Breaking Analysis: Cyber firms revert to the mean

While by no means a safe haven, the cybersecurity sector has outpaced the broader tech market by a meaningful margin. That is up until very recently. Cyber security remains the number one technology priority for the c-suite but as we’ve previously reported, the CISO’s budget has constraints; just like other technology investments. Recent trends show that economic headwinds have elongated sales cycles, pushed deals into future quarters and, just like other tech initiatives, are pacing cybersecurity investments and breaking them into smaller chunks. 

In this Breaking Analysis we explain how cybersecurity trends are reverting to the mean and tracking more closely with other technology investments. We’ll make a couple of valuation comparisons to show the magnitude of the challenge and which cyber firms are feeling the heat, and which aren’t as much. We’ll then show the latest survey data from ETR to quantify the contraction in spending momentum and close with a glimpse at the landscape of emerging cybersecurity companies that could be ripe for acquisition, consolidation or disruptive to the broader market. 

Cybersecurity Faces a New Reality

First let’s take a look at the recent patterns for cyber stocks relative to the broader tech market.

Above we show a year to date comparison of the BUG ETF, which comprises a basket of cybersecurity names, with the tech heavy Nasdaq composite. Notice that on April 13th of this year, the cyber ETR was actually in positive territory, while the Nas was down nearly 14%. By August 16th the green turned red for cyber stocks but they still meaningfully outpaced the broader tech market by more than 950 basis points. As of December 2nd, that delta had contracted as you can see, the cyber ETF is now down nearly 25% year to date while the Nasdaq is down 27% and change. 

Only Palo Alto has Avoided the Valuation Hammer

Let’s take a look at just how far a few of the high profile cybersecurity names have fallen.

Above we show six cybersecurity firms we’ve been tracking closely since before the pandemic. We’ve been tracking dozens more but just take a look at this data. We show the S&P 500 and Nasdaq for reference, which are both up since the February just prior to the pandemic. During the pandemic the S&P 500 shot up more than 40% relative to its pre-pandemic level and the Nasdaq peaked at around 65% above its February level. They’re now down to 85% and 71% respectively from their pandemic peaks as shown in the chart. 

Compare that to the six companies shown. Splunk, which was and still is working through a transition is well below its pre-pandemic market value and 44% of its pandemic high. 

Palo Alto Networks is most interesting in that it had been facing challenges prior to the pandemic related to a pivot to the cloud, which we reported at the time. But as we said then, we believed the company would sort out its cloud transition, which it did as you can see. Its valuation jumped from $24B prior to COVID to $56B during the pandemic and is still holding 93% of its peak value. Its revenue run rate is now over $6B with a healthy growth rate of 24% expected for next quarter. 

Similarly, Fortinet has done relatively well, holding 71% of its peak COVID value with a healthy 34% revenue guide for the coming quarter. 

Okta has been the biggest disappointment. A darling of the pandemic, Okta’s communications snafu with what was actually a pretty benign hack, combined with difficulty absorbing its $7B Auth0 acquisition knocked the company off track. Its valuation has dropped by $35B since its peak during the pandemic; and that’s after a nice beat and bounce back quarter just announced by Okta. In our view Okta remains a viable long term leader in identity. However its recent FY ‘24 revenue guide was exceedingly conservative at around 16% growth. So either the company is sandbagging or has such poor visibility that it wants to be cautious…or it’s seeing a dramatic slowdown in its momentum. After all this is a company that not too long ago was putting up 50%+ growth rates. So it’s one that bears close watching. 

CrowdStrike is another big name that we’ve been talking about on Breaking Analysis. It, like Okta, has led the industry in a key ETR performance indicator (Net Score) that measures customer spending momentum. Just last week, CrowdStrike announced revenue increased by more than 50% but new ARR was soft and the company guided conservatively. Not surprisingly, the stock got crushed as CrowdStrike blamed tepid demand from smaller and mid-sized firms. As well, many analysts believed that competition from Microsoft was one factor along with cautious spending amongst mid-sized and smaller customers. Large customers however remained active so we’ll see if this is a longer term trend or an anomaly. 

