CrowdStrike Holdings Inc
NASDAQ:CRWD
CrowdStrike Holdings Inc
In the bustling realm of cybersecurity, where threats lurk in the shadows of digital networks, CrowdStrike Holdings Inc. stands as a formidable sentinel. Founded in 2011, this company emerged with a vision to provide cutting-edge protection against cyber adversaries. Operating on a cloud-based platform, CrowdStrike enhances its capabilities using artificial intelligence and machine learning, setting it apart in the crowded cybersecurity landscape. At the heart of its operation lies the Falcon platform, a sophisticated tool that integrates endpoint protection, threat intelligence, and incident response into a seamless service. This cloud-native approach allows CrowdStrike to detect and respond to threats with unprecedented speed and precision, safeguarding its clients from ever-evolving cyber risks.
CrowdStrike generates revenue primarily through a subscription model, offering its Falcon platform to a wide range of industries—from financial services to healthcare. The company's success heavily relies on its ability to scale its cloud architecture, ensuring high-speed data processing and real-time analytics across vast digital environments. Each client agreement typically involves a multi-year contract, securing steady financial inflows and reinforcing customer reliance on its comprehensive suite of services. The financial health of CrowdStrike benefits not only from these sustained customer engagements but also from the added value of its threat intelligence offerings, which provide clients with actionable insights into potential and existing threats. Balancing innovation and operational efficiency, CrowdStrike remains a pivotal figure in the cybersecurity space, navigating the complexities of online security in an increasingly interconnected world.
Earnings Calls
In Q4, CrowdStrike's net new ARR soared to $224 million, culminating in $4.24 billion in ending ARR for the year. Total revenue reached $1.06 billion, growing 25% year-over-year, supported by a 97% customer retention rate. Key drivers included the successful Falcon Flex program, which stimulated strong platform adoption. The company expects total revenue for FY 2026 to grow by 20%-22%, aiming for a $10 billion ARR by FY 2031. Operating margins are projected at 21% for FY 26, improving to 23% in FY 27, alongside an anticipated free cash flow margin of 30% in FY 27.
Management
George R. Kurtz is the co-founder and CEO of CrowdStrike Holdings, Inc., a leading cybersecurity company specializing in digital threat protection and intelligence. Kurtz co-founded CrowdStrike in 2011 with the aim of transforming cybersecurity with a cloud-delivered endpoint protection platform. Under his leadership, CrowdStrike has grown rapidly, gaining a reputation for its innovative approach to cybersecurity and its ability to detect and prevent complex cyber threats. Before founding CrowdStrike, Kurtz held significant roles in other prominent technology and cybersecurity companies. He served as the Worldwide Chief Technology Officer and Executive VP at McAfee, where he was instrumental in developing new products and enhancing the company's cybersecurity suite. Prior to McAfee, he was the CEO and co-founder of Foundstone, a security consulting firm that was later acquired by McAfee in 2004. Kurtz is well-regarded in the cybersecurity industry for his expertise and thought leadership. He is often seen speaking and writing about cybersecurity challenges and innovations. Additionally, he is credited with authoring several books on cybersecurity, reflecting his depth of knowledge in the field. Kurtz's vision with CrowdStrike has been to leverage cloud computing and AI to improve threat detection and response times, offering businesses a more agile and effective cybersecurity solution. His strategic direction and management have positioned CrowdStrike as a major player in the cybersecurity market.
Michael Sentonas is the President of CrowdStrike Holdings Inc., a leading cybersecurity technology company. He has played an instrumental role in advancing CrowdStrike's technological innovations and strategic direction. Before becoming President, Sentonas served as the Chief Technology Officer (CTO) at CrowdStrike, where he focused on overseeing the technology strategy and driving product vision and innovation. He brings with him extensive experience in the cybersecurity industry, having worked in various leadership roles prior to joining CrowdStrike. Sentonas is known for his deep expertise in cybersecurity technology and his ability to interpret and anticipate industry trends, which has been invaluable in steering CrowdStrike's rapid growth and maintaining its position as an industry leader. His leadership and vision have helped the company expand its solutions, improve threat detection and response capabilities, and strengthen its overall cybersecurity platform. Sentonas is recognized for his thought leadership in the cybersecurity space, often speaking on topics related to cyber threats, protection strategies, and the future of cybersecurity technology.
Burt W. Podbere is the Chief Financial Officer (CFO) of CrowdStrike Holdings Inc., a leading cybersecurity company. Podbere joined CrowdStrike in 2015, bringing a wealth of experience in financial management and strategic planning. As CFO, he is responsible for overseeing the company’s financial operations, including accounting, finance, investor relations, and strategic planning. Before joining CrowdStrike, Podbere held significant roles across various technology companies. Notably, he served as the CFO of OpenDNS, where he played a crucial role in the company's successful sale to Cisco Systems. Podbere also worked as CFO at Net Optics, where he was instrumental in overseeing the company’s acquisition by Ixia. His career includes important financial leadership roles at other technology companies, contributing to IPOs, mergers, and acquisitions. Podbere's expertise lies in scaling fast-growing companies, managing financial strategy during rapid expansion, and driving operational efficiency. He is a Certified Public Accountant (CPA), which adds to his strong foundation in finance and accounting. Through his leadership at CrowdStrike, Podbere has been pivotal in guiding the company through its public offering and subsequent growth, solidifying its position in the cybersecurity industry.
Shawn Henry is a key executive at CrowdStrike Holdings Inc., a renowned cybersecurity technology company. Before joining CrowdStrike, Henry had a distinguished career in the Federal Bureau of Investigation (FBI). He served as the FBI's Executive Assistant Director, overseeing cybercrime investigations and operations. His extensive experience in cybersecurity and investigative work made him an ideal fit for a leadership position in the private sector at CrowdStrike. At CrowdStrike, Shawn Henry is often involved in strategic operations and provides insights into threat intelligence, leveraging his law enforcement background to help guide the company's approach to tackling cyber threats. He is widely respected for his expertise in cybersecurity and his ability to address complex security challenges that businesses face. His leadership plays a crucial role in CrowdStrike's mission to provide advanced cybersecurity solutions to protect organizations worldwide.
