contributes to siloed, disjointed SOC architectures, forcing analysts to manually correlate data across multiple consoles, diverting time and resources from threat detection and response. Complex onboarding processes further delay time-to-value, requiring significant effort to integrate new data sources. As a result, legacy SIEMs hinder operational efficiency, limit visibility, and increase the risk of data breaches.
CrowdStrike: Built for This Moment and the Future
We believe that the cloud-native architecture of the Falcon platform and Security Cloud provides a sustainable advantage in addressing the needs of our customers as their businesses and the threat landscape continues to evolve.
We offer our customers compelling business value that includes ease of adoption, rapid time-to-value, superior efficacy rates in detecting threats and preventing breaches, and reduced total cost of ownership by consolidating legacy, siloed, and multi-sensor security products in a single solution. We also allow thinly-stretched security organizations to automate previously manual tasks, freeing them to focus on their most important objectives. With the Falcon platform, organizations can transform how they combat threats, evolving from slow, manual, and reactionary to fast, automated, and predictive, while gaining visibility across the threat lifecycle.
Loading financial statements...
Financial statements
data from SEC XBRL filings. Values are as-reported; restatements supersede originals.
| Line item |
|---|
ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with the consolidated financial statements and related notes thereto included in Item 8 “Financial Statements and Supplementary Data” in this Annual Report on Form 10-K. This section of this Form 10-K generally discusses fiscal 2026 and 2025 items and year-over-year comparisons between fiscal 2026 and 2025. Discussions of fiscal 2024 items and year-over-year comparisons between fiscal 2025 and 2024 are not included in this Form 10-K, and can be found in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Part II, Item 7 of our Annual Report on Form 10-K for the fiscal year ended January 31, 2025. As discussed in Note 1 and Note 16 to the Consolidated Financial Statements included in this report, the Company revised its fiscal 2025 and 2024 financial results to correct for an immaterial error discovered during the fourth quarter of fiscal 2026. The revisions are intended to ensure comparability across all periods reflected herein. Some of the information contained in this discussion and analysis or set forth elsewhere in this Annual Report on Form 10-K, including information with respect to our plans and strategy for our business, includes forward-looking statements that involve risks and uncertainties, including those described under the heading “Special Note Regarding Forward-Looking Statements.” You should review the disclosure under Part I, Item 1A, “Risk Factors” in this Annual Report on Form 10-K for a discussion of important factors that could cause actual results to differ materially from the results described in or implied by the forward-looking statements contained in the following discussion and analysis. Our fiscal years ended January 31, 2026, January 31, 2025, and January 31, 2024, are referred to herein as fiscal 2026, fiscal 2025, and fiscal 2024, respectively.
Overview
Founded in 2011, we reinvented cybersecurity for the cloud era and transformed the way cybersecurity is delivered and experienced by customers. When we started CrowdStrike, cyberattackers had an asymmetric advantage over legacy cybersecurity products that could not keep pace with the rapid changes in adversary tactics. We took a fundamentally different approach to solve this problem with the AI-native CrowdStrike Falcon platform – the first, true cloud-native unified platform built with artificial intelligence (“AI”) at the core, capable of harnessing vast amounts of security and enterprise data to deliver highly modular solutions through a single lightweight sensor.
We believe our approach has defined a new category called the Security Cloud, which has transformed the cybersecurity industry the same way the cloud has transformed the customer relationship management, human resources, and service management industries. Using cloud-scale AI, our Security Cloud enriches and correlates trillions of cybersecurity events per week with indicators of attack, threat intelligence, and enterprise data (including data from across endpoints, workloads, identities, DevOps, IT assets, and configurations) to create actionable data, identify shifts in adversary tactics, and automatically prevent threats in real-time across our customer base. The more data that is fed into our Falcon platform, the more intelligent our Security Cloud becomes, and the more our customers benefit, creating a powerful network effect that increases the overall value we provide.
Our Go-To-Market Strategy
We sell subscriptions to our Falcon platform and cloud modules to organizations across multiple industries. We primarily sell subscriptions to our Falcon platform and cloud modules through our direct sales team that leverages our network of channel partners. Our direct sales team is comprised of field sales and inside sales professionals who are segmented by a customer’s number of endpoints.
