Cathie Wood Buys CrowdStrike Dip, Adds $11.77 Million CRWD to Ark Funds Despite Growing Global IT Outage Liabilities

Key Takeaways

• Cathie Wood’s Ark Invest bought $11.77 worth of CrowdStrike shares on Friday.
• Since a bug in the cybersecurity firm’s software caused global travel disruption, CrowdStrike stock has plummeted.
• As the dust settles on the global cyber incident, questions over CrowdStrike’s liability for damages must be answered.

In the wake of Friday’s global Windows outage, CrowdStrike, whose Falcon Sensor cybersecurity platform was to blame for the incident, has taken a beating on the stock market. From $345 on Thursday, July 18, CRWD has plummeted by around 24% as traders factor in the damage to the company’s public image and a potential $1 billion liability.

But despite the concerns, Cathie Wood and her Ark Invest funds opted to buy the dip, snapping up $11.77 million of CrowdStrike stock at around $305 per share on Friday.

Ark Invest Gambles on CrowdStrike Comeback

Following Wood’s latest investment, as of July 23, the ARK Next Generation Internet ETF (ARKW) held nearly $30 million in CrowdStrike exposure, equating to 1.97% of the fund’s total assets. Meanwhile, Ark Fintech Innovation (ARKF) held CRWD worth $11.75 million, representing 1.29% of the fund’s total.

Since Friday’s purchase, CrowdStrike stock has continued to decline, falling further on Monday and devaluing Ark’s investment. However, the asset manager has historically done well from the cybersecurity company.

Since buying shares at around $140 in Q2 2023, Ark Invest sold CRWD in three successive quarters with a price range of $143–$334.

After the stock crashed on Friday, Wood appears to be banking on CRWD rebounding from its current slump once the storm has settled. But until then, there is a massive question mark hanging over CrowdStrike’s potential liability for last week’s disruption.

Unpacking CrowdStrike Liability

While the precise fallout from the Falcon Sensor failure isn’t yet clear, costs incurred by the subsequent downtown could spiral into billions of dollars. If CrowdStrike has to foot the bill, it could cripple the company.

Falcon customers are covered for up to $1 million in “breach response expenses,” but that policy was designed with malicious security breaches in mind. There is no equivalent warranty for internal system failures. 

When questioned about potential lawsuits by CNBC’s Jim Crammer, CrowdStrike CEO George Kurtz was evasive. 

“We’ll have to sort out what that all looks like,” Kurtz observed, hinting at the protracted legal wrangling that is likely to come as lawyers pick through the company’s service contracts with a fine comb.

Affected Customers May Struggle to Recover Damages

Although CrowdStrike may have custom agreements with its larger customers, the firm’s standard terms and conditions limit liability to fees paid. This means most victims of the Windows crash will only be able to claim a limited refund of up to the cost of their subscription over the impacted period.

Businesses hoping to claim the cost of damages on their insurance may also face an uphill battle. 

Traditional business interruption insurance doesn’t typically pay out for cyber incidents, for which separate coverage is required.

But even policies specifically designed to insure businesses against computer outages may not be sufficient. Like the Falcon warranty, these policies are usually intended for malicious attacks and don’t necessarily cover disruption caused by software failures.