CrowdStrike Q4 2025 Earnings Call Highlights

CrowdStrike (CRWD 1.94%)
Q4 2025 Earnings Call
Mar 04, 2025, 5:00 p.m. ET

Key Highlights of the Earnings Call:

• Prepared Remarks
• Questions and Answers
• Participating Executives

Prepared Remarks from the Executive Team:

Operator

Welcome, everyone, to CrowdStrike’s fourth quarter and fiscal year 2025 financial results conference call. All participants are currently in a listen-only mode. Following the presentations, we will open the floor for a question-and-answer session. Please note that this conference is being recorded for future reference.

At this time, I would like to introduce Maria Riley, the Vice President of Investor Relations. Maria, the floor is yours.

Maria Riley — Vice President, Investor Relations

Good afternoon, and thank you for joining us today. Joining me on the call are George Kurtz, Chief Executive Officer and founder of CrowdStrike; along with Burt Podbere, Chief Financial Officer. Before we dive into the details, I want to remind everyone that certain statements made during this conference call, which are not historical facts, including those about our future plans, objectives, growth expectations, projections, and anticipated performance for the first quarter and fiscal year 2026, are considered forward-looking statements under the Private Securities Litigation Reform Act of 1995. These statements reflect our current outlook as of the date of this call.

While we believe that our forward-looking statements are reasonable, actual results may differ significantly due to various risks and uncertainties. We do not undertake any obligation to update or modify our forward-looking statements in light of new information, future events, or otherwise. For further details on factors that could impact our financial outcomes, please refer to our filings with the SEC, which include the Risk Factors section in our quarterly and annual reports. Additionally, unless stated otherwise, all financial metrics discussed on this call, excluding revenue, will be on a non-GAAP basis.

We have provided a discussion on our use of non-GAAP financial measures and a reconciliation schedule comparing GAAP to non-GAAP results in our earnings press release, which is accessible on our investor relations website at ir.crowdstrike.com or our Form 8-K filed with the SEC today. With that, I’ll hand the call over to George.

George Kurtz — Co-Founder, President, and Chief Financial Officer

Thank you, Maria, and thank you all for being here today for our Q4 2025 earnings call. I’m incredibly proud of the engagement we’ve cultivated with our customers, partners, and the broader market throughout this transformative year for CrowdStrike. The results from Q4 exemplify our commitment to innovation and execution, reinforcing my belief in our AI-native single platform. Highlights from Q4 FY 2025 include:

• Net new ARR of $224 million, surpassing our expectations, closing FY 2025 with an ending ARR of $4.24 billion.
• Ending ARR for cloud security, identity protection, and next-gen SIEM exceeding $1.3 billion, demonstrating nearly 50% year-over-year growth.
• Remarkable gross dollar retention rate of 97%, indicating strong customer loyalty to the Falcon platform.
• Free cash flow of $240 million for Q4, contributing to a record annual free cash flow of $1.07 billion, representing 27% of revenue.
• CrowdStrike became the first cybersecurity ISV to exceed $1 billion in deal value on AWS Marketplace within a single calendar year, establishing a new benchmark for ecosystem performance.
• Achieved a total contract value of $6 billion for FY ’25, marking a 40% year-on-year increase, underscoring our customers’ long-term commitment to consolidating their cybersecurity needs on the Falcon platform.

Our Q4 results embody the essence of a comeback narrative, highlighting three core areas:

1. We have strengthened our relationships with customers and partners, achieving market-leading levels of customer satisfaction.
2. Our Falcon Flex subscription model adeptly balances offensive and defensive strategies in cybersecurity.
3. Our ongoing innovation keeps the Falcon platform at the forefront of market competitiveness, whether in acquiring new clients or receiving accolades from third-party analysts.

We find ourselves at the center of a dynamic demand landscape shaped by a new administration, technological advancements, and a transformed threat landscape that compels organizations to adapt their cybersecurity strategies. The themes of consolidation, cost reduction, and automation are now pivotal priorities for enterprises and federal agencies alike, driving a shift away from ineffective, narrow, or redundant point solutions.

I’d like to elaborate on AI-specific trends that are reshaping demand and how they intersect with CrowdStrike’s vision. First, we are witnessing a transition from AI experimentation to tangible AI outcomes. Second, we are in the midst of a rapidly escalating geopolitical AI arms race. Finally, achieving success in this AI battle demands the highest quality data and a proven innovation framework.

Regarding the transition to AI outcomes, we are still in the early but quickly evolving stages of the AI revolution. Globally, businesses and governments are looking for their AI investments to yield enhanced efficiencies and innovative outputs. At CrowdStrike, we are urging all teams and functions to harness the potential of AI. We anticipate that these investments will significantly impact both our top and bottom lines as we pursue our goal of $10 billion in ARR.