We have a low friction land-and-expand sales strategy. When customers deploy our Falcon platform, they can start with any number of cloud modules and easily add additional cloud modules. Once customers experience the benefits of our Falcon platform, they often expand their adoption over time by adding more endpoints or purchasing additional modules. We also use our sales team to identify current customers who may be interested in free trials of additional cloud modules, which serves as a powerful driver of our land-and-expand model. By segmenting our sales teams, we can deploy a low-touch sales model that efficiently identifies prospective customers.
We began as a solution for large enterprises, but the flexibility and scalability of our Falcon platform has enabled us to seamlessly offer our solution to customers of any size. We have expanded our sales focus to include any sized organization without the need to modify our Falcon platform for small and medium sized businesses.
60
A substantial majority of our customers purchase subscriptions with a term over one year. Our subscriptions are generally priced on a per-endpoint and per-module basis. We recognize revenue from our subscriptions ratably over the term of the subscription. We also generate revenue from our incident response and proactive professional services, which are generally priced on a time and materials basis. We view our professional services business primarily as an opportunity to cross-sell subscriptions to our Falcon platform and cloud modules.
Certain Factors Affecting Our Performance
Adoption of Our Solutions. We believe our future success depends in large part on the growth in the market for cloud-based SaaS-delivered endpoint security solutions. Many organizations have not yet abandoned the on-premise legacy products in which they have invested substantial personnel and financial resources to design and maintain. As a result, it is difficult to predict customer adoption rates and demand for our cloud-based solutions.
New Customer Acquisition. Our future growth depends in large part on our ability to acquire new customers. If our efforts to attract new customers are not successful, our revenue and rate of revenue growth may decline. We believe that our go-to-market strategy and the flexibility and scalability of our Falcon platform allow us to rapidly expand our customer base. Our incident response and proactive services also help drive new customer acquisitions, as many of these professional services customers subsequently purchase subscriptions to our Falcon platform. Many organizations have not yet adopted cloud-based security solutions, and since our Falcon platform has offerings for organizations of all sizes, worldwide, and across industries, we believe this presents a significant opportunity for growth.
Maintain Customer Retention and Increase Sales. Our ability to increase revenue depends in large part on our ability to retain our existing customers and increase the size of their subscriptions. We focus on increasing sales to our existing customers by expanding their deployments to more endpoints and selling additional cloud modules for increased functionality. Over time we have transitioned our platform from a single offering into highly-integrated offerings of multiple cloud modules.
Invest in Growth. We believe that our market opportunity is large and requires us to continue to invest significantly in sales and marketing efforts to further grow our customer base, both domestically and internationally. Our open cloud architecture and single data model have allowed us to rapidly build and deploy new cloud modules, and we expect to continue investing in those efforts to further enhance our technology platform and product functionality. In addition to our ongoing investment in research and development, we may also pursue acquisitions of businesses, technologies, and assets that complement and expand the functionality of our Falcon platform, add to our technology or security expertise, or bolster our leadership position by gaining access to new customers or markets. Furthermore, we expect our general and administrative expenses to increase in dollar amount for the foreseeable future given the additional expenses for accounting, compliance, and investor relations as we grow.
July 19 Incident. On July 19, 2024, we released a content configuration update for our Falcon sensor that resulted in system crashes for certain Windows systems (the “July 19 Incident”). As a result of the July 19 Incident, we are subject to lawsuits, claims and inquiries as described in Note 10, Commitments and Contingencies, in Part II, Item 8 of this Annual Report on Form 10-K. We have incurred, and expect to continue to incur, significant legal and professional services and other general and administrative expenses associated with the July 19 Incident in future periods. It is not reasonably possible to quantify the precise impact of the July 19 Incident, but the incident has adversely affected our results of operations, and we currently expect a number of factors relating to the incident to adversely affect our key metrics and results of operations in future periods. While we have maintained high dollar-based gross retention rates following the incident, we have experienced delays in creating sales opportunities and longer sales cycles, including delays in customer purchasing decisions. Sales cycles may be elongated in future periods. In addition, because our customers typically sign contracts with terms over one year, customer churn and any corresponding impact to our key metrics and revenue may occur in future periods. Customer commitment packages introduced following the July 19 Incident have included discounting, additional modules, professional services, flexible payment terms or subscription period extensions. Our customer commitment packages have resulted, and are expected to continue to result, in increased contraction, due to elongated subscription terms, and decreased upsell dollar values.
