The new reality: Cybersecurity firms revert to the mean
While by no means a safe haven, the cybersecurity sector has outpaced the broader tech market by a meaningful margin. That is, up until very recently.
Cybersecurity remains the No. 1 technology priority for the C-suite, but as we’ve previously reported, the chief information security officer’s budget has constraints, just like other technology investments. Recent trends show that economic headwinds have elongated sales cycles, pushed deals into future quarters and, just like other tech initiatives, are pacing cybersecurity investments and breaking them into smaller chunks.
In this Breaking Analysis, we explain how cybersecurity trends are reverting to the mean and tracking more closely with other technology investments. We’ll make a couple of valuation comparisons to show the magnitude of the challenge and which cyber firms are feeling the heat, and which aren’t as much. We’ll then show the latest survey data from Enterprise Technology Research to quantify the contraction in spending momentum and close with a glimpse at the landscape of emerging cybersecurity companies that could be ripe for acquisition or consolidation or could be disruptive to the broader market.
Cybersecurity faces a new reality
First, let’s take a look at the recent patterns for cyber stocks relative to the broader tech market.
Above we show a year-to-date comparison of the BUG ETF, which comprises a basket of cybersecurity names, with the tech-heavy Nasdaq composite. Notice that on April 13 of this year, the cyber ETR was actually in positive territory, while the Nas was down nearly 14%. By Aug. 16 the green turned red for cyber stocks but they still meaningfully outpaced the broader tech market by more than 950 basis points. As of Dec. 2, that delta had contracted, and as you can see, the cyber ETF is now down nearly 25% year to date while the Nasdaq is down 27% and change.
Only Palo Alto has avoided the valuation hammer
Let’s take a look at just how far a few of the high-profile cybersecurity names have fallen.
Above we show six cybersecurity firms we’ve been tracking closely since before the pandemic. We’ve been tracking dozens more but just take a look at this data. We show the S&P 500 and Nasdaq for reference, which are both up since the February just prior to the pandemic. During the pandemic the S&P 500 shot up more than 40% relative to its pre-pandemic level and the Nasdaq peaked at around 65% above its February level. They’re now down to 85% and 71%, respectively, from their pandemic peaks as shown in the chart.
Compare that to the six companies shown. Splunk Inc., which was and still is working through a transition, is well below its pre-pandemic market value and 44% of its pandemic high.
Palo Alto Networks Inc. is most interesting in that it had been facing challenges prior to the pandemic related to a pivot to the cloud, which we reported at the time. But as we said then, we believed the company would sort out its cloud transition, which it did, as you can see. Its valuation jumped from $24 billion prior to COVID to $56 billion during the pandemic and is still holding 93% of its peak value. Its revenue run rate is now over $6 billion with a healthy growth rate of 24% expected for next quarter.
Similarly, Fortinet Inc. has done relatively well, holding 71% of its peak COVID value with a healthy 34% revenue guide for the coming quarter.
Okta Inc. has been the biggest disappointment. A darling of the pandemic, Okta’s communications snafu with what was actually a pretty benign hack, combined with difficulty absorbing its $7 billion Auth0 acquisition, knocked the company off track. Its valuation has dropped by $35 billion since its peak during the pandemic; and that’s after a nice beat and bounce-back quarter just announced by Okta. In our view Okta remains a viable long-term leader in identity.
However, its recent FY ’24 revenue guide was exceedingly conservative at around 16% growth. So either the company is sandbagging or has such poor visibility that it wants to be cautious… or it’s seeing a dramatic slowdown in its momentum. After all, this is a company that not too long ago was putting up 50%-plus growth rates. So it’s one that bears close watching.
CrowdStrike Holdings Inc. is another big name that we’ve been talking about on Breaking Analysis. It, like Okta, has led the industry in a key ETR performance indicator (Net Score) that measures customer spending momentum. Just last week, CrowdStrike announced revenue increased by more than 50% but new ARR was soft and the company guided conservatively. Not surprisingly, the stock got crushed as CrowdStrike blamed tepid demand from smaller and midsized firms. As well, many analysts believed that competition from Microsoft Corp. was one factor along with cautious spending amongst midsized and smaller customers. Large customers, however, remained active, so we’ll see if this is a longer-term trend or an anomaly.