In the broader market, organizations are grappling with how to secure their environments in this new AI era. This translates to more data, more access points, and an increased number of processes, services, and products requiring robust cybersecurity solutions. The locations of AI adoption span cloud workloads, data centers, and edge devices—all sectors where we lead in delivering AI-native technologies that prevent breaches.

Moreover, the growing access to numerous third-party and proprietary applications necessitates a rethink of identity and data protection strategies. Understanding who accesses data and where it travels is more critical than ever. Furthermore, securing AI entails a broader discussion about enterprise data security. We are witnessing CISOs, CIOs, and CEOs reevaluating their technology stacks to embrace AI-driven platforms that will define their future.

For our customers, the Falcon platform has rapidly evolved into their AI-native Security Operations Center (SOC). Our generative AI security analyst, Charlotte, is proving invaluable for SOC analysts, driving significant AI-enabled outcomes. Charlotte AI Detection Triage enhances SOC operations and expedites threat response times.

In Q4, over 100 Charlotte AI deals were closed, with customers reporting substantial outcomes. For instance, a European financial services firm shared, “Charlotte AI has been incredibly beneficial for us. It summarized activities on hosts and users in just 10 to 15 seconds, a task that previously took 20 to 30 minutes manually.” Addressing my earlier point about the geopolitical AI arms race, our threat intelligence practice has observed an unprecedented surge in nation-state cyber capabilities. This new wave of nationalism and threat actors is reminiscent of the Cold War era, with adversaries rapidly stockpiling cyber tools. Our recently published annual global threat report highlighted a 150% increase in state-sponsored cyber operations from China Nexus adversaries, with targeted attacks in sectors like financial services, media, manufacturing, and industrials soaring up to 300%.

As adversarial AI becomes more accessible and affordable through tools like DeepSeek, the pace of adoption among threat actors is accelerating. In this intensifying threat landscape, CrowdStrike’s expertise in threat intelligence shines. Q4 marked our largest threat intelligence quarter ever, as governments and enterprises increasingly turned to us, particularly in a landscape where mergers and acquisitions have consumed many existing threat intelligence vendors.

We are recognized as the leading authority in threat intelligence, identifying and naming adversaries to unite cyber defenders in their efforts to counteract these threats. The democratization of destructive capabilities, coupled with the proliferation of AI among adversaries, amplifies the market demand for CrowdStrike’s solutions. Lastly, we are dedicated to developing the tools necessary to succeed in the AI battlefield. Our innovative framework and access to security data empower us to lead in this arena.

In this AI-driven demand environment, vendors relying on point solutions struggle to compete. CrowdStrike stands as cybersecurity’s AI-native SOC, leveraging our extensive dataset enriched with millions of Falcon Complete analyst annotations to make threat data actionable and contextualized.

No other company possesses our level of data, which serves as a valuable asset for creating advanced models that continuously enhance protection. Falcon is meticulously designed to win the AI conflict, offering market-leading protection. As the primary choice for organizations aiming to prevent breaches, we recognize where others fall short.

In Q4, we observed a rise in incident response engagements, particularly among organizations utilizing next-gen EDR vendor technology. We achieved one of our strongest competitive displacements in sectors such as logistics software and national packaging and marketing firms. The effectiveness and rapid deployment of Falcon are why CrowdStrike remains the go-to option for breach prevention. We’ve also made strides in developing the most effective model for customers to adopt the Falcon platform—Falcon Flex.

Falcon Flex is a subscription model that allows customers to select the modules they desire throughout their subscription period. This model has resonated deeply with our prospects, customers, and ecosystem partners alike. Following the incidents over the summer, we collaborated with affected customers to provide commitment packages, primarily in the form of additional products and Falcon Flex subscriptions. The CCP program effectively accelerated the adoption of Falcon Flex.

In Q3, we revealed that accounts adopting the Falcon Flex model represented over $1.3 billion in total deal value. In Q4 alone, we added more than $1 billion in total account Flex deal value. The number of accounts utilizing Falcon Flex has surged to $2.5 billion in total deal value, growing by 80% quarter-over-quarter and increasing more than 10 times year-over-year. Our capacity to close large-scale Falcon Flex deals underscores customers’ long-term commitment to CrowdStrike and played a pivotal role in accelerating our total contract value.

This commitment is evidenced by actions taken to deploy more Falcon modules and consolidate on our platform. With over 60% of Falcon Flex deal value already deployed by customers, we are pleased with the deployment statistics. Falcon Flex is a game changer, expediting module adoption and facilitating faster consolidation on Falcon. As we move beyond the summer incident, we are concluding our customer commitment package program.