Zscaler is another company in the space that we’ve reported as having great customer spending momentum in the ETR surveys but even though the company beat expectations for its recent quarter its outlook was conservative. 

So other than Palo Alto and to a lesser extent Fortinet, these companies, and others, are feeling the economic pinch and it shows in the compression of value. CrowdStrike for example had a $70B valuation at one point during the pandemic. Zscaler topped $50B, Okta $45B. Now having said that, Palo Alto Networks, Fortinet, CrowdStike and Zscaler are still all trading well above their pre-pandemic levels. 

Major Changes in Momentum Since January

Let’s go back to ETR’s January survey and take a look at how much things have changed since the beginning of the year.

Above is an XY graph that shows Net Score or spending momentum on the Y axis and market presence or on the X axis. The red dotted line at 40% indicates a highly elevated Net Score. We’ve filtered the data to show only those companies with more than 50 responses in the ETR survey. Note there were around 20 companies above the 40% mark in what is a very crowded market. But lots of positive momentum. 

Fast Forward to Today’s Market Signals

Let’s jump ahead to the most recent October survey and see what’s happening. 

Above is the same graphic plotting spending momentum and market presence and look at the number of companies above the red line and how it’s been squashed. Still a very crowded market with lots of green but the number above the 40% mark has gone from around 20 to about 5 or 6 firms. And it speaks to the compression in IT spending…the elongated sales cycles, pushing deals out and taking them in smaller chunks. 

We had many conversations with customers last week at re:Invent underscoring this exact trend. The buyers are getting pressure from their CFOs to slow things down, do more with less and prioritize projects. And that’s rippling through to all sectors. 

Which Security Firms Stand out from the Pack?

Let’s now do a bit more playing around with the ETR data and take a look at those companies with more than 100 citations in the survey this quarter. So N greater than or equal to 100. And each quarter we take a look at those 4 star security firms…that is those that are in the top 10 for both spending momentum and mentions in the survey. That’s what we show below.

The leftmost chart is sorted by spending momentum and the right hand chart by Shared N or number of mentions in the survey. The solid red line denotes the cutoff point at the top ten. You’ll note that we actually cut it off at 11 to account for Auth0, which is now part of Okta and is going through a go to market transition with the company. 

Starting on the left with spending momentum or Net Score, Microsoft leads all vendors. CrowdStrike is always near the top but note that CyberArk and Cloudflare have cracked the top 5 and Okta has dropped well off its previous highs. You’ll notice that Palo Alto Networks with a 38% Net Score, just below the magic 40% number is healthy, especially as you look at the right hand chart. 

Palo Alto with an N of 395 is the largest of the independent pure play security firms in the survey and has a very healthy Net Score, although that score has dropped considerably since the beginning of the year, which is the case for most of the top 10 names, with the exception of Fortinet. 

Fourstar Security Firms

Which brings us to the fourstar security firms. That is those that hit the top 10 in both Net Score and market presence. Microsoft, Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler. And as we mentioned, since January, only Fortinet has shown an increase in Net Score since January, again speaking to the compression in spend. 

A Continuous Theme in Cyber is the Market is Ripe for Consolidation

One of the big themes we hear constantly in the cybersecurity space is the market is overcrowded. The implication being there’s much room for consolidation– both via M&A and through vendor consolidation from point tools onto platforms. As we saw in the previous chart, this is a crowded market and we’ve seen lots of consolidation in 2022…literally hundreds of of M&A deals with some of the largest companies going private or getting acquired- e.g. SailPoint, KnowBe4, Barracuda, Mandiant, ForgeRock…billions of dollars spent to acquire these companies and hundreds of other firms.

Now lest you think the pond is over fished….below is a chart from ETR of emerging tech companies in the cybersecurity industry.

This data above comes from ETR’s Emerging Technology Survey (ETS) and it’s ripe with companies that are candidates for M&A. Many would have liked to have gotten to the public market during the pandemic but didn’t make it. 