Zscaler Inc. is another company in the space that we’ve reported as having great customer spending momentum in the ETR surveys, but even though the company beat expectations for its recent quarter, its outlook was conservative.
So other than Palo Alto and to a lesser extent Fortinet, these companies, and others, are feeling the economic pinch and it shows in the compression of value. CrowdStrike, for exampl, had a $70 billion valuation at one point during the pandemic. Zscaler topped $50 billion, Okta $45 billion. Now having said that, Palo Alto Networks, Fortinet, CrowdStrike and Zscaler are still all trading well above their pre-pandemic levels.
Major changes in momentum since January
Let’s go back to ETR’s January survey and take a look at how much things have changed since the beginning of the year.
Above is an XY graph that shows Net Score or spending momentum on the Y axis and market presence or on the X axis. The red dotted line at 40% indicates a highly elevated Net Score. We’ve filtered the data to show only those companies with more than 50 responses in the ETR survey. Note there were around 20 companies above the 40% mark in what is a very crowded market. But lots of positive momentum.
Fast forward to today’s market signals
Let’s jump ahead to the most recent October survey and see what’s happening.
Above is the same graphic plotting spending momentum and market presence. Look at the number of companies above the red line and how it has been squashed. Still a very crowded market with lots of green, but the number above the 40% mark has gone from around 20 to about five or six firms. And it speaks to the compression in information technology spending, with the elongated sales cycles, pushing deals out and taking them in smaller chunks.
We had many conversations with customers last week at Amazon Web Services Inc.’s re:Invent conference underscoring this exact trend. The buyers are getting pressure from their chief financial officers to slow things down, do more with less and prioritize projects. And that’s rippling through to all sectors.
Which security firms stand out from the pack?
Let’s now do a bit more playing around with the ETR data and take a look at those companies with more than 100 citations in the survey this quarter — so N greater than or equal to 100. And each quarter we take a look at those four-star security firms, that is those that are in the top 10 for both spending momentum and mentions in the survey. That’s what we show below.
The leftmost chart is sorted by spending momentum and the righthand chart by Shared N or number of mentions in the survey. The solid red line denotes the cutoff point at the top 10. You’ll note that we actually cut it off at 11 to account for Auth0, which is now part of Okta and is going through a go-to-market transition with the company.
Starting on the left with spending momentum or Net Score, Microsoft leads all vendors. CrowdStrike is always near the top but note that CyberArk Software Ltd. and Cloudflare Inc. have cracked the top five and Okta has dropped well off its previous highs. You’ll notice that Palo Alto Networks with a 38% Net Score, just below the magic 40% number, is healthy, especially as you look at the righthand chart.
Palo Alto, with an N of 395, is the largest of the independent pure-play security firms in the survey and has a very healthy Net Score, although that score has dropped considerably since the beginning of the year, which is the case for most of the top 10 names, with the exception of Fortinet.
Four-star security firms
Which brings us to the fourstar security firms. That is, those that hit the top 10 in both Net Score and market presence: Microsoft, Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler. And as we mentioned, since January, only Fortinet has shown an increase in Net Score since January, again speaking to the compression in spend.
A continuous theme in cyber: The market is ripe for consolidation
One of the big themes we hear constantly in the cybersecurity market is the market is overcrowded. The implication being there’s much room for consolidation – both via M&A and through vendor consolidation from point tools onto platforms. As we saw in the previous chart, this is a crowded market and we’ve seen lots of consolidation in 2022. There are literally hundreds of M&A deals with some of the largest companies going private or getting acquired — e.g. SailPoint, KnowBe4, Barracuda, Mandiant, ForgeRock… billions of dollars spent to acquire these companies and hundreds of other firms.
Now lest you think the pond is overfished, below is a chart from ETR of emerging tech companies in the cybersecurity industry.