Dmitri Alperovitch is a prominent cybersecurity expert and businessman known for co-founding CrowdStrike Holdings Inc., a leading cybersecurity firm. Alperovitch was born in Moscow, Russia, and later moved to the United States, where he pursued higher education and built his career in cybersecurity. He holds a B.S. in Computer Science and a M.S. in Information Security from the Georgia Institute of Technology. Alperovitch's experience in cybersecurity began with roles in various tech companies, where he focused on developing strategies to combat cyber threats. His expertise in threat intelligence and cybersecurity strategy has been widely recognized in the industry. In 2011, Alperovitch co-founded CrowdStrike with George Kurtz and Gregg Marston. As the company's Chief Technology Officer, he played a key role in developing its flagship product, the Falcon platform, which is designed to provide real-time protection and insights into cyber threats. Under his leadership, CrowdStrike gained a reputation for effectively attributing high-profile cyberattacks, and it has become an influential player in the cybersecurity space. Dmitri Alperovitch is also known for his work in exposing several significant cyber-espionage campaigns, including those attributed to nation-state actors. His efforts in the cybersecurity realm have earned him numerous accolades, including being named to Fortune's "40 Under 40" list and Politico 50's list of influential thinkers. Additionally, he has been an active voice in public forums and media, discussing and advancing policies related to cybersecurity and digital defense.
Elia Zaitsev is known for his role as Chief Technology Officer (CTO) at CrowdStrike Holdings Inc., a leading cybersecurity company. He is responsible for driving the technological strategy and advancements within the organization, ensuring the company's solutions stay ahead of emerging cyber threats. With a deep background in cybersecurity and technology innovation, Zaitsev plays a critical role in overseeing the development and implementation of CrowdStrike's cloud-native endpoint protection platform. He is involved in guiding the company's research and development initiatives and ensuring alignment with industry trends and customer needs. Zaitsev's leadership and expertise are vital in maintaining CrowdStrike's reputation as an industry leader in providing cutting-edge cybersecurity solutions.
Maria Riley is not publicly recognized as an executive officer or a key figure at CrowdStrike Holdings Inc. If you meant another person from CrowdStrike, please provide more details or check the spelling of the name. Otherwise, this might be a case where the individual is not widely publicized or known in publicly available resources. Therefore, the response is "FALSE".
Ms. Cathleen Garrigan Anderson is the Chief Legal Officer and Corporate Secretary at CrowdStrike Holdings Inc., a prominent cybersecurity technology company. With a distinguished legal career, she plays a crucial role in overseeing CrowdStrike's legal affairs and corporate governance matters. Ms. Anderson brings extensive experience in legal and compliance functions, having held various leadership positions in the legal departments of major corporations. Her expertise includes corporate governance, securities law, mergers and acquisitions, and compliance, which are essential for guiding CrowdStrike through the complex regulatory and legal landscapes of the cybersecurity industry. Her role involves advising the executive team and board of directors on legal risks and opportunities, ensuring compliance with laws and regulations, and managing the company's legal strategy. Ms. Anderson's leadership in legal affairs contributes significantly to CrowdStrike's mission of protecting organizations from cyber threats. Cathleen Garrigan Anderson holds a Juris Doctor (J.D.) degree, which underlines her legal proficiency and underpins her capacity to handle the sophisticated legal challenges faced by a leading cybersecurity firm like CrowdStrike. Her effective legal stewardship continues to be integral to CrowdStrike’s growth and success in the cybersecurity market.
Jennifer L. Johnson is recognized for her position as the Chief Marketing Officer (CMO) at CrowdStrike Holdings Inc. With a strong background in marketing and a proven track record of driving growth in the technology sector, she plays a critical role in shaping the company's brand and market strategy. Her duties involve overseeing marketing operations, enhancing CrowdStrike's market presence, and contributing to the overall business strategy to ensure market leadership in cybersecurity solutions. Johnson's leadership and strategic insights are pivotal to CrowdStrike's mission to stop breaches and protect organizations worldwide.
You don't have any saved screeners yet
Hello, and welcome to CrowdStrike's Fourth Quarter and Fiscal Year 2025 Financial Results Conference Call. [Operator Instructions] Please be advised that today's conference is being recorded.
I would now like to hand the call over to Maria Riley, Vice President of Investor Relations. Maria, please go ahead.
Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, Chief Executive Officer and Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer.
Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections and expected performance, including our outlook for the first quarter and fiscal year 2026 and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call.
While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise.
Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual report. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today.
With that, I will now turn the call over to George.
Thank you, Maria, and thank you all for joining us today for our Q4 2025 earnings call. I'm extremely proud of the engagement we've had with customers, partners, prospects in the market, navigating a year that tested CrowdStrike. Q4 showcases the fruits of our labors, giving me a strong conviction in our AI native single platform, excellent execution and accelerating market opportunity.
Q4 and FY 2025 highlights include: Q4 net new ARR of $224 million, well ahead of our expectations closing FY 2025 at $4.24 billion in ending ARR. FY '25 ending ARR for cloud security, identity protection and Next-Gen SIEM of over $1.3 billion, growing nearly 15% year-over-year. Gross dollar retention of 97% as customers remain firmly committed to the Falcon platform. Q4 free cash flow of $240 million and for the full year, we delivered free cash flow of $1.07 billion or 27% of revenue, setting a new record and for the first time exceeding $1 billion in annual free cash flow.
CrowdStrike is the first cybersecurity ISV to cross $1 billion in deal value on AWS Marketplace in a single calendar year, setting a new standard for ecosystem execution and record and accelerating FY '25 total contract value of $6 billion, the first and only pure-play software cybersecurity company reported to achieve this metric, which increased 40% year-on-year, showcasing the scale and commitment of customers' long-term cybersecurity consolidation on the Falcon platform.
Everyone loves a comeback story and that's exactly what we've started experiencing in Q4 as we've closed out the year. The results tell our story. One, we've never been closer to our customers and partners with market-leading customer satisfaction levels. Two, we're playing best-in-class defense as well as offense with our Falcon Flex subscription model; and three, our innovation engine hasn't missed a beat, the Falcon platform has never been more market competitive, whether that's winning new logos or a third-party analyst research.
