From Airbnb to Tesla, It’s Starting to Feel Like 1999 All Over Again. It May End the Same Way.

Maybe this time is different. Those words, supposedly the most dangerous to utter in the investing realm, came to mind amid the frenzied pops in the highly anticipated initial public offerings of the past week.

They recalled the wild IPOs at the end of the last century, when the public’s enthusiasm for all things dot-com had investors paying crazy prices for new stocks that often lacked earnings, revenue, or, in some cases, actual operations. After the calendar turned over to the year 2000—without the world descending into chaos from the Y2K computer bug, remember that?—the bubble popped, especially after Barron’s published its seminal cash-burn story that March, which showed that the dot-com kids were rapidly running through the liquid assets compliant capital markets had provided to them. As it turned out, the Nasdaq Composite had posted its top tick a bit more than a week earlier, although we only learned that in retrospect.

What is different this time is that the current highflying IPOs are coming from innovative companies that have become major businesses, nurtured by their private-market investors while attracting throngs of fans who wanted to become shareholders as well as customers. So they clamoured for DoorDash (ticker: DASH) and Airbnb (ABNB), sending their shares soaring in their first day of trading by 86% and 113%, respectively, over their respective IPO prices.

So great was the frenzy that there was furious buying of the call options of ABB (ABB), the big European industrial company out of confusion with the ticker for Airbnb, our former Barron’s colleague Mike Santoli amusingly reported on CNBC. That wasn’t the first case of mistaken identity with a hot IPO. Instead of getting in on the 2019 IPO of Zoom Video Communications (ZM), which has become one of this year’s stay-at-home winning stocks, punters mistakenly chased penny stock Zoom Technologies (ZTNO) ahead of the former’s IPO.

What does recall the dot-com bubble era are the valuations accorded these IPOs. In his preview of the Airbnb offering last week, colleague Andrew Bary quoted New York University professor and tech entrepreneur Scott Galloway bullishly predicting a US$100 billion market value—by the end of 2022. At the end of its first day trading on Thursday, its market cap already topped Galloway’s no longer outlandish projection, which was three times what had been estimated just a week earlier.

Another blast from that past is Tesla‘s (TSLA) 50%-plus jump since Standard & Poor’s announced last month the electric-vehicle stock’s inclusion in the S&P 500 index. That recalled the 64% jump in then-dominant internet search company Yahoo! in December 1999 ahead of its addition to the benchmark index, just a few months before the Nasdaq’s peak.

S&P 500 index funds and portfolios that followed the benchmark will have to buy Tesla without regard to the stock’s value, as colleague Evie Liu reports. But the slavish adherence to this particular market gauge belies the tenet of index investing—that the efficient market distills the reasoned assessments of buyers and sellers of the value of a security. “Whether or not [Tesla CEO] Elon Musk will ever deliver autonomous driving, we are drifting closer to autonomous investing,” writes Jim Grant in the current Grant’s Interest Rate Observer.

Even if that’s the case, this episode demonstrates that the S&P 500 doesn’t represent the entirety of the U.S. stock market. For instance, the Vanguard 500 Index fund (VFIAX) has significantly lagged the Vanguard Total Stock Market Index fund (VTSAX), 15.64% to 17.8% in the year through Wednesday, according to Morningstar data. Over the past 12 months, the gap is 17.41% to 19.14%.

For his part, Musk decried the “M.B.A.-isation of America” to The Wall Street Journal this past week for U.S. corporations supposedly focusing too much on financials. Which is ironic given Tesla’s adept financial engineering, including its announcement this past week of a $5 billion sale of stock, its third equity financing this year, for a total $12 billion.

Musk’s criticism seems directed at those skilled at analyzing the EV maker’s income statement and balance sheet, such as Vicki Bryan, who pens the Bond Angle research letter. Tesla’s addition to the S&P 500 followed its reporting of a requisite four consecutive profitable quarters, which can be “traced entirely to energy credit sales plus noncash account and unusual items—none of which are its core business,” she writes.

These items provided a $1.6 billion boost to reported free cash flow of $1.93 billion in the four quarters through Sept. 30, which, however, ignored $100 million for solar-equipment capital expenditures and $1.1 billion in capex funded by leases. Taking all that into consideration, operations actually consumed more than $800 million in cash, she concludes.