This data above comes from ETR’s Emerging Technology Survey (ETS) and it’s ripe with companies that are candidates for M&A. Many would have liked to have gotten to the public market during the pandemic but didn’t make it.
The graph shows Net Sentiment on the vertical axis, which measures awareness of and intent to adopt, against Mind Share on the horizontal axis, which measures awareness of the vendor.
Some of the standouts in Mind Share are OneTrust LLC, BeyondTrust Corp., Tanium Inc. in endpoint, Netskope Inc., 1Password in identity, managed security service provider Arctic Wolf Networks Inc, Snyk Ltd. in both app security and containers, and you can just see the number of companies in the space just keeps growing.
Isolating on the largest private emerging security firms
Just to make it a bit easier on the eyes, we filtered the data on those companies with more than 100 responses in the survey. And that’s what we show below.
Some of the names we just mentioned are a bit easier to see. But these are the ones that really stand out in ETR’s Emerging Technology Survey of private companies. OneTrust, BeyondTrust, Tanium, Netskope in cloud, 1Password, Arctic Wolf, Snyk, Bitsight Technologies Inc., SecurityScorecard, HackerOne Inc., Code42 Software Inc. and Exabeam Inc. in security information and event management.
These firms also may do some M&A of their own. We’ve seen that with Snyk, 1Password and others. These companies with the larger footprint will likely be candidates for both buying companies and eventually going public when the markets settle down a bit.
So again, no shortage of players to effect consolidation, both buyers and sellers.
Key questions on our minds
Let’s finish with some critical questions that we’re watching.
CrowdStrike in particular cited softness from smaller buyers. Is that because these firms have stopped adopting? If so, are they more at risk? Or are they tactically moving toward the easy button – aka Microsoft’s “good enough” approach. What does that mean for the market if that smaller company cohort continues to soften?
How about MSSPs – will companies continue to outsource or pause on those moves to try to free up budget?
Is the cloud the best place to save money? It would seem that way from the standpoint of controlling budgets with lots of optionality to dial up and dial down services. Or does the cloud add another layer of complexity that has to be understood and managed by devs, causing firms to pause and kick the can down the road with existing tools?
Consolidation should favor the platform players such as Palo Alto and CrowdStrike. And some of the larger players as well, such as Cisco Systems Inc. How about IBM Corp. and of course Microsoft? Will they benefit from the slowdown on a relative basis and come out stronger?
And how will economic uncertainty impact the risk equation? Of particular concern is increased attacks on vulnerable sectors of the population such as the elderly. How will companies and governments protect them from scams?
And finally, how many cybersecurity companies can actually remain independent in this slingshot economy. In so many ways the market is still strong. It’s just that expectations got ahead of themselves and now, as earnings forecasts are lowered, it’s going to come down to who can execute, generate cash and keep enough runway to get through the knothole.
And the one certainty is nobody knows how tight that hole really is.
Keep in touch
Thanks to Alex Myerson and Ken Shiffman, who are on production, podcasts and media workflows for Breaking Analysis. Special thanks to Kristen Martin and Cheryl Knight, who help us keep our community informed and get the word out, and to Rob Hof, our editor in chief at SiliconANGLE.
Also, check out this ETR Tutorial we created, which explains the spending methodology in more detail. Note: ETR is a separate company from Wikibon and SiliconANGLE. If you would like to cite or republish any of the company’s data, or inquire about its services, please contact ETR at firstname.lastname@example.org.
Here’s the full video analysis:
All statements made regarding companies or securities are strictly beliefs, points of view and opinions held by SiliconANGLE Media, Enterprise Technology Research, other guests on theCUBE and guest writers. Such statements are not recommendations by these individuals to buy, sell or hold any security. The content presented does not constitute investment advice and should not be used as the basis for any investment decision. You and only you are responsible for your investment decisions.
Disclosure: Many of the companies cited in Breaking Analysis are sponsors of theCUBE and/or clients of Wikibon. None of these firms or other companies have any editorial control over or advanced viewing of what’s published in Breaking Analysis.