The graph shows Net Sentiment on the vertical axis, which measures awareness of and intent to adopt, against Mind Share on the horizontal axis, which measures awareness of the vendor. 

Some of the standouts in Mind Share are OneTrust, BeyondTrust, Tanium in endpoint, Netskope, 1Password in identity, MSSP Arctic Wolf Networks, Snyk in both app security and containers and you can just see the number of companies in the space just keeps growing. 

Isolating on the Largest Private Emerging Security Firms

Just to make it a bit easier on the eyes, we filtered the data on those companies with more than 100 responses in the survey. And that’s what we show below.

Some of the names we just mentioned are a bit easier to see. But these are the ones that really stand out in ETR’s Emerging Technology Survey of private companies. OneTrust, BeyondTrust, Tanium, Netskope in cloud, 1Password, Arctic Wolf, Snyk, Bitsight, Security Scorecard, HackerOne, Code42 and Exabeam in SIEM. 

These firms also may do some M&A of their own. We’ve seen that with Snyk, 1Password and others. These companies with the larger footprint will likely be candidates for both buying companies and eventually going public when the markets settle down a bit. 

So again, no shortage of players to affect consolidation, both buyers and sellers. 

Key Questions on our Minds

Let’s finish with some critical questions that we’re watching.

CrowdStrike in particular cited softness from smaller buyers. Is that because these firms have stopped adopting? If so, are they more at risk? Or are they tactically moving toward the easy button – aka Microsoft’s “good enough” approach. What does that mean for the market if that smaller company cohort continues to soften? 

How about MSSPs – will companies continue to outsource or pause on those moves to try and free up budget? 

Is the cloud the best place to save money? It would seem that way from the standpoint of controlling budgets with lots of optionality to dial up and dial down services. Or does the cloud add another layer of complexity that has to be understood and managed by devs, causing firms to pause and kick the can down the road with existing tools? 

Consolidation should favor the platform players like of Palo Alto and CrowdStrike. And some of the larger players as well like Cisco…how about IBM and of course Microsoft? Will they benefit from the slowdown on a relative basis and come out stronger? 

And how will economic uncertainty impact the risk equation? Of particular concern is increased attacks on vulnerable sectors of the population like the elderly. How will companies and governments protect them from scams? 

And finally, how many cybersecurity companies can actually remain independent in this slingshot economy. In so many ways the market is still strong…it’s just that expectations got ahead of themselves and now as earnings forecasts are lowered, it’s going to come down to who can execute, generate cash and keep enough runway to get through the knothole. 

And the one certainty is nobody knows how tight that hole really is. 

Keep in Touch

Thanks Alex Myerson and Ken Shiffman are on production, podcasts and media workflows for Breaking Analysis. Special thanks to Kristen Martin and Cheryl Knight who help us keep our community informed and get the word out. And to Rob Hof, our EiC at SiliconANGLE.

Remember we publish each week on Wikibon and SiliconANGLE. These episodes are all available as podcasts wherever you listen.

Email david.vellante@siliconangle.com | DM @dvellante on Twitter | Comment on our LinkedIn posts.

Also, check out this ETR Tutorial we created, which explains the spending methodology in more detail.

Watch the full video analysis:

Image: intheskies

Note: ETR is a separate company from Wikibon and SiliconANGLE. If you would like to cite or republish any of the company’s data, or inquire about its services, please contact ETR at legal@etr.ai.

All statements made regarding companies or securities are strictly beliefs, points of view and opinions held by SiliconANGLE Media, Enterprise Technology Research, other guests on theCUBE and guest writers. Such statements are not recommendations by these individuals to buy, sell or hold any security. The content presented does not constitute investment advice and should not be used as the basis for any investment decision. You and only you are responsible for your investment decisions.

Disclosure: Many of the companies cited in Breaking Analysis are sponsors of theCUBE and/or clients of Wikibon. None of these firms or other companies have any editorial control over or advanced viewing of what’s published in Breaking Analysis.

 

Print Friendly, PDF & Email

Research Agenda Big Data, Cloud & Infrastructure