We find ourselves placed at the epicenter of a rapidly evolving demand environment, a new administration, a new wave of technology and a new threat landscape necessitate all businesses to evolve their cybersecurity programs. Consolidation, cost reduction and automation are now the accepted enterprise and federal priorities. These priorities are accelerating the shift from ineffective, narrow or duplicative point products.
I'd like to share AI-specific trends on the broader demand environment and how these trends relate to CrowdStrike. First, AI experimentation is just starting to evolve into AI outcomes. Second, we're in the midst of a rapidly accelerating geopolitical AI armed race and third, winning the AI war requires the very best data and battle-tested innovation engine.
Commenting on the shift from AI experimentation to AI outcomes. We're still in the early but rapidly evolving innings of the AI revolution. Businesses and governments across the globe are looking for their AI investments to yield both improved efficiencies and novel outputs. At CrowdStrike, we're acquiring every team and function to leverage the power of AI. We expect these investments to play critical top and bottom line roles on our path to $10 billion in ARR.
In the broader market, businesses are equally grappling with how to secure their environments in this AI age. Here's my take on what this means. First, more AI everywhere means more data, more access and more processes, services and products requiring cybersecurity. The locales of AI adoption are either in cloud workloads or data centers or even on edge devices, all of which we are market leaders in securing with AI native technology that stops the breach; second, more access to more third-party and in-house agentic applications and services requires rethinking identity and data protection, who is accessing data and where is it traveling, matters more now than ever before. And third, securing AI starts a broader enterprise data discussion. I'm seeing CISOs, CIOs and CEOs going to the drawing board to reinvent their technology stack with AI-powered platforms of record for their next decade and beyond. And for security, it's even more pressing.
For our customers, Falcon has quickly become their AI-native SOC. Charlotte, our generative AI security analyst is a SOC analyst best friend and already driving tangible AI outcomes. Charlotte AI Detection Triage accelerates SOC operations and threat response times. Across more than 100 Q4 Charlotte AI deals, customers are seeing outcomes, sharing feedback like what we've received from a European financial services firm, which stated Charlotte AI has been very useful for us. It's done summarization of activity on host and users in 10 to 15 seconds, which would have taken us 20 to 30 minutes to do manually.
Returning to my second point on the geopolitical AI arms race. Our threat intelligence practice sees nation-state cyber craft proliferation at all-time new highs. A new wave of nationalism and threat actors is creating adversary stockpiling akin to the cold war era. In our recently released annual global threat report, we exposed China Nexus adversaries escalating state-sponsored cyber operations by 150%, with targeted attacks in financial services, media, manufacturing and industrial sectors soaring up to 300% and with tools such as DeepSeek making AI access easier and cheaper, the pace and prevalence of adversarial AI adoption is only accelerating.
It is in this intensifying threat landscape that CrowdStrike and our threat intelligence expertise shines. Q4 was our largest threat intelligence quarter in company history. Governments and enterprises increasingly turned to CrowdStrike, especially in a competitive environment where M&A activity has subsumed many existing threat intelligence vendors. We're the market's leading threat intelligence authority discovering and naming the adversaries to unite cyber defenders in stopping them.
The democratization of destruction, AI in the hands of more adversaries intensifies the market need for CrowdStrike. And lastly, my third point, CrowdStrike is manufacturing the instruments to win the AI war. We have the innovation engine and the security data to fuel it.
Finally, in this AI fuel demand environment, the point product vendors and those that have failed to deliver open and native single platforms increasingly fall short. CrowdStrike is cyber security's AI-native SOC. Our greatest asset in our role as the creator of cybersecurity's richest data. We've curated this data set with millions of Falcon Complete analysts and notations, making threat data contextualized and actionable. No one else has this. Our data is liquid gold for creating new agentic models for continuously improving protection.
Falcon is purpose built to win the AI war with market-leading protection as the first call for organizations large and small to stop the breach, we see where others fall short. We saw an uptick in incident response engagements in Q4. Thematically, these organizations were using a next-gen EDR vendors technology, where we saw one of our strongest competitive displacement quarters in a logistics software vendor, a national packaging and marketing firm and security software provider to name a few.
Falcon's efficacy and rapid ease of deployment is why CrowdStrike is the first call to stop the breach. We've also innovated in devising the most effective model for customers to adopt the Falcon platform, Falcon Flex. Falcon Flex is a subscription model that enables customers to adopt the modules they want across their subscription term. This model deeply resonates with prospects and customers as well as our ecosystem partners.
Following the summer's incident, we worked with impacted customers to offer them customer commitment packages, CCPs, largely in the form of additional product and Falcon Flex subscriptions. The CCP program was a Falcon Flex accelerant. In Q3, we shared accounts that adopted the Falcon Flex model representing more than $1.3 billion of total deal value. In Q4 alone, we added over $1 billion of total account Flex deal value with accounts that adopted Falcon Flex soaring to $2.5 billion in total deal value, growing 80% quarter-over-quarter and growing more than 10x year-over-year.
Our ability to close Falcon Flex deals at size and scale shows customers' long-term commitment to CrowdStrike and was a key contributor to our TCV acceleration. This commitment is supported by action deploying more Falcon modules and consolidating on the platform. With more than 60% of Falcon Flex deal value already deployed by customers to date, we are pleased with the deployment stats.
Falcon Flex is a game changer, accelerating module adoption and making it easier and faster than ever before to consolidate on Falcon. With the summer now several quarters behind us, we're ending our customer commitment package program. The CCP program was an excellent proactive measure, which not only built our relationship with impacted customers but also resulted in significant platform adoption. This uptake gives me confidence in our second half net new ARR reacceleration as products are deployed, onetime discounts drop off and contracts are upsized and renewed.
And one of the biggest beneficiaries of Falcon Flex is the accelerated adoption of our rapidly emerging platform solutions. In the past, we've discussed 3 core solutions: Cloud, Identity and Next-Gen SIEM. This quarter, I'd also like to provide an update on our Exposure Management business, which is displacing legacy vulnerability management products and has swiftly become a meaningful contributor to the business with line of sight to $300 million in ARR.