61
Key Metrics
We monitor the following key metrics to help us evaluate our business, identify trends affecting our business, formulate business plans, and make strategic decisions.
Annual Recurring Revenue (“ARR”)
ARR is calculated as the annualized value of our customer subscription contracts as of the measurement date, assuming any contract that expires during the next 12 months is renewed on its existing terms. To the extent that we are negotiating a renewal with a customer after the expiration of the subscription, we continue to include that revenue in ARR if we are actively in discussion with such organization for a new subscription or renewal, or until such organization notifies us that it is not renewing its subscription.
The following table sets forth our ARR as of the dates presented (dollars in thousands):
| As of January 31, | |||||||||||||||
| 2026 | 2025 | ||||||||||||||
| Annual recurring revenue | $ | 5,252,751 | $ | 4,241,838 | |||||||||||
| Year-over-year growth | 24 | % | 23 | % | |||||||||||
ARR increased 24% year-over-year and grew to $5.3 billion as of January 31, 2026, of which $1.0 billion was net new ARR added during fiscal 2026. ARR increased 23% year-over-year and grew to $4.2 billion as of January 31, 2025, of which $806.7 million was net new ARR added during fiscal 2025.
Dollar-Based Net Retention Rate
Our dollar-based net retention rate compares our ARR from a set of subscription customers against the same metric for those subscription customers from the prior year. Our dollar-based net retention rate reflects customer renewals, expansion, contraction, and churn, and excludes revenue from our incident response and proactive services. We calculate our dollar-based net retention rate as of period end by starting with the ARR from all subscription customers as of 12 months prior to such period end, or Prior Period ARR. We then calculate the ARR from these same subscription customers as of the current period end, or Current Period ARR. Current Period ARR includes any expansion and is net of contraction or churn over the trailing 12 months but excludes revenue from new subscription customers in the current period. We then divide the Current Period ARR by the Prior Period ARR to arrive at our dollar-based net retention rate. For the purposes of calculating our dollar-based net retention rate, we define a subscription customer as a separate legal entity that has entered into a distinct subscription agreement for access to our Falcon platform for which the term has not ended or with which we are negotiating a renewal contract. We do not consider our channel partners as customers, and we treat managed service security providers, who may purchase our products on behalf of multiple companies, as a single customer.
Our dollar-based net retention rate can fluctuate from period to period due to large customer contracts in a given period and incentives provided, which may reduce our dollar-based net retention rate in subsequent periods. In addition, if our customers are not able to fully utilize their product subscriptions (including in connection with our flexible subscription offering), we may experience increased contraction as such customers may elect to renew with shorter subscription periods, fewer cloud modules, fewer endpoints or smaller contract values, which may reduce our dollar-based net retention rate.
| As of January 31, | |||||||||||||||
| 2026 | 2025 | ||||||||||||||
| Dollar-based net retention rate | 115 | % | 112 | % | |||||||||||
62
Components of Our Results of Operations
Revenue
Subscription Revenue. Subscription revenue primarily consists of subscription fees for our Falcon platform and additional cloud modules that are supported by our cloud-based platform. Subscription revenue is driven primarily by the number of subscription customers, the number of endpoints per customer, and the number of cloud modules included in the subscription. We recognize subscription revenue ratably over the term of the agreement, which is generally one to three years. We generally invoice our subscription customers at the beginning of the subscription term, or in some instances, such as in multi-year arrangements, in installments. Consequently, a substantial portion of the revenue that we report in each period is attributable to the recognition of deferred revenue relating to subscriptions that we entered into during previous periods.
Professional Services Revenue. Professional services revenue includes incident response and proactive services, forensic and malware analysis, attribution analysis, operationalizing the Falcon Platform, residency program, and active defense services. Professional services are generally sold separately from subscriptions to our Falcon platform, although customers frequently enter into a separate arrangement to purchase subscriptions to our Falcon platform at the conclusion of a professional services arrangement. Professional services are available through hourly rate and fixed fee contracts, one-time and ongoing engagements, and retainer-based agreements. For time and materials and retainer-based arrangements, revenue is recognized as services are performed. Fixed fee contracts account for an immaterial portion of our revenue.
