After breaking the world’s IT, has CrowdStrike managed to rebuild its reputation?

Five months on from the unfortunate IT glitch, CrowdStrike is still in the process of rebuilding its reputation with customers. Its stock price still hasn’t returned to its pre-outage price, which plunged by 13% but has been steadily rising in the months that followed. Its third-quarter earnings were healthy, though, with revenues surpassing $1bn for the first time in its history while subscription revenue grew 31% year-over-year.

CrowdStrike chief exec and founder George Kurtz said he was “encouraged” by the company’s third-quarter earnings, telling investors: “Following the summer’s incident, as a company, we were tested, we responded with speed, care and resolve and we focused on becoming even better, continuing to deliver industry-leading cyber protection.”

However, investors still appeared wary on the company’s Q3 earnings call, some suggesting its 2025 contract renewal numbers would be the biggest indicator of rebuilt trust.

Director of brand marketing at the brand management platform Frontify, James Fooks Bale, has taken CrowdStrike’s 97% customer retention rate post-crisis as evidence that the company has managed to maintain customer confidence. “This metric underscores the strength of its existing relationships and indicates that it may have already navigated the most acute and painful phase of reputational risk following its outage, which affected over 8.5m devices,” Bale says.

The company is by no means out of the woods yet, though, and the next few months will be “absolutely critical” for CrowdStrike. For the year ahead, Bale advises even greater transparency and investing in even more proactive measures to make sure it can overcome a future glitch. “This includes openly communicating how the company is bolstering its systems to prevent future incidents and ensuring customers feel informed and secure it won’t happen again,” he says.

Matt Gully, who is managing partner at the integrated creative agency Iris, believes CrowdStrike handled certain aspects of the outage well but that its response “lacked humility and empathy for the real-world impact of the incident.” He notes that CrowdStrike’s public comms felt “overly functional and robotic,” which is something the company needs to address in its reputation-rebuilding efforts. “It is essential that CrowdStrike adopts a more personal, human tone, demonstrating humility and showing that it has genuinely learned from the experience.”

CrowdStrike should look to reframe the incident as an opportunity to expand its brand narrative, Gully recommends. “It needs to go beyond simply showcasing its technical expertise or security credentials. By communicating its purpose and why it does what it does, it can bring a sense of humanity and mission to its identity, making it more than just a provider of security services.”

CrowdStrike went from being a B2B brand name unknown to most people to suddenly becoming the headline news story. It should use this to its advantage now, Gully says. “This approach can help it differentiate itself from competitors and build a stronger, more relatable brand in the long term.”

Jonathan Hemus is the founder and managing director of Insignia, a specialist crisis management consultancy. His expertise was called for by news outlets in the immediate aftermath of the outage. Revisiting the crisis five months on, Hemus recalls a famous Warren Buffett quote: “It takes 20 years to build a reputation and 15 minutes to ruin it.” It’s a truism that CrowdStrike has been grappling with since the global outage caused by its defective software update on July 19, he says.

Like Gully, Hemus believes CrowdStrike’s response lacked empathy, which had a detrimental impact on its reputation. He says that in the months that followed, though: “The company has owned the crisis, acted quickly to remedy the problems, committed to prevent future issues and communicated prolifically.” Despite this, “the damage had already been done,” Hemus says, drawing reference to the company’s value.

“Stakeholder trust is hard won and easily lost. And if a crisis strikes at the very heart of what a business’s core proposition – in CrowdStrike’s case, continuity of service – recovery is a long and challenging journey.”