Starting with Cloud. Our Cloud Security business delivered a strong Q4, growing more than 45% with ending ARR more than $600 million. The cloud is central to the AI revolution, providing the core infrastructure to enable enterprises to harness the power of AI across their businesses. Cloud Security has never been more important. We're seeing 2 core trends emerge in the Cloud Security market. First, the core mechanism for protecting the cloud is run time protection, where CrowdStrike is uniquely positioned to deliver the best and most comprehensive workload protection in the industry. We are the cloud runtime security vendor. While others are trying to catch up, CrowdStrike has delivered frictionless CWP for years, battle tested to stop cloud breaches.
And second, the market for cloud security is rapidly consolidating with customers looking for an integrated end-to-end platform where the sum of the parts is greater than the individual pieces. This is the promise on which Falcon Cloud Security delivers. By securing the entirety of the AI infrastructure from workload to LLM, CrowdStrike is enabling enterprises to harness the power of AI securely.
A key win in the quarter was an 8-figure Falcon Flex transaction for a major global financial services holding company, where we displaced a network security vendors multiplatform cloud offering. CrowdStrike Financial Services made it even easier to go all in with Falcon committing to a large multiyear deal. Too many consoles gotten the way of seamless SOC operations, Falcon Cloud Security was far easier to manage in a single console and provided all the right security controls to stop cloud breaches.
Moving on to our Identity business, which grew to more than $370 million in ending ARR. Our Identity business continues to benefit from several key trends, including the rapidly growing identity attack surface. In addition, our vision for the recently acquired Adaptive Shield business, now called Falcon Shield, secures identities everywhere, whether on-premises, in SaaS applications or within hyperscaler infrastructure.
A key Identity win was a large state university hospital system that consolidated on Falcon in a 7-figure deal. The CISO secured independent budget for Falcon because of the operational superiority of our identity protection module. Specifically, this university had enough of a competitor's identity protection bolt-on product that produced too many false positives.
Moving on to our Next-Gen SIEM business, which grew more than 115% year-over-year, finishing the year at more than $330 million in ending ARR. Next-Gen SIEM is rapidly breaking out as a foundational cornerstone of the integrated Falcon platform, offering unmatched speed, scalability and cost efficiency compared to legacy SIEMs. We believe the coupling of Next-Gen SIEM alongside our native first-party data and the agentic power of Charlotte AI gives CrowdStrike a unique advantage to continue leading the AI security revolution. This is why CrowdStrike is uniquely delivering the AI SOC of the future today.
A key 7-figure Next-Gen SIEM win from the quarter was a major U.S. airline, which also ranks as one of the top of global airlines by passengers carried. This airline selected CrowdStrike to replace legacy AV in the fall and then turn to us to replace their legacy QRadar SIEM. Falcon Next-Gen SIEMs, ease-of-use, incident workbench and ease of data ingestion prevailed over a network security vendor and hyperscaler SIEM.
In total, our Cloud Identity and Next-Gen SIEM businesses represent more than $1.3 billion in ending ARR growing nearly 50% year-over-year. While each of these businesses can stand on their own, it's the combination of these technologies, when delivered together alongside the broader Falcon platform that continues to propel CrowdStrike forward as the only true single platform on the market today.
And finally, for the first time, I'm excited to discuss our exposure management business which has quickly become a market disruptor. CrowdStrike exposure management offers both native vulnerability management for devices and applications, coupled with integrated attack surface management. This enables features like attack path analysis and dramatically improved vulnerability prioritization.
Our customers are already replacing legacy vulnerability management products at scale. Exposure Management wins are easy module attaches to Falcon Flex deals, and we're closing them with regularity as we consolidate out legacy vulnerability management vendors. Representative wins include a large digital radio station, a multinational shipping line and a large health care provider in Asia Pacific.
Cybersecurity's leading partners see CrowdStrike as a generational opportunity. Our ecosystem is a key growth lever on our $10 billion ARR journey, already returning significant dividends. From a dealer origination standpoint, partners source 60% of our new business in the fiscal year, validating our partner first strategy and ecosystem investments.
In particular, Next-Gen SIEM has attracted the interest of the GSI community given their experience configuring the SIEMs of yesterday and the market opportunity to displace these legacy products. In addition, the Falcon Flex subscription model fits the GSI selling motion with incentives for customer Flex utilization. Our GSI business neared the $1 billion milestone in FY '25, growing north of 40% year-over-year. Leading GSIs like Accenture, Deloitte, EY, HCL, Wipro, NTT TCS, Infosys and Cognizant are investing in their Falcon Services practice, and I expect us to see continued growth from these partners this fiscal year.
Our MSSP go-to-market continues to expand at a hyper growth pace, addressing the needs of small to medium businesses who want their cybersecurity program fully managed. MSSP contributed nearly 15% of our new business in FY '25, signifying a route to market, which has quickly grown and scaled over the past 2 years. All of our go-to-market partners benefit from our deep investment and strategic focus on cloud marketplaces.
We recently announced being the first cybersecurity ISV to achieve more than $1 billion in sales on the AWS Marketplace in 1 calendar year. We also had a noteworthy year with Google Marketplace, where in our first year of partnership, we did over $150 million in deal value out of the gate. We have aligned our partner ecosystem around hyperscaler marketplaces where we see larger deal sizes and faster deal cycle times.
In closing, we are cybersecurity's AI-native agenetic platform that stops the breach. Our innovation engine enables us to be a consolidating force for secure AI transformation. Our platform wins: 7 modules are each now individually over $300 million in ending ARR, demonstrating the power of our innovation in driving record adoption and Falcon's multi-act platform opportunity that continues to drive growth.
And our go-to-market execution momentum is unprecedented. Businesses are speaking with their wallets, investing in CrowdStrike to secure their futures. Today, including our end customers and those of our MSSPs, CrowdStrike is trusted by more than 74,000 organizations as their cybersecurity platform of choice growing more than 30% year-over-year. And in Q4 alone, we've closed new records in every total deal value segment.