Cost of Revenue
Subscription Cost of Revenue. Subscription cost of revenue consists primarily of costs related to hosting our cloud-based Falcon platform in data centers, amortization of our capitalized internal-use software, employee-related costs such as salaries and bonuses, stock-based compensation expense, benefits costs associated with our operations and support personnel, software license fees, property and equipment depreciation, amortization of acquired intangibles, and an allocated portion of facilities and administrative costs.
As new customers subscribe to our platform and existing subscription customers increase the number of endpoints on our Falcon platform, our cost of revenue will increase due to greater cloud hosting costs related to powering new cloud modules and the incremental costs for storing additional data collected for such cloud modules and employee-related costs. We intend to continue to invest additional resources in our cloud platform and our customer support organizations as we grow our business. The level and timing of investment in these areas could affect our cost of revenue in the future.
Professional Services Cost of Revenue. Professional services cost of revenue consists primarily of employee-related costs, such as salaries and bonuses, stock-based compensation expense, consulting expense, and an allocated portion of facilities and administrative costs.
Gross Profit and Gross Margin
Gross profit and gross margin have been and will continue to be affected by various factors, including the timing of our acquisition of new subscription customers, renewals from existing subscription customers, sales of additional modules to existing subscription customers, the data center and bandwidth costs associated with operating our cloud platform, the extent to which we expand our customer support and cloud operations organizations, and the extent to which we can increase the efficiency of our technology, infrastructure, and data centers through technological improvements. We expect our gross profit to increase in dollar amount and our gross margin to increase modestly over the long term as we grow our business, although our gross margin could fluctuate from period to period depending on the interplay of these factors. Demand for our incident response services is driven by the number of breaches experienced by non-customers. Also, we view our professional services solutions in the context of our larger business and as a significant lead generator for new subscriptions. Because of these factors, our services revenue and gross margin may fluctuate over time.
Operating Expenses
Our operating expenses consist of sales and marketing, research and development, and general administrative expenses. For each of these categories of expense, employee-related expenses are the most significant component, which include salaries,
63
employee bonuses, sales commissions, and employer payroll tax. Operating expenses also include an allocated portion of overhead costs for facilities and other administrative functions.
Sales and Marketing. Sales and marketing expenses primarily consist of employee-related expenses such as salaries, commissions, and bonuses. Sales and marketing expenses also include stock-based compensation; expenses related to our marketing programs; and an allocated portion of facilities and administrative expenses. Sales and marketing expenses also include the amortization of deferred contract acquisition costs, which includes commissions and any other incremental payments made upon the initial acquisition of a subscription or upsells to existing customers, which are capitalized and amortized over the estimated customer life. We also capitalize and amortize any such expenses paid for the renewal of a subscription over the term of the renewal.
We expect sales and marketing expenses to increase in dollar amount as we continue to make significant investments in our sales and marketing organization to drive additional revenue, further penetrate the market, and expand our global customer base. However, we anticipate sales and marketing expenses to decrease as a percentage of our total revenue over time as we grow our business, although our sales and marketing expenses may fluctuate as a percentage of our total revenue from period to period depending on the timing of these expenses.
Research and Development. Research and development expenses primarily consist of employee-related expenses such as salaries and bonuses; stock-based compensation; cloud hosting and related costs; and an allocated portion of facilities and administrative expenses. Our cloud platform is software-driven, and our research and development teams employ software engineers in the design, and the related development, testing, certification, and support of these solutions.
We expect research and development expenses to increase in dollar amount as we continue to increase investments in our technology architecture and software platform. However, we anticipate research and development expenses to decrease as a percentage of our total revenue over time as we grow our business, although our research and development expenses may fluctuate as a percentage of our total revenue from period to period depending on the timing of these expenses.
General and Administrative. General and administrative expenses consist of employee-related expenses such as salaries and bonuses; stock-based compensation; and related expenses for our executive, finance, human resources, and legal organizations. In addition, general and administrative expenses include outside legal, accounting, and other professional fees; and an allocated portion of facilities and administrative expenses.