The entire $9.18 billion year-over-year increase in reported cash, to $14.53 billion on Sept. 30, resulted from net borrowing of $1.5 billion and the sale of $7.7 billion in stock and equity equivalents, Bryan adds. The ebullient stock market, augmented by the index effect, provides the cheap capital to keep the Musk magic going.

That’s what’s different this time from the dot-com era. There seems to be a seemingly limitless font of money to be tapped by hypergrowth companies that promise to change how we work, live, and get around. The question is whether it will end differently.

As tech leaders race to bring Windows systems back online after Friday’s software update by cybersecurity company CrowdStrike crashed around 8.5 million machines worldwide, experts share with CIO Journal their takeaways for preparing for the next major information technology outage.

Be familiar with how vendors develop, test and release their software

IT leaders should hold vendors deeply integrated within IT systems, such as CrowdStrike , to a “very high standard” of development, release quality and assurance, said Neil MacDonald , a Gartner vice president.

“Any security vendor has a responsibility to do extensive regression testing on all versions of Windows before an update is rolled out,” he said.

That involves asking existing vendors to explain how they write software, what testing they do and whether customers may choose how quickly to roll out an update.

“Incidents like this remind all of us in the CIO community of the importance of ensuring availability, reliability and security by prioritizing guardrails such as deployment and testing procedures and practices,” said Amy Farrow, chief information officer of IT automation and security company Infoblox.

Re-evaluate how your firm accepts software updates from ‘trusted’ vendors

While automatically accepting software updates has become the norm—and a recommended security practice—the CrowdStrike outage is a reminder to take a pause, some CIOs said.

“We still should be doing the full testing of packages and upgrades and new features,” said Paul Davis, a field chief information security officer at software development platform maker JFrog . undefined undefined Though it’s not feasible to test every update, especially for as many as hundreds of software vendors, Davis said he makes it a priority to test software patches according to their potential severity and size.

Automation, and maybe even artificial intelligence-based IT tools, can help.

“Humans are not very good at catching errors in thousands of lines of code,” said Jack Hidary, chief executive of AI and quantum company SandboxAQ. “We need AI trained to look for the interdependence of new software updates with the existing stack of software.”

Develop a disaster recovery plan

An incident rendering Windows computers unusable is similar to a natural disaster with systems knocked offline, said Gartner’s MacDonald. That’s why businesses should consider natural disaster recovery plans for maintaining the resiliency of their operations.

One way to do that is to set up a “clean room,” or an environment isolated from other systems, to use to bring critical systems back online, according to Chirag Mehta, a cybersecurity analyst at Constellation Research.

Businesses should also hold tabletop exercises to simulate risk scenarios, including IT outages and potential cyber threats, Mehta said.

Companies that back up data regularly were likely less impacted by the CrowdStrike outage, according to Victor Zyamzin, chief business officer of security company Qrator Labs. “Another suggestion for companies, and we’ve been saying that again and again for decades, is that you should have some backup procedure applied, running and regularly tested,” he said.

Review vendor and insurance contracts

For any vendor with a significant impact on company operations , MacDonald said companies can review their contracts and look for clauses indicating the vendors must provide reliable and stable software.

“That’s where you may have an advantage to say, if an update causes an outage, is there a clause in the contract that would cover that?” he said.

If it doesn’t, tech leaders can aim to negotiate a discount serving as a form of compensation at renewal time, MacDonald added.

The outage also highlights the importance of insurance in providing companies with bottom-line protection against cyber risks, said Peter Halprin, a partner with law firm Haynes Boone focused on cyber insurance.

This coverage can include protection against business income losses, such as those associated with an outage, whether caused by the insured company or a service provider, Halprin said.

Weigh the advantages and disadvantages of the various platforms

The CrowdStrike update affected only devices running Microsoft Windows-based systems , prompting fresh questions over whether enterprises should rely on Windows computers.

CrowdStrike runs on Windows devices through access to the kernel, the part of an operating system containing a computer’s core functions. That’s not the same for Apple ’s Mac operating system and Linux, which don’t allow the same level of access, said Mehta.

Some businesses have converted to Chromebooks , simple laptops developed by Alphabet -owned Google that run on the Chrome operating system . “Not all of them require deeper access to things,” Mehta said. “What are you doing on your laptop that actually requires Windows?”