Over 20 deals greater than $10 million. Over 350 deals greater than $1 million, over 2,300 deals greater than $100,000, and that was all in Q4. The data tells me that customers trust CrowdStrike, partners trust CrowdStrike and the market trust CrowdStrike. I open with everyone loving a good comeback story. Ours was forged by the trust of our customers, the dedication of our team and the loyalty of our partners. For that, I am truly grateful.
One thing is certain in our AI evolving world. Cybersecurity will be an increasingly essential ingredient for life in the AI era. And now more than ever, the world needs CrowdStrike.
I'll now turn the call over to Burt Podbere, CrowdStrike's CFO.
Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. CrowdStrike delivered a strong fourth quarter and finish to the year, achieving results above our stated expectations across all guided metrics and demonstrating our ability to adapt to unexpected challenges and emerge stronger. Several key areas from our performance and outlook demonstrate the strength and resilience of our business, including: first, the strength of our results demonstrates the power of our business model and sales execution highlighted by our record total contract value reaching $6 billion in FY '25, with growth accelerating to 40% year-over-year.
Second, the successful completion of our customer commitment program, which accelerated platform adoption and deepened customer relationships. Our success is demonstrated by Falcon Flex customers adding over $1 billion in Q4 account value and our strong gross retention rate of 97%.
And third, as we look ahead our visibility is improving. We expect net new ARR reacceleration as well as operating margin and free cash flow margin expansion in the second half of FY '26. We believe this momentum will set the stage for further acceleration in FY '27 over FY '26 and position us well to achieve our long-term targets.
For the full fiscal year, we achieved 23% and 29% ending ARR and total revenue growth, respectively. Operating income grew 27% year-over-year to reach a record $837.7 million, or 21% of revenue. Net income attributable to CrowdStrike and EPS grew 31% and 27%, respectively, to reach a record $987.6 million or $3.93 per diluted share. Free cash flow grew 14% year-over-year to reach a record $1.07 billion or 27% of revenue.
For the fourth quarter, we achieved net new ARR of $224 million and ending ARR grew 23% over last year to reach $4.24 billion. Our fourth quarter results showcase the success of our go-to-market and single platform strategies.
Falcon Flex momentum is increasing. Accelerating platform adoption and our strong sales execution positions us to extend our market leadership with the AI-native Falcon platform. Additionally, we entered the new fiscal year with a healthy pipeline as we continue to see robust demand for both prospective and existing customers.
In Q4, we completed our very successful customer commitment program. We estimate that the ARR value of customer commitment packages provided in Q4 was approximately $56 million, bringing the estimated value for the fiscal year to approximately $80 million. While this exceeded our expectations in Q4 as we concluded the program, the majority of deals that closed with customer commitment packages in the quarter included additional product or Flex dollars, rather than extended time and professional services. We view this as a positive for the business as it demonstrates customers' trust in our long-term partnership and importantly, drives bigger deals and increased levels of platform adoption as customers further consolidate onto the Falcon platform.
And as George stated, the success of the program, combined with the strong uptake of Falcon Flex gives us confidence in future net new ARR reacceleration as products are deployed, onetime discounts expire and contracts are upsized and renewed. This dynamic also limited the impact on Q4 revenue, which was de minimis and well below our $30 million expectation, contributing to our strong revenue beat for the quarter.
As mentioned earlier, we are seeing substantial increases in Falcon platform adoption accelerated by our Falcon Flex subscription model. In Q4, subscription customers were 6, 7 and 8 or more modules grew to 48%, 32% and 21% of subscription customers, respectively. Notably, customers with 5 or more modules reached an all-time high of 67% and on average, new customers are landing with at least 5 modules. Given this new heightened level of platform adoption on a broad scale, we will discontinue the 5 or more metric.
Our Falcon Flex program fueled an acceleration in platform adoption in FY '25. With Falcon Flex customers adopting more than 9 modules on average, Flex is our future. Additionally, in Q3 of FY '25, we announced the launch of CrowdStrike Financial Services, or CFS, and have already closed deals worth over $140 million through the program in FY '25. CFS enhances our customers' ability to do larger and longer-term deals with us, further enabling future platform adoption and strategic Falcon Flex deals.
As our growing module adoption demonstrates, customers are purchasing the Falcon platform for a strategic, long-term single platform standardization and increasingly leveraging Falcon Flex as the vehicle for these purchases.
In addition to accelerating module adoption, our strong customer relationships underpin our exceptional customer retention. Gross retention in Q4 remained high at 97%, and our dollar-based net retention rate was 112%, reflecting the impact of customer commitment packages. Given the size and scale of our business, we're very pleased with our net retention.
Moving to the P&L. Total revenue grew 25% over Q4 of last year to reach $1.06 billion ahead of our expectations. Subscription revenue reached a new milestone of over $1 billion in quarterly revenue, growing 27% year-over-year to $1.01 billion, while professional services revenue was $50.2 million.
Total gross margin was 78% and subscription gross margin was over 80% of revenue, both in line with last year's Q4 performance. Total non-GAAP operating expenses in the fourth quarter were $607.8 million compared to $448.1 million in the prior year. In Q4, we continued our disciplined approach to investing, prioritizing investments in platform innovation and resiliency. Our customer-first mindset is central to our approach to innovation and the driving force behind the success of our single platform strategy and industry-leading retention rates.
In the fourth quarter, non-GAAP operating income grew to $217.3 million and operating margin was 21%, well ahead of our guidance. Our investments in AI are driving significant internal efficiencies, enabling our teams to focus on high-value activities across the business. In Q4, we saw strong employee adoption of AI capabilities with average reported time savings per employee of over 1 full workday a month, equating to more than 24,000 work weeks saved, if annualized across our entire workforce.
We are also leveraging AI to automate key sales processes and streamline reporting and workflow. By automating the hours of manual work involved in these tasks, we can deliver new efficiencies in the business while continuing to execute on growth initiatives.