We expect general and administrative expenses to increase in dollar amount over time. We expect to incur significant legal and professional services and other expenses associated with the July 19 Incident and related matters in future periods. General and administrative expenses may fluctuate as a percentage of our total revenue from period to period depending on the timing of these expenses.
Interest Expense. Interest expense consists primarily of amortization of debt issuance costs, contractual interest expense for our Senior Notes issued in January 2021, and amortization of debt issuance costs on our revolving facility, which expired in January 2026.
Interest Income. Interest income consists primarily of income earned on our cash and cash equivalents.
Other Income (Expense), Net. Other income (expense), net consists primarily of gains and losses on strategic investments and foreign currency transaction gains and losses.
Provision for Income Taxes. Provision for income taxes consists of state income taxes in the United States, foreign income taxes, and withholding taxes related to customer payments in certain foreign jurisdictions in which we conduct business. We maintain a full valuation allowance on our U.S. federal and state and certain foreign deferred tax assets, including net operating loss carryforwards and tax credits, which we have determined are not realizable on a more-likely-than-not basis. We regularly evaluate the need for a valuation allowance.
Net Income Attributable to Non-controlling Interest. Net income attributable to non-controlling interest consists of the Falcon Funds’ non-controlling interest share of gains and losses and interest income from our strategic investments.
64
Results of Operations
The following tables set forth our consolidated statements of operations for each period presented (in thousands, except percentages):
| Year Ended January 31, | |||||||||||||||||
| 2026 | 2025 | 2024 | |||||||||||||||
| Revenue | |||||||||||||||||
| Subscription | $ | 4,564,683 | $ | 3,761,480 | $ | 2,870,557 | |||||||||||
| Professional services | 247,322 | 192,144 | 184,998 | ||||||||||||||
| Total revenue | 4,812,005 | 3,953,624 | 3,055,555 | ||||||||||||||
| Cost of revenue | |||||||||||||||||
| Subscription | 1,015,915 | 834,578 | 632,743 | ||||||||||||||
| Professional services | 203,014 | 155,594 | 126,186 | ||||||||||||||
| Total cost of revenue | 1,218,929 | 990,172 | 758,929 | ||||||||||||||
| Gross profit | 3,593,076 | 2,963,452 | 2,296,626 | ||||||||||||||
| Operating expenses | |||||||||||||||||
| Sales and marketing | 1,831,254 | 1,523,001 | 1,140,275 | ||||||||||||||
| Research and development | 1,384,770 | 1,075,587 | 780,319 | ||||||||||||||
| General and administrative | 670,344 | 481,264 | 395,173 | ||||||||||||||
| Total operating expenses | 3,886,368 | 3,079,852 | 2,315,767 | ||||||||||||||
| Loss from operations | (293,292) | (116,400) | (19,141) | ||||||||||||||
| Interest expense | (28,021) | (26,311) | (25,756) | ||||||||||||||
| Interest income | 194,969 | 196,174 | 148,930 | ||||||||||||||
| Other income (expense), net | (645) | 5,101 | 1,638 | ||||||||||||||
| Income (loss) before provision for income taxes | (126,989) | 58,564 | 105,671 | ||||||||||||||
| Provision for income taxes | 34,176 | 71,130 | 32,232 | ||||||||||||||
| Net income (loss) | (161,165) | (12,566) | 73,439 | ||||||||||||||
| Net income attributable to non-controlling interest | 1,337 | 2,675 | 1,258 | ||||||||||||||
| Net income (loss) attributable to CrowdStrike | $ | (162,502) | $ | (15,241) | $ | 72,181 | |||||||||||
65
The following table presents the components of our consolidated statements of operations as a percentage of total revenue for the periods presented:
| Year Ended January 31, | |||||||||||||||||
| 2026 | 2025 | 2024 | |||||||||||||||
| % | % | % | |||||||||||||||
| Revenue | |||||||||||||||||
| Subscription | 95 | % | 95 | % | 94 | % | |||||||||||
| Professional services | 5 | % | 5 | % | 6 | % | |||||||||||
| Total revenue | 100 | % | 100 | % | 100 | % | |||||||||||