The CCP program was an effective proactive strategy that not only strengthened our relationships with affected customers but also led to significant platform adoption. This uptick instills confidence in our projected net new ARR reacceleration in the second half as products are deployed, one-time discounts decrease, and contracts are renewed. One of the most significant advantages of Falcon Flex has been the accelerated uptake of our rapidly growing platform solutions, including cloud, identity, and Next-Gen SIEM.

This quarter, I am excited to provide an update on our exposure management business, which is swiftly replacing legacy vulnerability management products and has become a significant contributor, with an anticipated ARR nearing $300 million. Starting with cloud, our cloud security business exhibited robust performance in Q4, growing over 45% with an ending ARR exceeding $600 million. The cloud is integral to the AI revolution, serving as the foundational infrastructure that empowers enterprises to leverage AI effectively.

Cloud security has never been more critical. We are observing two key trends within the cloud security market. First, runtime protection is emerging as the primary method for safeguarding cloud environments, where CrowdStrike is uniquely positioned to offer the most comprehensive workload protection available. We have been the leading cloud runtime security vendor, having delivered frictionless cloud workload protection for years, and our solutions are battle-tested to thwart cloud breaches. Second, the market for cloud security is rapidly consolidating as customers seek an integrated end-to-end platform where the collective capabilities exceed those of individual components. This is precisely what Falcon Cloud Security offers. By securing the entirety of the AI infrastructure—from workloads to large language models (LLMs)—CrowdStrike empowers enterprises to harness AI’s potential securely.

A key victory in the quarter was an eight-figure Falcon Flex transaction with a major global financial services holding company, where we displaced a network security vendor’s multi-platform cloud offering. CrowdStrike Financial Services facilitated an easier transition to Falcon, leading to a significant multiyear agreement. Organizations have faced challenges managing multiple consoles, but Falcon Cloud Security stands out for its streamlined management in a single interface, equipped with all the necessary security controls to prevent cloud breaches. Moving on to our identity business, which has surpassed $370 million in ending ARR.

Our identity solutions continue to thrive, fueled by crucial trends such as the rapidly expanding identity attack surface. Additionally, our vision for the recently acquired Adaptive Shield business, now rebranded as Falcon Shield, is to secure identities across all environments—whether on-premises, in SaaS applications, or within hyperscaler infrastructures. A notable identity win was a substantial state university hospital system that consolidated its security on Falcon in a seven-figure agreement, with the CISO securing independent funding for Falcon due to the superior operational performance of our identity protection module.

This university had experienced challenges with a competitor’s identity protection add-on that generated excessive false positives. Shifting to our Next-Gen SIEM business, which grew by more than 115% year-over-year, concluding the year at over $330 million in ending ARR. Next-Gen SIEM is rapidly emerging as a foundational cornerstone of our integrated Falcon platform, delivering unmatched speed, scalability, and cost-effectiveness in comparison to traditional SIEM solutions. We believe that the integration of Next-Gen SIEM alongside our first-party data and the capabilities of Charlotte AI positions CrowdStrike uniquely to lead in the AI security revolution.

This is why CrowdStrike is at the forefront of delivering the AI SOC of the future today. A significant seven-figure Next-Gen SIEM deal this quarter was secured with a major U.S. airline, which ranks among the top global carriers by passenger volume. This airline chose CrowdStrike to replace its legacy antivirus solutions in the fall and subsequently sought our expertise to replace their outdated QRadar SIEM.

Falcon Next-Gen SIEM’s user-friendly incident workbench and streamlined data ingestion capabilities outperformed offerings from a network security vendor and a hyperscaler SIEM. Collectively, our cloud, identity, and Next-Gen SIEM divisions now represent over $1.3 billion in ending ARR, reflecting nearly 50% year-over-year growth. While each of these businesses is robust on its own, their integration with the broader Falcon platform propels CrowdStrike forward as the only genuine single-platform solution available today. Furthermore, I am thrilled to introduce our exposure management business for the first time, which has quickly emerged as a market disruptor.

CrowdStrike’s exposure management solution provides both native vulnerability management for devices and applications alongside integrated attack surface management. This enables capabilities like attack path analysis and markedly improved vulnerability prioritization. Our customers are increasingly replacing legacy vulnerability management solutions with our offering at scale. Notable wins in this category include a large digital radio station, a multinational shipping line, and a significant healthcare provider in the Asia-Pacific region. Cybersecurity’s leading partners view CrowdStrike as a transformative opportunity. Our ecosystem acts as a crucial growth lever as we strive toward our goal of $10 billion in ARR, already yielding substantial results. Partners accounted for 60% of our new business in the fiscal year, validating our partner-first strategy and investments in our ecosystem.