GAAP net loss attributable to CrowdStrike was $92.3 million and included $49.9 million of tax expenses related to acquisitions and $21 million of incident-related expenses with the remaining loss related to the ongoing impact of onetime programs for employees and onetime incentives for the sales team. Non-GAAP net income attributable to CrowdStrike grew 10% over Q4 of last year to $261.0 million, or $1.03 on a diluted per share basis, well ahead of our guidance.
Cash and cash equivalents grew to $4.32 billion. Free cash flow was $239.8 million or 23% of revenue. Incident-related expenses impacted Q4 free cash flow by approximately $22 million. The $93 million in deals financed through CrowdStrike Financial Services in Q4 had a de minimis impact to the quarter's free cash flow as expected.
Moving to our outlook and modeling notes. The fundamentals of our business remain strong, and we remain committed to our long-term target model. We are encouraged by first best-in-class customer retention rates and the success of our concluded customer commitment program. Second, continued strong and rapid adoption of Falcon Flex, which is accelerating module adoption rates, helping drive deeper strategic relationships with our customers and positioning us for long-term growth. And third, a robust demand environment across multiple large and growing markets, including Next-Gen SIEM, where we are in the early stages of disrupting a large legacy market and newer markets. such as agentic AI for cybersecurity, where our unique data advantage positions us as the natural innovation and category leader.
Visibility is improving as we move further from the sun. While we do not guide to net new ARR, our assumptions include a typical Q4 to Q1 seasonal decline of approximately 21% to 23% quarter-over-quarter. The net new ARR acceleration we expect in the second half of FY '26 sets the foundation for further acceleration in FY '27 over FY '26 as we scale the business to our goal of $10 billion of ending ARR by FY '31.
It also sets the stage for operating and free cash flow margin improvement in the back half of the year, particularly in Q4. Our operating margin guidance reflects the upfront investments we're making in key areas of the business, which we expect to yield clear ROI by the back half of FY '26, fueling our growth and innovation. The high end of our guidance implies a fiscal year 2026 non-GAAP operating margin of approximately 21%, and we plan to return to GAAP profitability in Q4.
Looking beyond this year, we plan to deliver 23% non-GAAP operating margin in FY '27 as we quickly ramp to our target non-GAAP operating model by fiscal 2029, which includes a free cash flow margin target between 34% and 38%. Please note, in Q1 of FY '26, we expect cash impacts of approximately $73 million for outage-related costs, including incremental sales compensation as well as $43 million due to the impact of flexible payment terms provided under customer commitment packages for deals closed in the back half of FY '25. We expect to exit fiscal year 2026 with Q4 free cash flow margin at approximately 27% and to return to 30% or more free cash flow margin on an annual basis in FY '27.
Moving to our guidance. For the first quarter of FY 2026, we expect total revenue to be in the range of $1,100.6 million to $1,106.4 million, reflecting a year-over-year growth rate of approximately 20%. We expect non-GAAP income from operations to be in the range of $173.1 million to $180.0 million and non-GAAP net income attributable to CrowdStrike to be in the range of $162.1 million to $167.5 million.
We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $0.64 to $0.66, utilizing a weighted average share count of approximately 254 million shares on a diluted basis and a 22.5% non-GAAP effective tax rate, which is a $0.19 impact to EPS at the midpoint.
For the full fiscal year 2026, we currently expect total revenue to be in the range of $4,743.5 million to $4,805.5 million, reflecting a growth rate of 20% to 22% over the prior fiscal year. Non-GAAP income from operations is expected to be between $944.2 million and $985.1 million.
We expect fiscal 2026 non-GAAP net income attributable to CrowdStrike to be between $851.2 million and $883.0 million, utilizing approximately 256 million weighted average shares on a diluted basis and a 22.5% non-GAAP effective tax rate, which is a $0.98 impact to EPS at the midpoint, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $3.33 to $3.45.
Please refer to our earnings release and earnings presentation for additional details regarding our changes in presentation of non-GAAP measures related to tax and presentation and additional modeling notes.
George and I will now take your questions.
Operator, we are now ready for questions.
[Operator Instructions] Our first question will come from Saket Kalia with Barclays.
Okay. Great. And nice finish to the year.
Thank you, Saket.
Sure. George, maybe for you. We heard on the call that Falcon Flex is the future. I was wondering if you could just talk a little bit about how Falcon Flex is driving better value for customers. And any examples you have maybe how current customers are growing their existing spending with CrowdStrike through Falcon Flex?
Sure. Thanks, Saket. And as we've talked about for some time, Falcon Flex was really borne out of customer demand, wanting to consolidate more with CrowdStrike and wanted to create a flexible way to procure more modules. So when we think about Falcon Flex, again, it opens the entire product catalog up to our customers, and then they can add new modules without necessarily going through a procurement cycle. They commit -- the more they commit, the better the discounts and they can basically use that very seamlessly in their environment.
So let me just give you one example. Last quarter, we had a large transportation company where we consolidated 3 vendors, Cloud, SIEM and multiple endpoint vendors and we move them to a Flex, and in this particular case, a large enterprise, we increased the ARR by 67%. And that's just one of many examples that we've seen.
And in general, what we're finding is that customers are -- as we go through the demand plan, they're ahead of schedule in their demand plan in consuming the Flex, which is a great stat for us. And we called out some of those in the earnings script. So excited about Falcon Flex, and it's our really market-leading way to engage with customers as we go forward.
Our next question will come from Brian Essex with JPMorgan.
Okay. Hopefully, you can hear me. I guess I want to talk about emerging products. And if I look at the growth rate, it seems as though Cloud and Identity decelerated at a faster rate than LogScale. Is that a function of the incentives and how customers may have spent it in Cloud and Identity as opposed to LogScale, which may have more injection costs associated with it? Just maybe if you could give a little bit of color on how your customers are consuming those. We understand the sustainability of those emerging segments.
Yes, good question. So just recently, as you may have seen in our threat report, we talked about identity and how critical it is to customers. Since 2019, as an example, 40% of the attacks were identity-based or non-malware based. And in the current report, 79% are non-malware base. A lot of it is around Identity.