| Cost of revenue | |||||||||||||||||
| Subscription | 21 | % | 21 | % | 21 | % | |||||||||||
| Professional services | 4 | % | 4 | % | 4 | % | |||||||||||
| Total cost of revenue | 25 | % | 25 | % | 25 | % | |||||||||||
| Gross profit | 75 | % | 75 | % | 75 | % | |||||||||||
| Operating expenses | |||||||||||||||||
| Sales and marketing | 38 | % | 39 | % | 37 | % | |||||||||||
| Research and development | 29 | % | 27 | % | 26 | % | |||||||||||
| General and administrative | 14 | % | 12 | % | 13 | % | |||||||||||
| Total operating expenses | 81 | % | 78 | % | 76 | % | |||||||||||
| Loss from operations | (6) | % | (3) | % | (1) | % | |||||||||||
| Interest expense | (1) | % | (1) | % | (1) | % | |||||||||||
| Interest income | 4 | % | 5 | % | 5 | % | |||||||||||
| Other income (expense), net | — | % | — | % | — | % | |||||||||||
| Income (loss) before provision for income taxes | (3) | % | 1 | % | 3 | % | |||||||||||
| Provision for income taxes | 1 | % | 2 | % | 1 | % | |||||||||||
| Net income (loss) | (3) | % | — | % | 2 | % | |||||||||||
| Net income attributable to non-controlling interest | — | % | — | % | — | % | |||||||||||
| Net income (loss) attributable to CrowdStrike | (3) | % | — | % | 2 | % | |||||||||||
Comparison of Fiscal 2026 and Fiscal 2025
Revenue
The following shows total revenue from subscriptions and professional services for fiscal 2026, as compared to fiscal 2025 (in thousands, except percentages):
| Year Ended January 31, | Change | |||||||||||||||||||||
| 2026 | 2025 | $ | % | |||||||||||||||||||
| Subscription | $ | 4,564,683 | $ | 3,761,480 | $ | 803,203 | 21 | % | ||||||||||||||
| Professional services | 247,322 | 192,144 | 55,178 | 29 | % | |||||||||||||||||
| Total revenue | $ | 4,812,005 | $ | 3,953,624 | $ | 858,381 | 22 | % | ||||||||||||||
Total revenue increased by $858.4 million, or 22%, in fiscal 2026, as compared to fiscal 2025. Subscription revenue accounted for 95% of total revenue for each of fiscal 2026 and fiscal 2025. Professional services revenue accounted for 5% of total revenue for each of fiscal 2026 and fiscal 2025.
Subscription revenue increased by $803.2 million, or 21% in fiscal 2026, as compared to fiscal 2025, which was primarily driven by a combination of the addition of new customers and the sale of additional sensors and modules to existing customers.
66
Professional services revenue increased by $55.2 million, or 29%, in fiscal 2026, as compared to fiscal 2025, which was primarily attributable to an increase in the number of professional service hours.
Cost of Revenue, Gross Profit, and Gross Margin
The following shows cost of revenue related to subscriptions and professional services for fiscal 2026, as compared to fiscal 2025 (in thousands, except percentages):
| Year Ended January 31, | Change | |||||||||||||||||||||
| 2026 | 2025 | $ | % | |||||||||||||||||||
| Subscription | $ | 1,015,915 | $ | 834,578 | $ | 181,337 | 22 | % | ||||||||||||||
| Professional services | 203,014 | 155,594 | 47,420 | 30 | % | |||||||||||||||||
| Total cost of revenue | $ | 1,218,929 | $ | 990,172 | $ | 228,757 | 23 | % | ||||||||||||||
Total cost of revenue increased by $228.8 million, or 23%, in fiscal 2026, as compared to fiscal 2025. Subscription cost of revenue increased by $181.3 million, or 22%, in fiscal 2026, as compared to fiscal 2025. The increase in subscription cost of revenue was primarily due to an increase in cloud hosting and related services costs of $46.4 million, an increase in employee-related expenses of $43.1 million driven by a 16% increase in average headcount, an increase in depreciation of data center equipment of $33.4 million, an increase in amortization of internal-use software of $24.9 million, an increase in stock-based compensation expense of $18.1 million, an increase in allocated overhead costs of $16.8 million, and charges related to the Strategic Plan of $3.4 million, partially offset by a decrease in other labor expenses of $2.8 million and a decrease in company events expenses of $1.2 million.
