Short Seller Takes Aim at Another EV Maker

Many new electric-vehicle start-ups have no sales and big aspirations. Electric truck maker Lordstown Motors is one of them. The company doesn’t sell EVs yet, but expects to start selling its all-electric truck called Endurance later in 2021. After the launch, Lordstown projects explosive growth off its 2021 base in 2022 and beyond.

One short seller, however, isn’t buying it.

On Friday morning, Hindenburg Research published a negative research report about Lordstown Motors (ticker: RIDE). The report makes several claims, notably that not all of the preorders the company has claimed are real.

The report is hitting the stock. Shares are down 20%, at $14.18, in Friday morning trading. The S&P 500, by comparison, is down 0.5%. The Dow Jones Industrial Average is up 0.5%.

On Jan. 11, Lordstown reported more than 100,000 preorders for its Endurance pickup truck launched this past summer. Hindenburg claims in its report that it has talked to some Lordstown preorder customers, and points out some it found that don’t have the cash to buy ordered trucks and that preorders don’t carry a commitment to purchase or a penalty to cancel.

Lordstown wasn’t immediately available to comment on the Hindenburg report.

Preorders in the EV industry are fairly common. Tesla (TSLA), when it launched its Cybertruck, regularly reported preorders. Tesla racked up hundreds of thousands in vehicle preorders before it stopped reporting the number. A Cybertruck could be reserved for US$100, which is fully refundable.

Hindenburg is the firm that published a negative research report about electric- and hydrogen-powered trucking company Nikola (NKLA) back in September 2020. Hindenburg alleged Nikola management misled investors. Nikola denied the claims. The report, however, led to the departure of company founder Trevor Milton.

An internal investigation conducted by an outside firm at the behest of Nikola followed and, as a result, the company disclosed in its annual report nine statements made by Miltion which may have been partially untrue.

At the time of the report, Hindenburg was short Nikola stock, betting that its price would decline. Now, Hindenburg is short Lordstown stock and stands to gain as it falls.

Lordstown became a publicly traded company in 2020 after merging with a special purpose acquisition company. The company, founded by Steve Burns, purchased an Ohio plant from General Motors (GM) to kick-start its growth plants.

The company projects more than $100 million in sales for 2021, growing to $1.7 billion in sales in 2022 and then to $5.8 billion by 2024. Vehicle deliveries over that span are projected to go from 2,200 in 2021 to more than 100,000 in 2024.

Lordstown will report fourth-quarter results on March 17 after the market closes. Investors and analysts will have a chance to hear from management then.

As tech leaders race to bring Windows systems back online after Friday’s software update by cybersecurity company CrowdStrike crashed around 8.5 million machines worldwide, experts share with CIO Journal their takeaways for preparing for the next major information technology outage.

Be familiar with how vendors develop, test and release their software

IT leaders should hold vendors deeply integrated within IT systems, such as CrowdStrike , to a “very high standard” of development, release quality and assurance, said Neil MacDonald , a Gartner vice president.

“Any security vendor has a responsibility to do extensive regression testing on all versions of Windows before an update is rolled out,” he said.

That involves asking existing vendors to explain how they write software, what testing they do and whether customers may choose how quickly to roll out an update.

“Incidents like this remind all of us in the CIO community of the importance of ensuring availability, reliability and security by prioritizing guardrails such as deployment and testing procedures and practices,” said Amy Farrow, chief information officer of IT automation and security company Infoblox.

Re-evaluate how your firm accepts software updates from ‘trusted’ vendors

While automatically accepting software updates has become the norm—and a recommended security practice—the CrowdStrike outage is a reminder to take a pause, some CIOs said.

“We still should be doing the full testing of packages and upgrades and new features,” said Paul Davis, a field chief information security officer at software development platform maker JFrog . undefined undefined Though it’s not feasible to test every update, especially for as many as hundreds of software vendors, Davis said he makes it a priority to test software patches according to their potential severity and size.

Automation, and maybe even artificial intelligence-based IT tools, can help.

“Humans are not very good at catching errors in thousands of lines of code,” said Jack Hidary, chief executive of AI and quantum company SandboxAQ. “We need AI trained to look for the interdependence of new software updates with the existing stack of software.”

Develop a disaster recovery plan

An incident rendering Windows computers unusable is similar to a natural disaster with systems knocked offline, said Gartner’s MacDonald. That’s why businesses should consider natural disaster recovery plans for maintaining the resiliency of their operations.

One way to do that is to set up a “clean room,” or an environment isolated from other systems, to use to bring critical systems back online, according to Chirag Mehta, a cybersecurity analyst at Constellation Research.

Businesses should also hold tabletop exercises to simulate risk scenarios, including IT outages and potential cyber threats, Mehta said.

Companies that back up data regularly were likely less impacted by the CrowdStrike outage, according to Victor Zyamzin, chief business officer of security company Qrator Labs. “Another suggestion for companies, and we’ve been saying that again and again for decades, is that you should have some backup procedure applied, running and regularly tested,” he said.

Review vendor and insurance contracts

For any vendor with a significant impact on company operations , MacDonald said companies can review their contracts and look for clauses indicating the vendors must provide reliable and stable software.

“That’s where you may have an advantage to say, if an update causes an outage, is there a clause in the contract that would cover that?” he said.

If it doesn’t, tech leaders can aim to negotiate a discount serving as a form of compensation at renewal time, MacDonald added.

The outage also highlights the importance of insurance in providing companies with bottom-line protection against cyber risks, said Peter Halprin, a partner with law firm Haynes Boone focused on cyber insurance.

This coverage can include protection against business income losses, such as those associated with an outage, whether caused by the insured company or a service provider, Halprin said.

Weigh the advantages and disadvantages of the various platforms

The CrowdStrike update affected only devices running Microsoft Windows-based systems , prompting fresh questions over whether enterprises should rely on Windows computers.

CrowdStrike runs on Windows devices through access to the kernel, the part of an operating system containing a computer’s core functions. That’s not the same for Apple ’s Mac operating system and Linux, which don’t allow the same level of access, said Mehta.

Some businesses have converted to Chromebooks , simple laptops developed by Alphabet -owned Google that run on the Chrome operating system . “Not all of them require deeper access to things,” Mehta said. “What are you doing on your laptop that actually requires Windows?”