You might consider investing in cybersecurity stocks now, as private equity firms are increasingly acquiring companies in this sector. The buzz around generative artificial intelligence has also had an impact on the performance of cybersecurity stocks.
As of August 7th, the Computer Software Security group ranked 76th out of 197 industry groups tracked by IBD, a drop from its previous position at 35th just a week ago. However, one month ago, it held a higher rank at 15th.
Palo Alto Networks (PANW) experienced a decline in its stock price following the announcement of an unconventional timing for its fiscal fourth quarter earnings call. Instead of the usual Monday or Tuesday in the fourth week of the month, Palo Alto decided to hold an extended earnings call on Friday, August 18th after market close. This session will cover additional strategic topics beyond financial results and include discussions about their medium term outlook. Palo Alto Networks justified this unusual timing by citing important company events such as their sales kickoff scheduled for the following week.
In contrast, Fortinet (FTNT) reported second quarter results that fell short of expectations in terms of revenue and billings.
Under new cybersecurity regulations set by the Securities and Exchange Commission (SEC), companies will be required to promptly report significant cyber attacks within four business days once they determine if these incidents will have a material impact on their business.
"We anticipate a significant increase in the number of 8 K filings, along with more proactive investments in security measures to mitigate 'material' cybersecurity incidents. Additionally, we can expect intriguing discussions with cyber policy insurers," noted Raymond James analyst Adam Tindle in a communication to clients regarding the new SEC regulations.
The realm of cybersecurity is witnessing a double edged game involving both computer security firms and malicious hackers who are projected to employ generative AI tools. Let's explore the ongoing battle between AI and cybersecurity.
According to a recent report from Citigroup, we see generative AI as an empowering factor that benefits cyber vendors by enhancing the collective ability to accurately assess threats promptly.
In its latest projection, research firm Gartner forecasts that enterprise spending on information security will hit $186 billion by 2023 and is expected to grow further to $278 billion by 2027, reflecting an impressive compound annual growth rate of 11%. This growth rate surpasses that of most other categories within information technology expenditure.
Bank of America predicts a shift in market share towards cybersecurity companies that offer cloud computing platforms.
"Within this market, smaller vendors still hold significance, particularly those that offer unique solutions. However, we believe that cloud based vendors like Microsoft (MSFT), CrowdStrike Holdings (CRWD), Palo Alto Networks and possibly Zscaler (ZS) have the highest potential for long term value creation for investors," stated Tal Liani, an analyst at Bank of America.
Competition is fierce in this industry. Microsoft, already a formidable competitor, aims to incorporate artificial intelligence tools into its security platform called Microsoft Security Copilot. This platform introduces a new AI assistant.
Could funding for ambitious startups slow down?
Analysts suggest that a fresh wave of startups is gaining market share from established players. These include Netskope, Wiz, Snyk and Illumio. Other notable contenders to keep an eye on are Venafi, Recorded Future, Noname Security, Obsidian Security, Deep Instinct and Skyflow. As these startups exert pressure on the incumbents dominance in the industry; research and development spending increases.
Investment in cybersecurity startups continues to thrive. Wiz, a cloud security firm recently secured $300 million at a valuation of $10 billion. The burning question remains whether the banking crisis will dampen venture capital investment within this sector.
"The cybersecurity startup landscape is saturated with 3,000 security vendors recorded by CyberDB," noted Shrenik Kothari in a memo from Baird analysts.
Despite the high demand for cybersecurity tools, the sheer number of vendors has made things more complicated and has led to a wide range of options available. This complexity makes it difficult for customers to assess and adopt new technologies. As a result, many small scale startups may struggle or face financial difficulties while the market tries to keep up with rapid innovation.
The cybersecurity market is being influenced by major players in cloud computing who are introducing their own offerings, making acquisitions and striking marketing deals for software. Among them, Microsoft poses a significant threat to existing companies in this sector as it offers multiple products at discounted rates to businesses.
A survey conducted by Morgan Stanley in 2022 revealed that chief information officers prioritize cloud computing and security software as top priorities. Following closely behind are business intelligence/analytics, digital transformation and artificial intelligence.
In an analysis of cybersecurity stocks, Goldman Sachs analyst Gabriela Borges highlighted long term trends. According to Borges, multi product platforms have gained momentum and are bringing us closer to overcoming the challenge of innovation in subsegments that have historically experienced boom and bust cycles. She also noted that the industry is becoming less cyclical as there is a shift away from hardware towards Software as a Service (SaaS). This shift provides natural avenues for growth for established players in the industry who would otherwise be facing market saturation.
They are offering Secure Access Service Edge as a solution for network security leaders, along with cloud workload protection platforms.
When it comes to cybersecurity stocks, private equity firms continue to be active players. On October 11th, Thoma Bravo agreed to acquire ForgeRock in an all cash deal valued at approximately $2.3 billion, offering a 53% premium to ForgeRock's closing share price on October 10th. The transaction is expected to be completed in the first half of 2023. Prior to this deal, FORG stock had experienced a decline of 65% during the year.