In particular, Next-Gen SIEM has garnered significant interest from global system integrators (GSIs), who recognize the potential to replace outdated SIEM products. Additionally, the Falcon Flex subscription model aligns well with the GSI sales strategy, incentivizing customer Flex utilization. Our GSI business is approaching the $1 billion milestone in FY ’25, experiencing over 40% year-over-year growth. Leading GSIs such as Accenture, Deloitte, EY, HCL, Wipro, NTT, TCS, Infosys, and Cognizant are investing in their Falcon services practices, and we anticipate continued growth from these partners in the coming fiscal year.

Our MSSP go-to-market strategy continues to expand rapidly, catering to the needs of small to medium-sized businesses seeking fully managed cybersecurity solutions. MSSP contributions accounted for nearly 15% of our new business in FY ’25, marking a significant growth route that has scaled quickly over the past two years. All our go-to-market partners benefit from our substantial investment and strategic focus on cloud marketplaces. We recently announced that we are the first cybersecurity ISV to achieve over $1 billion in sales on the AWS Marketplace within a single calendar year.

Our partnership with Google Marketplace also yielded impressive results, generating over $150 million in deal value in our inaugural year. We have strategically aligned our partner ecosystem around hyperscaler marketplaces, recognizing their potential for larger deal sizes and accelerated deal cycles. In conclusion, we stand as the AI-native agentic platform in cybersecurity that effectively prevents breaches. Our innovation engine positions us as a consolidating force for secure AI transformation.

Our platform’s performance is evident, with seven modules each surpassing $300 million in ending ARR, showcasing our ability to drive record adoption and capitalize on Falcon’s multi-act platform opportunities that continue to drive our growth. Moreover, our go-to-market execution momentum is unprecedented. Businesses are choosing to invest in CrowdStrike to secure their futures.

Today, CrowdStrike is trusted by over 74,000 organizations globally as their preferred cybersecurity platform, achieving over 30% year-over-year growth. In Q4 alone, we set new records across all total deal value segments, closing over 20 deals exceeding $10 million, over 350 deals exceeding $1 million, and over 2,300 deals exceeding $100,000. The data clearly indicates that customers trust CrowdStrike, our partners have confidence in us, and the market recognizes our leadership.

I began by emphasizing our compelling comeback story, which has been shaped by the trust of our customers, the dedication of our team, and the loyalty of our partners. For this, I am sincerely grateful. One thing is certain in our evolving AI landscape: cybersecurity will play an increasingly critical role in the AI era.

Now more than ever, the world needs CrowdStrike. I will now turn the call over to Burt Podbere, CrowdStrike’s CFO.

Burt W. Podbere — Chief Financial Officer

Thank you, George, and good afternoon, everyone. As a quick reminder, unless stated otherwise, all figures mentioned during my remarks today, except revenue, are on a non-GAAP basis. CrowdStrike delivered robust results in the fourth quarter and concluded the year with performance exceeding our expectations across all metrics, demonstrating our adaptability in overcoming unforeseen challenges and emerging stronger. Key factors from our performance and outlook underscore the strength and resilience of our business:

1. The strength of our results highlights the efficacy of our business model and sales execution, with our total contract value reaching a record $6 billion in FY ’25 and growth accelerating to 40% year-over-year.
2. The successful conclusion of our customer commitment program has accelerated platform adoption and strengthened customer relationships. Our success is reflected in Falcon Flex customers adding over $1 billion in account value in Q4, coupled with our impressive gross retention rate of 97%.
3. Looking ahead, our visibility is improving. We anticipate a reacceleration of net new ARR, alongside expansion in operating margin and free cash flow margin in the latter half of FY ’26.

We believe this momentum will set the stage for further acceleration in FY ’27 relative to FY ’26 and position us effectively to achieve our long-term objectives. For the full fiscal year, we achieved 23% and 29% growth in ending ARR and total revenue, respectively. Operating income grew by 27% year-over-year, reaching a record $837.7 million, or 21% of revenue. Net income attributable to CrowdStrike and EPS increased by 31% and 27%, respectively, reaching a record $987.6 million or $3.93 per diluted share.

Free cash flow surged by 14% year-over-year to a record $1.07 billion, equating to 27% of revenue. In Q4, we recorded a net new ARR of $224 million, and our ending ARR grew by 23% year-over-year, reaching $4.24 billion. Our fourth-quarter results clearly illustrate the success of our go-to-market and single-platform strategies, with Falcon Flex momentum increasing and driving platform adoption.

Our strong sales execution positions us to extend our market leadership with the AI-native Falcon platform. Additionally, we entered the new fiscal year with a healthy pipeline, as robust demand persists among both prospective and existing customers. In Q4, we successfully concluded our customer commitment program. We estimate that the ARR value of customer commitment packages provided in Q4 was approximately $56 million, bringing the estimated value for the fiscal year to around $80 million.

While this exceeded our expectations in Q4 as we wrapped up the program, the majority of deals closed with customer commitment packages in the quarter involved additional products or Flex dollars rather than extended time frames and professional services. We view this as a