So what we've seen as part of the CCP package is that Identity and Cloud has been a big driver of what people have been taking because they know it's so critical for their protection going forward. So when we look at that and as we talked about the back half of the year, CCP sort of elements will be burning off and obviously, it's a great opportunity to be able to renew what they're already using and how we're ready protecting them. So we view it as a net positive and seeding the customer base.
Our next question will come from Gabriela Borges with Goldman Sachs.
Burt, I wanted to ask you a little bit about how you thought about guidance for the year because we had the pause in the external demand gen around the July time frame we have the enterprise sales cycles pushing out by I think you said 15%. Maybe just talk us through how did you think about the puts and takes to the back half of the year as some of those dynamics reverse? And then to Brian's earlier question. You also have the CCP contracts renewing. Maybe just walk us through how you thought about some of those dynamics.
Yes. Sure, Gabriela. Thanks for that. So I think George touched on some of it already with respect to the CCP programs, the onetime incentives with respect to those coming due in the back half of next year, gives us confidence that we're going to be able to have -- take advantage of the opportunity to upsell our customers. They're already using it. They're already loving it. It's going to be easy for them to renew.
And of course, as we continue to think about new products that we're coming to market with, it's a great discussion to have we've already gone through, as George said, the demand plan. We're ahead of the demand plan in terms of where customers are at in terms of drawing down from their flex pools.
So this gives us excitement about our ability to actually go and have that reacceleration in the back half. And I think that it really talks to not only the emerging products that we've had great success in. But even the rest of our products, we have 29 modules to sell to our customers. We have this opportunity to upsell them to take out costs and show the value of CrowdStrike. That's why we get excited about the reacceleration of net new ARR in the back half.
Our next question will come from Tal Liani with BofA.
I have 2 questions, so I'll choose one. Contribution from existing customers. If I look at your GRR and NRR and I calculate contribution from existing customers versus new customers, your performance on new customers is very consistent. You're growing between 10% to 11% a year from new customers. But the growth from existing customers had gone down, which means there are some -- there is a decline in the growth in upselling to existing customers. So you started the year with Q1, with 21% growth coming from existing customers, and you ended the year with 15% and every quarter, it goes down. Can you talk about your ability to take NRR back up which is the function of sales to existing customers or upsell to existing customers?
Sure, Tal. Thanks. So there's a few dynamics that are impacting, obviously, dollar-based net retention. Obviously, our CCP had an impact. But remember, DBNR is a noisy metric for us. As you know, we don't manage to it. In any given quarter, we can land bigger longer deals, which does put pressure on our dollar-based net retention, George talked about what Flex does to that environment. Flex gives us the opportunity to enter into larger, longer deals, which could impact DBNR, but that's a good thing for us. We want customers to engage with us with bigger deals, longer deals, that's exciting.
Conversely, we now have a bigger base to sell into. We have this opportunity to go after more logos. So in any given quarter, we're going to get different dynamics and different pressures, but I think the good news is we've got a lot of room with respect to new logos, and we've got this ever-expanding base where we can sell into an upsell and cross-sell. So that's how I look at that dynamic.
Our next question will come from Joel Fishbein with Truist Securities.
George, thanks for the color around AI and AI strategy in Charlotte. I would just love to get a little bit more color around pricing and competitive environment around the AI security, that would be really helpful.
Thank you. So yes, I mean when you look at Charlotte AI and what we've been able to do from an agentic AI perspective. We talked about some of the efficiencies in terms of hours saved. We've talked about taking a level 1 analyst turning into a level 3. And with Falcon Flex, we have a lot of attach of Charlotte in these deals, and we continue to be wired into our workflows, which is a key part of being agentic.
So I think overall, we're getting feedback from customers. They like it. They're using it. And one of the interesting facts that has come out since we released this is that we certainly geared it towards that level 1 analyst. But we're actually finding that the level 3 analysts are using it even more because they understand how to prompt it and get information out of it.
So overall, it's, I think, been very encouraging the uptake. And certainly, it continues to perform and save our customers a tremendous amount of time and effort. So we'll have updates on Charlotte, but full steam ahead. And as you and I have talked about in the past, it's still early innings in this agentic world, and we continue to lead the way.
Our next question will come from Matt Hedberg with RBC.
George, for you, Exposure Management is near and dear to your heart. And you could sense the enthusiasm with some of your early wins. I'm just curious to put a finer point on that. Are we talking about full like network endpoint replacements there? I just want to make sure that I understand like the composition of your platform versus some of the pure plays?
Yes, we are. When we look at our technology there, whether it's exposure management, vulnerability management is an element of exposure management. We've done some acquisitions. We've had some capabilities for a while, particularly on the agent side. And we have released the ability to actually scan over the network, which was a missing element that we didn't have in the past. So that really allows for fuller replacements in a competitive environment.
And our customers have been asking for it. We focused on the agent first. Of course, that's where our strength is. And now with the ability to scan, it really has unlocked the potential to replace a lot of the competitive products in that market. So we remain excited, it's fully integrated, it leverages the full base of data that we have in our AI and workflow infrastructure and we'll continue to give you updates on it because we think it's a real added element to the repertoire of the modules that we have, and we're proud to tell you about the success.
Our next question will come from Andrew Nowinski with Wells Fargo.
Congrats on a really strong recovery quarter here. I'd like to just dig a little bit deeper on your net new ARR. If you could just clarify how much the Adaptive Shield acquisition contributed this quarter in Q4? And then if you add back the $56 million you talked about in CCP, it looks like net new ARR is still down about 1% year-over-year, but gross retention was unchanged. So it doesn't look like churn increased at all. I'm just -- I'm wondering if you think customers might still be holding back on spending as a reason why net new is still down 1%.
Andrew, so let me take the churn and contraction question first. So basically, for us, what we saw for CCP any churn and contraction with respect to CCP was really de minimis. There was not much there at all. And with respect to churn and contraction overall, it was really in line with what we've been seeing. There's been no anomalous behavior with respect to churn and contraction. So we're actually really excited about where we're headed with respect to net new ARR and certainly with the reacceleration in the back half.