Thoma Bravo previously acquired Ping Identity Holdings for $2.8 billion and has also made investments in cybersecurity companies like SailPoint Technology, Proofpoint, Sophos and Barracuda. Additionally, they have shown interest in supporting cybersecurity startups such as Illumio.
In May, private equity firm Permira successfully completed the acquisition of Mimecast for $5.8 billion.
Another private equity firm called Vista Partners recently acquired KnowBe4 through a $4.6 billion leveraged buyout. Vista Partners has been a long standing investor in KnowBe4.
Furthermore, Google parent Alphabet made headlines when they acquired Mandiant last year in an all cash deal worth $5.4 billion. Mandiant is now part of Google's cloud computing business.
The involvement of these private equity firms and major tech players indicates that the federal market may serve as a positive force driving growth in the cybersecurity industry.
Moreover, Google made a significant move in 2022 by acquiring Siemplify, a provider of security orchestration, automation and response solutions, for a substantial sum of around $500 million.
Additionally, certain computer security firms may benefit from new initiatives introduced by the federal government.
The Cyber Incident Reporting Act of 2021 mandates that agencies, federal contractors and operators of critical infrastructure promptly inform the Department of Homeland Security upon detecting a data breach. This represents a crucial step towards strengthening security measures.
Several cybersecurity firms are actively leveraging artificial intelligence to gain an advantage over hackers.
Once the bear market subsides, investors might want to consider exploring the Global X Cybersecurity ETF (BUG) for broader exposure to this sector.
Furthermore, Congress has finally passed legislation that includes funding for infrastructure projects at federal, state and local levels. It is expected that this funding will also encompass cybersecurity infrastructure. Moreover, ransomware continues to pose a significant threat.
When it comes to cybersecurity stocks, it is beneficial for investors to be aware of which ones specifically focus on addressing ransomware attacks or phishing attempts and other types of cyber threats.
Meanwhile, CrowdStrike utilizes machine learning techniques along with a specialized database to effectively identify malware on laptops, mobile phones as well as other devices that connect to corporate networks. Additionally, numerous software companies are embracing artificial intelligence technologies in order to gain an edge in this competitive field.
Furthermore, Zscaler holds the position as the leading provider of cloud based web security gateways, which are responsible for examining customers data traffic to detect any malware.
SailPoint, a software company specializing in identity management solutions, is one of several companies that generate over 10% of their revenue from government agencies.
Other cybersecurity firms that have a significant presence in government contracts include Tenable, Rapid7 and CyberArk (CYBR). Tenable recently acquired France based Alsid in 2021. Alsid focuses on identity access management.
Additionally, both Rapid7 (RPD) and Qualys specialize in offering vulnerability management services.
Given the rapid global spread of Covid 19 and subsequent work from home directives from many companies, there has been an increased demand for computer security products that facilitate remote work.
The emergence of the coronavirus pandemic and the shift to remote work have accelerated the growth of cloud based network security. As a result, there is now a new term used within the industry to describe the infrastructure that supports distributed workers and branch offices.
SD WAN Technology's Impact on Security Needs
Corporate entities in America have significantly increased their technology spending on security measures to safeguard intellectual property and consumer privacy. Hackers persistently attempt to steal credit card data and intellectual property.
As businesses migrate their workloads to cloud computing service providers like Amazon Web Services (AWS), which is part of Amazon.com (AMZN), spending on security technologies has adapted accordingly. AWS stands as the largest cloud services firm.
Amazon is emerging as a potential competitor to companies like Cloudflare by incorporating more security tools into its cloud services.
Similarly, Fortinet competes with Palo Alto Networks and other players in the firewall security market. Firewalls act as a protective barrier between private networks and the internet, blocking unauthorized traffic and scanning web applications for malware.
As larger companies transition to off premise cloud computing services, some believe that the role of firewall technology may diminish. Fortinet has focused on software defined wide area networks (SD WANs), which are an emerging computer networking technology.
In an effort to catch up in SD WAN technology, Palo Alto Networks acquired the startup CloudGenix.
The realm of cybersecurity encompasses a wide range of products and services. Additionally, some security vendors are transitioning from selling hardware appliances to software based subscription models. Proofpoint specializes in email and data loss protection.
Meanwhile, hackers often target employees or management with administrative access as a means to compromise networks. CyberArk specializes in managing privileged accounts while Okta (OKTA) provides identity management services.
To combat hackers, more companies are adopting a strategy known as Zero Trust, which focuses on internal security threats.
Moreover, traditional security measures primarily focus on preventing unauthorized access to corporate networks. Additionally, network firewalls are designed to safeguard against intruders coming from the public internet.
Zero Trust cybersecurity models, on the other hand, prioritize addressing internal threats, such as hackers who attempt to steal someone's security credentials. Security companies ensure the verification of network users identities and restrict their access to specific applications.
To emphasize the significance of Zero Trust security, a strategic alliance comprising CrowdStrike, Okta, Netskope and Proofpoint was recently formed. In line with this approach, Cisco Systems (CSCO) acquired Duo Security for a substantial $2.35 billion in 2018.
Furthermore, numerous rapidly expanding cybersecurity firms have positioned themselves in the endpoint market. These companies offer cutting edge tools capable of detecting malware present on laptops, mobile phones and other devices accessing corporate networks.