Cybersecurity is a growing technology field that has drawn investor attention in part due to high-profile corporate data breaches and system hacks.
The research firm Research and Markets sees the worldwide cybersecurity industry expanding by a compound annual growth rate of 9.7% to reach $345.4bn (£252.3bn) by 2026. Facts and Factors is more optimistic. It said the global cyber security market will be worth $398.3bn by 2026, logging a CAGR of 14.9%.
Keeping information safe and secure is vital in a connected economy. Companies within the industry offer products and services including physical hardware such as network firewalls, antivirus and system monitoring software and cloud security solutions.
Losses from cybercrime
Last year, losses from cybercrime amounted to almost $1trn (£728bn) according to antivirus maker McAfee.
Adding to corporate information technology (IT) security concerns is a lack of trained professionals prepared to deal with cybersecurity incidents. A survey conducted by industry training body (ISC)² found that three million cybersecurity professionals are needed globally to fill this skills gap, with more than half of survey respondents saying cybersecurity staffing shortages are putting their organisations at risk. Indeed, at a recent analyst event, Palo Alto Networks chief executive Nikesh Arora said: "Cybercrime has gone from a hobby to a profession."
Earlier this month Fortinet pledged to provide cybersecurity training to one million people over the next five years. Fortinet offers eight Network Security Expert certifications which begin with IT security fundamentals and then move on to training in the company’s range of products.
In August, US President Joe Biden hosted a cybersecurity summit with key industry executives in attendance, resulting in companies including Google and IBM pledging to increase the number of cybersecurity-trained Americans.
In a recent research note obtained by Capital.com, Wedbush Securities analyst Daniel Ives highlighted the possibility of increased revenue for the sector in the form of US government contracts.
“We believe heading into year-end (Wall) Street is underestimating the massive strength we are seeing in the field combined with a federal spending uptick that should be pronounced in the September quarter and giving a tailwind for the cyber security sector over the next 6 to 12 months,” Ives said.
Research firm Gartner produces industry surveys, with peer companies displayed on a quadrant chart that weighs various factors. Top-rated companies are found in the top right so-called “Magic Quadrant”. Corporations make million-dollar purchasing decisions based on these rankings and many cybersecurity and technology companies take pride in their “Magic Quadrant” status.
Investors looking for cybersecurity investment ideas can look at two stock indices which track the sector: NASDAQ’s CTA Cybersecurity Index, which tracks 39 companies and the Solactive Global Cyber Security Index, comprising up of 30 companies in the cyber and data security sectors.
Chicago-based Morningstar provides investment research, analytics and investment management services.
Speaking exclusively to Capital.com, senior equity analyst Mark Cash outlined a way of looking for leaders in the cybersecurity sector.
“A thesis we have on the market is having a platform approach to security. If organisations can bring best of breed technology to their core offering, we think enterprises are going to that platform. A lot of organisations have too many toolsets. Being able to take all the toolsets and reduce them down to only a few vendors is a key theme on who the winners and losers (in cybersecurity) are going to be,” Cash said.
Security services providers
Companies concentrate their IT security teams in one place: the Security Operations Centre (SOC), where professionals have access to systems information from across the organisation with the help of security information and event management (SIEM) software - which collects IT infrastructure data in order to give systems administrators and security professionals a better handle on what’s happening with their systems. Smaller companies often outsource their SOC to a managed security services provider.
In recent months, companies such as CrowdStrike, Splunk, Zscaler, Palo Alto Networks, Okta, FireEye and SentinelOne have posted quarterly earnings.
Cloud security company CrowdStrike’s loss from operations widened to negative $47.4m from negative $30m last year in the fiscal second quarter ended 31 July. Revenue rose 70% to $337.7m as subscription revenue increased 71% to $315.8m.
In a research note obtained by Capital.com, Morningstar upped its fair value on CrowdStrike stock to $200 per share with a two-star rating. Shares closed on 23 September at $262.29. The 52-week high was $289.24, reached on 30 August.
Morningstar's stock rating can help investors evaluate a stock’s value when making investment decisions. A four- and five-star rating mean a stock is undervalued while a three-star rating means that it is fairly valued. One and two stars indicate a stock is overvalued.
“All the breaches and attacks that you see are a strong driver for security spending. CrowdStrike benefits in an outsize manner by having a leading organisation for breach remediation and threat intelligence services,” Morningstar’s Cash said in an interview with Capital.com.
SIEM software maker Splunk saw revenues rise 23% to $606m for the fiscal second quarter ended 31 July as cloud computing services boomed. But the San Francisco-based network security and maintenance company also suffered a bigger loss than it did a year earlier. The net loss grew to $384m from $261.3m.
“We believe accelerating demand combined with the success of workload pricing positions Splunk to realize sustained growth and competitive wins as the cloud transition continues apace,” Morningstar’s Mark Cash wrote in a recent note. Morningstar has a three-star rating and $164 fair value on Splunk stock.
Splunk shares closed at $152.56 on 23 September and set a 52-week high of $222.19 on 21 October 2020.
Zscaler boosted revenues 57% to $197.1m in the fiscal fourth quarter ended 31 July as large companies and organisations, including the US government, jumped on cloud security. The San Jose, California-based company posted a net loss of $81m, an increase from $49.5m in the prior year quarter.
Revenue for the full year ended 31 July increased 56% to $673.1m. The net loss was $262m versus $115.1m prior year.
