When an enterprise B2B SaaS company survives a major public incident (catastrophic outage, security breach, product failure) with gross retention at or above 95% and subsequently sees net new ARR recover to above pre-incident peaks within 4–6 quarters, this constitutes stronger evidence of franchise durability than any metric from normal operating conditions. The incident stress-tests true switching costs under adverse conditions — customers who stay through a catastrophic event have made an active recommitment decision, not a passive one. Their subsequent expansion behaviour post-incident reveals the depth of the franchise more clearly than steady-state NRR.
The pattern has a secondary signal: if the company converts the incident remediation programme (credits, compensation packages) into expanded platform commitments (customers accepting credits in exchange for Flex subscriptions, multi-year extensions), the incident becomes a paradoxical retention catalyst. Management quality is also revealed — transparent, rapid crisis response tends to strengthen rather than weaken customer relationships in mission-critical software.
When analysing a company that has experienced a major public incident, do not rely solely on the immediate GRR/NRR print — the franchise strength test is the NNA recovery trajectory 2–4 quarters later. A 97%+ GRR through the incident is necessary but not sufficient; NNA recovery above pre-incident levels is the sufficient condition. Also look for evidence of remediation programmes converting into platform expansions, which would indicate that incident management competence is itself a franchise-building activity. Apply this framework to any enterprise SaaS company facing an incident: ServiceNow, Datadog, Cloudflare, Okta (post-2022 breach) — the post-incident NNA trajectory is the indicator to track.