With respect to Adaptive Shields, it was a very small number. with respect to ARR. So it's de minimis from our perspective. But when you think about the opportunity, that's a very different story, and I'll turn it over to George to talk about the opportunity with Adaptive Shields.
Yes. This is one where our customers are really excited. The day it was announced, all of our Flex customers ask when they can have it. And 20 days later, it was part of their rate card. So we've seen amazing adoption of it in the early days here. Obviously, we'll continue to give you updates. But it's a fantastic technology and something that's really needed in the environment today.
Our next question will come from the line of Fatima Boolani with Citi.
George, you referenced the staggering in the period deal value that you have contracted for Falcon Flex specifically. I specifically wanted to ask you about the Falcon Flex dollars that you have given in kind to some of your CCP customers.
And I wanted to get an understanding of how quickly they're burning through those in-kind Flex dollars that you've given them such that it is triggering earlier renewal, earlier upsell events. And if that was a contributing factor to how robust the in-quarter deal value was for Falcon Flex?
Sure. Well, what we've seen as we've moved to Falcon Flex and certainly, CCP is just leveraging the licensing model of Falcon Flex to provide some value back to our customers.
But as Burt and I have talked about the back half of the year, we certainly look towards that as where those Falcon Flex CCP dollars would burn off. A lot of our sellers now, again, are focused not on just selling new modules, but demand planning with our customers. And we're seeing the demand plans be ahead of schedule, right? So that's a good thing. And obviously, the more they consume within a shorter period of time, the better for us. And obviously, we want to be there to provide value in any of the modules we have or some of the newer ones like Shield. So any other comments on that Burt?
Yes. Look, I think we have this great opportunity in front of us. I think -- remember, the one thing that really gives us more excitement about the back half that George was referring to, is we still have a lot of customers to talk about Flex with, right? We have a subset that we've already dealt with, but we've got a whole lot more that we can go after that are still coming up for renewal or talking to them about their demand plans. So we're excited about that opportunity that's in front of us.
Our next question will come from Gregg Moskowitz with Mizuho.
George, exceeding $1 billion in sales through AWS Marketplace in a 12-month period, I mean, that's really stunning and I'm not sure everyone remembers that you only "eclipsed $1 billion in lifetime sales on AWS in October of 2023." So clearly, the growth rate that you're showing here is still very high. But given that we're running into the law of larger numbers, it would just be helpful to get your perspective on the growth outlook for CrowdStrike on AWS Marketplace over the next 2 to 3 years?
Well, certainly, you remember it, so thanks for calling that out. And AWS has been a tremendous partner for us. Not only do we work with them, but we work with our other partner network in conjunction with them, right? So it's important to make sure that we've got all the partners moving in the right direction.
I only see it going up. I mean it is the way customers want to consume. And you have to look at the cloud environments and the hyperscalers right now. The larger enterprises are committing more into these marketplaces and cloud providers. And the beauty of the marketplace is that customers can use those dollars to burn down and procure CrowdStrike.
So we only see opportunity in this marketplace. And we see it certainly outside of the U.S. A lot of it has been focused in North America. But I think the rest of the world really opens up, particularly when you look at some of the cloud environments in different nations and sovereign data requirements and things of that nature.
So we're very optimistic with our partner and not only AWS, right? We talked about GCP and others that have been fantastic routes to market. I think it is really one of the future ways that customers will continue to procure through CrowdStrike.
Our next question will come from Joseph Gallo with Jefferies.
It was awesome to see the $600 million of cloud ARR growing 45%. Can you just talk through that competitive landscape? Has that stabilized? One of your biggest cloud competitors noted on the earnings call that customers are gravitating towards workload protection and agent architecture. Is that something that you're seeing as well? And then given your strength in workload protection, when, if ever, do you expect customers to consolidate on a cloud solution?
Yes. I think that's absolutely right. When you look at the market and you've got CSPM and you've got workload protection. I mean, CSPM is a great technology, but it's more of a reporting and compliance as opposed to stopping the breach.
So if customers are looking to stop the breach, you're going to need a workload protection. And of course, that is our DNA. We've been working on that for the better part of a decade, and it's very well refined. And we've earned a trusted spot in running in the most critical infrastructure on these workloads.
So we continue to see consolidation in these areas. We certainly have expanded our CNAPP capabilities across whether it's CSPM or ASPM or DSPM, et cetera, lots of PMs in there, but we have all of those, and we are routinely consolidating customer spend in that area. So we're excited about the $600 million milestone and the success that we're having in the cloud environments with our customers.
Our last question will come from Patrick Colville with Scotiabank.
And I guess I want to ask about the bottom line, any questions on the bottom line. So guiding to 20% operating profit margin in fiscal '26, I guess, can you just talk us through the puts and takes there? Is that because of the kind of drag on the first half before the reacceleration in the back half? And then did you soft guide but -- to 23% op margins in fiscal '27? So I guess, a snapback from next year.
Yes. Thanks, Patrick. So let me start with saying that we had a very successful CCP program. And our profitability guidance reflects some of the sales and marketing costs of FY '25 CCP packages amortized over the entire year. So that's going to impact our margin.
We also have some onetime upfront investments in key areas of the business that we need to bolster our increasing scale. Some of those could be related to the fact that we are fully reigniting our marketing initiatives post the outage. We've got innovation across high-growth and emerging products across areas, including Cloud Security, Identity Protection, Next-Gen SIEM and AI.
We also have ramping investments in our internal use of AI tools. We feel that we can get significant savings in the out periods by the investments that we're going to make today.
We also have been -- increased in our investments and our platform resiliency which we believe will be a competitive advantage for us when we're going up against some of our competitors with respect to our -- being the best -- not only the best in class in terms of security, but the resilience behind that as well.
And then finally, I want to end by saying we expect operating margin and free cash flow margin to expand in the second half of FY '26.
Thank you all for joining. Please, I just wanted to make one reminder to please refer to our earnings presentation, which is posted on our Investor Relations website and for additional modeling notes as well as the details on the changes in presentation of non-GAAP measures.
With that, I'll turn the call over to George for closing remarks.
Thank all of you for your time today. We appreciate your continued support and look forward to seeing you at our upcoming investor events. Have a great day.