"We expect Zscaler’s more nascent products in digital experience and cloud workload protection to rapidly grow in the near term, and also help bolster customer switching costs as organisations consolidate spending with its platform,” Cash said in a recent Morningstar note. The investment research firm has a two-star rating on Zscaler and sees fair value at $205.
Zscaler shares closed at $280.02 on 23 September. Shares set a 52-week high of $293.44 on 7 September.
Palo Alto Networks
Palo Alto Networks reported a loss of $119.3m for the fiscal fourth quarter ended 31 July. Revenue grew 28% to $1.2bn.
For the next quarter, Palo Alto expects non-GAAP per-share earnings to range between $1.55–$1.58 on revenue of $1.19bn–$1.21bn, below $1.60 per diluted share reported in the previous quarter.
Revenue for the full year ended 31 July was $4.3bn, up from $3.4bn. The net loss was $499m compared to $267m.
“We like (Palo Alto’s) automation suite – we think automation is a future catalyst for growth,” Morningstar senior analyst Mark Cash told Capital.com. Morningstar raised its fair value stock price estimate to $490 after Palo Alto’s recent analyst day.
Palo Alto shares closed at $483.15 on 23 September. Shares set a 52-week high of $495.92 on 14 September.
"We believe Palo Alto is strongly executing the platform-based approach in its focus areas of network security, cloud security, and facilitating the needs of security operations teams via automation," the analyst said in his most recent note. Morningstar has a three-star rating on Palo Alto Networks’ stock.
Palo Alto recently launched Okyo Garde, a Wi-Fi security device aimed at work-from-home consumers.
"Okyo Garde is intended to become (Palo Alto’s) fourth platform, alongside Strata, Prisma, and Cortex. We do not expect (Palo Alto) to make a significant push into the consumer market in the near term, though we expect Okyo to evolve over time," BMO Capital Markets analyst Keith Bachman wrote in a recent research note obtained by Capital.com.
Identity services provider Okta posted a 57% jump in revenue to $316m for the fiscal second quarter ended 31 July. Subscription revenue increased $303m, up 59% year over year.
The net loss widened to $277m from negative $60m a year earlier due to the $6.5bn acquisition of identity platform Auth0 in March.
"While Okta’s identity and access solutions for workforces remain the largest portion of sales, the addition of Auth0 accelerates Okta’s disruption into the burgeoning customer identity and access market, aimed at enabling a secure journey for users of a client’s applications," Morningstar’s Cash said in a note. The firm has upped Okta’s fair value to $280 per share and has a three-star rating on the stock.
Okta shares closed at $255.38 on 23 September, well below the 52-week high of $294.00 set on 12 February.
FireEye posted an operating loss of $84.5m in the fiscal second quarter ended 30 June versus $76.7m in the prior year quarter. Revenue was up 17% to $114m as the company adjusted from a major divestiture – the sale of its Products business for $1.2bn to Symphony Technology Group in June. The company is retaining Mandiant, the cybersecurity products and incident response firm it acquired in 2014.
"We believe the continuing operations, or Mandiant, portion of the business is trending in the right direction for the long term," Morningstar's Cash wrote in a note. The firm has a two-star rating on FireEye stock and fair value at $17 per share.
FireEye shares closed at $18.28 on 23 September. The 52-week high, achieved on 23 December, was $25.53.
After joining the New York Stock Exchante (NYSE) in June, SentinalOne posted a net loss per share of 57 cents in the fiscal second quarter ended 31 July. the number was a 10-cent improvement from a year ago, when the Mountain View, California-based company lost 67 cents per share.
Revenue soared 121% on the prior year to $45.8m. Annual recurring revenue jumped 127% while total customer count rose 75% year over year to 5,400 custormers.
The company is guiding to third-quarter revenue between $49m and $50m.
"Cybersecurity must be autonomous – that’s what we’ve built. It must perform at a faster speed, greater scale and higher accuracy than what exists today," SentinelOne co-founder and chief executive Tomer Weingarten said.
ForgeRock provides identity and access management solutions for over 1,300 customers which include UK financial services firm Standard Chartered, shipping line Maersk, Dutch electronics firm Philips and Japan's Toyota.
Meme stock investors from social media website Reddit may have found a new target in IronNet, which saw its stock price spike 142% in one pre-market trading session in early September, on what Reddit users were speculating was a “gamma squeeze”, i.e. short-selling interest in a stock leading to a rise in the underlying stock itself.
IronNet provides network detection and response services powered by artificial intelligence (AI) behavioural analytics. The company was founded in 2014 by Keith Alexander, a retired four-star US Army general who was the director of the US National Security Agency (NSA) from 2005 to 2014. The workforce includes many former NSA cybersecurity professionals.
Exchange traded funds
Exchange traded funds (ETFs) may be a good way to invest in the sector. Rather than investing in an individual company’s shares that have the potential to lose value, an ETF spreads the risk by pooling together more than one company’s shares into an exchange-traded product that typically has lower fees than traditional mutual funds.
Among the many cybersecurity-focused ETFs on offer for investors are:
Those companies may benefit from the shift of technology infrastructure to the Cloud – a cost-saving alternative to owning and operating physical server hardware.
First Trust NASDAQ Cybersecurity ETF has $4.9bn in assets and tracks the Nasdaq CTA Cybersecurity Index.
Global X Cybersecurity ETF has $881m in assets and holds a portfolio of 32 shares from companies that stand to benefit from the increased adoption of cybersecurity technology.