Professional services cost of revenue increased by $47.4 million, or 30%, in fiscal 2026, as compared to fiscal 2025. The increase in professional services cost of revenue was primarily due to an increase in consulting expenses of $18.7 million, an increase in employee-related expenses of $15.5 million driven by a 12% increase in average headcount, an increase in stock-based compensation expense of $5.7 million, charges related to the Strategic Plan of $3.3 million, and an increase in allocated overhead costs of $2.6 million.
The following shows gross profit and gross margin for subscriptions and professional services for fiscal 2026, as compared to fiscal 2025 (in thousands, except percentages):
| Year Ended January 31, | Change | |||||||||||||||||||||
| 2026 | 2025 | $ | % | |||||||||||||||||||
| Subscription gross profit | $ | 3,548,768 | $ | 2,926,902 | $ | 621,866 | 21 | % | ||||||||||||||
| Professional services gross profit | 44,308 | 36,550 | 7,758 | 21 | % | |||||||||||||||||
| Total gross profit | $ | 3,593,076 | $ | 2,963,452 | $ | 629,624 | 21 | % | ||||||||||||||
| Year Ended January 31, | Change | |||||||||||||||
| 2026 | 2025 | |||||||||||||||
| Subscription gross margin | 78 | % | 78 | % | — | % | ||||||||||
| Professional services gross margin | 18 | % | 19 | % | (1) | % | ||||||||||
| Total gross margin | 75 | % | 75 | % | — | % | ||||||||||
Subscription gross margin was flat in fiscal 2026, as compared to fiscal 2025.
Professional services gross margin decreased by 1% in fiscal 2026, as compared to fiscal 2025. The decrease in professional services gross margin was primarily due to an increase in consulting expense and an increase in stock-based compensation expense during fiscal 2026, as compared to fiscal 2025.
67
Operating Expenses
Sales and Marketing
The following shows sales and marketing expenses for fiscal 2026, as compared to fiscal 2025 (in thousands, except percentages):
| Year Ended January 31, | Change | |||||||||||||||||||||
| 2026 | 2025 | $ | % | |||||||||||||||||||
| Sales and marketing expenses | $ | 1,831,254 | $ | 1,523,001 | $ | 308,253 | 20 | % | ||||||||||||||
Sales and marketing expenses increased by $308.3 million, or 20%, in fiscal 2026, as compared to fiscal 2025. The increase in sales and marketing expenses was primarily due to an increase in employee-related expenses of $168.4 million driven by a 12% increase in average headcount, an increase in stock-based compensation expense of $48.2 million, an increase in marketing programs of $29.2 million, an increase in allocated overhead costs of $20.2 million, an increase in employee benefits of $16.5 million, an increase in travel expenses of $11.2 million, charges related to the Strategic Plan of $9.0 million, an increase in cloud hosting and related costs of $6.2 million, an increase in term-based software licenses of $3.2 million, an increase in other labor expenses of $2.1 million, and an increase in consulting expenses of $1.7 million, partially offset by a decrease in expenses associated with the July 19 Incident and related matters of $20.3 million.
Research and Development
The following shows research and development expenses for fiscal 2026, as compared to fiscal 2025 (in thousands, except percentages):
| Year Ended January 31, | Change | |||||||||||||||||||||
| 2026 | 2025 | $ | % | |||||||||||||||||||
| Research and development expenses | $ | 1,384,770 | $ | 1,075,587 | $ | 309,183 | 29 | % | ||||||||||||||
Research and development expenses increased by $309.2 million, or 29% in fiscal 2026, as compared to fiscal 2025. This increase was primarily due to an increase in employee-related expenses of $116.8 million driven by a 20% increase in average headcount, an increase in stock-based compensation expense of $94.0 million, an increase in cloud hosting and related costs of $46.4 million, an increase in allocated overhead costs of $27.6 million, charges related to the Strategic Plan of $16.6 million, and an increase in term-based software licenses of $3.5 million, partially offset by an increase in software capitalization of $9.8 million, and a decrease in expenses associated with the July 19 Incident and related matters of $4.4 million.
General and Administrative
The following shows general and administrative expenses for fiscal 2026, as compared to fiscal 2025 (in thousands, except percentages):
| Year Ended January 31, | Change | |||||||||||||||||||||
| 2026 | 2025 | $ | % | |||||||||||||||||||
| General and administrative expenses | $ | 670,344 | $ | 481,264 | $ | 189,080 | 39 | % | ||||||||||||||
General and administrative expenses increased by $189.1 million, or 39%, in fiscal 2026, as compared to fiscal 2025. The increase in general and administrative expenses was primarily due to an increase in expenses associated with the July 19 Incident and related matters of $82.4 million, an increase in stock-based compensation expense of $52.4 million, an increase in consulting expense of $16.4 million, charges related to the Strategic Plan of $12.5 million, an increase in employee-related expenses of $11.2 million driven by a 14% increase in average headcount, an increase in legal expense of $4.5 million unrelated to the July 19 Incident or related matters, an increase in allocated overhead costs of $4.4 million, and an increase in term-based software licenses of $3.0 million.
68
Interest Expense, Interest Income and Other Income (Expense), Net
The following shows interest expense, interest income, and other income (expense), net, for fiscal 2026, as compared to fiscal 2025 (in thousands, except percentages):
| Year Ended January 31, | Change | |||||||||||||||||||||
| 2026 | 2025 | $ | % | |||||||||||||||||||
| Interest expense | $ | (28,021) | $ | (26,311) | $ | (1,710) | 6 | % | ||||||||||||||
| Interest income | $ | 194,969 | $ | 196,174 | $ | (1,205) | (1) | % | ||||||||||||||
| Other income (expense), net | $ | (645) | $ | 5,101 | $ | (5,746) | (113) | % | ||||||||||||||
Recent insider activity
| Date | Insider | Role | Action | Shares | Price | Value |
|---|---|---|---|---|---|---|
| 2026-04-28 | Kurtz George | PRESIDENT AND CEO | Sell | -2,500 ×11 | $455.42 | -$1,138,562 |
| 2026-04-27 | Kurtz George | PRESIDENT AND CEO | Sell | -2,500 ×13 | $454.03 | -$1,135,086 |
| 2026-04-24 | Kurtz George | PRESIDENT AND CEO | Sell | -2,500 ×15 | $444.68 | -$1,111,700 |
| 2026-04-23 | Kurtz George | PRESIDENT AND CEO | Sell | -2,500 ×17 | $446.56 | -$1,116,389 |
Source: SEC Form 4 filings.
Next expected filings
- ~2026-06-03 10-Q expected by 2026-06-12 (in 33 days)
- ~2026-08-27 10-Q expected by 2026-09-05 (in 118 days)
- ~2026-12-02 10-Q expected by 2026-12-11 (in 215 days)
- ~2027-03-01 10-K expected by 2027-03-23 (in 304 days)
Predicted from historical filing cadence; not an SEC commitment.
Recent SEC filings
- 2026-04-21 8-K Officer/Director Change; Regulation FD Disclosure; Financial Statements and Exhibits
- 2026-04-21 PRE 14A Preliminary Proxy Statement
- 2026-04-06 8-K Other Events; Financial Statements and Exhibits
- 2026-03-05 10-K Annual Report
- 2026-03-03 8-K Earnings Release; Financial Statements and Exhibits
- 2025-12-29 8-K Officer/Director Change; Regulation FD Disclosure; Financial Statements and Exhibits
- 2025-12-03 10-Q Quarterly Report
- 2025-12-02 8-K Earnings Release; Financial Statements and Exhibits
- 2025-08-28 10-Q Quarterly Report
- 2025-08-27 8-K Earnings Release; Financial Statements and Exhibits
- 2025-06-04 10-Q Quarterly Report
- 2025-06-03 8-K Earnings Release; Other Events; Financial Statements and Exhibits
- 2025-05-07 8-K Earnings Release; Costs Associated with Exit; Regulation FD Disclosure; Financial Statements and Exhibits
- 2025-04-25 8-K Officer/Director Change
- 2025-04-18 8-K Officer/Director Change