Cybersecurity Stock Report


The Cybersecurity Stock Report is published quarterly by Cybersecurity Ventures. We provide a list of 60+ publicly-traded cybersecurity companies, a stock watch list with real-time quotes, our editors choice for the hottest company, insights on the cyber firms we track, and a recap of the cybersecurity stock market for the prior quarter.


Q3 2016: Niche Players Proofpoint, Rapid7 and CyberArk Outperform Cybersecurity Market

allsiongatlinembossAllison Gatlin

Menlo Park, Calif. – Nov. 30, 2016

Publicly-traded cybersecurity firms rebounded growing more than 11% in Q3 as the lion’s share of players met or beat Wall Street’s expectations. But analysts note Palo Alto Networks’ and Fortinet’s lagging metrics could signal a reprioritization that leaves firewalls in the dust.

Wall Street hammered Fortinet stock in October when it negatively pre-announced its Q3 report. Shares of Palo Alto Networks, too, crashed 10% when the firm missed the high-end of its fiscal Q3 guidance for the first time ever and guided to a backend-loaded January quarter.

Both firms shared a commonality — product sales braked jarringly, but subscription revenue, too, hit a speed bump for the third consecutive quarter. Palo Alto’s product sales dipped to 11% growth from 24% ad 35%. Fortinet toppled to 7% growth from 19% and 28%.

Piper Jaffray analyst Andrew Nowinski blames decelerating product sales on shifting enterprise focus. In 2014 and 2015, enterprises prioritized perimeter security — helping boost Palo Alto’s and Fortinet’s valuations. Now, security inside the firewall is getting a renewal.

“There seems to be more of a focus on internal tech,” he said. “But, in 2017, we should still get the (firewall) refresh cycle benefit even if firewall spending is no longer a priority. We’re seeing more of a focus on email, database security and privileged account management.”

He added: “The bigger underlying question is why are security purchases taking longer to close and why are CIOs (chief information officers) treating security purchases the same way they do regular IT and networking purchases?”

William Blair analyst Jonathan Ho says Wall Street had expected Palo Alto’s product revenue to decelerate, but not to the degree it did. Palo Alto’s guidance indicates fiscal Q4 could be the slowest-ever quarter for product sales amid an extended deal cycle.

“I think people thought (Palo Alto Networks) had set the bar lower last quarter,” he said. “Product revenue has been steadily decelerating at a much steadier rate. … They had guided for that, but expectations were for them to do better than that result.”

Cybersecurity Firms Reach Expectations

Nearly three-quarters of publicly-traded security firms met or beat expectations, but many by the skin of their teeth, William’s Blair’s Ho says. Fortinet, alone, had relatively weak results, Piper Jaffray’s Nowinski said. Nearly nine in 10 beat on profitability, but almost a third had losses.

“A lot of the cybersecurity companies’ results were OK, they kind of barely got through it or they had to reset expectations over the last two quarters,” Ho said. “At a high level, going into 2016, companies expected a continuation of spending trends that haven’t really held up this year.”

Cybersecurity Ventures, though, doesn’t buy the slowdown theory. Instead, the spending that would normally bulk up pure security players is funneling into tech giants like Cisco Systems and IBM, and hundreds of venture-capital backed plays.

Fiscal Q3 sales as a whole were flat and declined 7%, respectively, for IBM and Cisco Systems. But both managed to grow security revenue by 11% apiece. Between 2017 and 2021, spending will top $1 trillion across the sector, Cybersecurity Ventures predicts.

But that may not extend as robustly to the public sector. Major breaches of Target, Home Depot, Ashley Maddison and the U.S. Office of Personnel Management stoked so-called “emergency spending” and record security valuations in 2014 and 2015, Ho said.

Security spending could rebound somewhat in 2017, Ho and Nowinski say. But Ho says that won’t approach 2014-2015 levels. Nowinski predicts a firewall refresh at the five-year mark after Palo Alto added a massive number of customers in 2012. Neither sees a major jump, though.

“I don’t expect (spending in 2017) to revert back to 2014 and 2015 with blank-check spending when people were panicking,” William Blair’s Ho said. “It will be more selective. But we plan for that increase. We can still have continued growth in the marketplace.”

Steve Morgan, Founder and Editor-In-Chief at Cybersecurity Ventures offers a more optimistic view on spending. “Cybercrime damages are predicted to cost the world $6 trillion annually by 2021, up from $3 trillion last year” says Morgan. “With that, governments, corporations, and consumers will hike up their spending on cyber protection.”

“The biggest news in the recent U.S. presidential election was email security” notes Morgan. “In 2016 we witnessed major hacks on the DNC, LinkedIn, Dropbox, Yahoo, and countless others. It if doesn’t feel as serious as last year, it’s because the world is getting used to cybercrime.”

Niche Players Gain Momentum

Calendar year Q3 represented a small rebound for security firms which grew 11.3% on average following 9.2% growth in Q2. Public sector growth slowed considerably from 20.8% in Q1 and 23.3% in Q4.

But there are standouts. Though Palo Alto Networks missed the Street’s expectations, its 34% total sales and 57% earnings growth is nothing to sneeze at. Still, the best growth came from Proofpoint, Rapid7 and CyberArk Software, all niche players.

Proofpoint, Rapid7 and CyberArk grew 44%, 42% and 37%, respectively, in Q3. Less than half of pure security players (47.8%) outperformed the industry. But for that trio, alongside, Palo Alto Networks, it was the fourth consecutive quarter to do so.

Others, like Symantec, Barracuda Networks, FireEye and Cyren toed the industry average, growing by low-teens percentages. Symantec’s portfolio is expanding rapidly, though. Over the past two quarters, it added Blue Coat Systems and made plans to acquire Lifelock.

Industry trends are better tilted toward email providers like Proofpoint and Mimecast, William Blair’s Ho said. A number of companies are transitioning to Microsoft Office 365 from on-site hardware, and Intel-McAfee is ending its product and recommending Proofpoint.

Like Proofpoint, Mimecast posted impressive sales growth in Q3, up 29% vs. the year-earlier quarter. Sales have accelerated for three consecutive quarters. Mimecast is now two quarters into the black, though Q3 earnings declined by half on a year-over-year basis.

Mimecast is ranked eighth in the Cybersecurity Ventures Cybersecurity 500. The company cracked the top 25 for the first time this quarter.

“Email is going through a structural transition,” Ho said. “Office 365 is causing enterprises to reevaluate their security offerings. … Based on what we’ve seen, they (Proofpoint and Mimecast) have benefited from these email trends.”

Allison Gatlin is a journalist, tech reporter, and Cybersecurity Ventures Contributor based in San Jose, Calif.


Q2 2016: Yahoo hack, global cybercrime expected to drive up cybersecurity stocks.

allsiongatlinembossAllison Gatlin

Menlo Park, Calif. – Oct. 3, 2016

Niche players CyberArk Software and Proofpoint bucked a broad Q2 slowdown for publicly-traded cybersecurity companies which, on average, saw sales growth slow by nearly 5 percent vs. the prior quarter.

But, Yahoo’s 500 million-account breach, revealed in late September, and a greater ransomware threat targeting the healthcare sector could stoke robust spending in Q3, and a boosted interest in M&A within the sector, PureFunds CEO Andrew Chanin says.

“Any player with a large amount of cash on their balance sheet and a smaller footprint” will likely soon become acquisitive, Chanin said. He declined to comment on specific firms, but said he’s seeing an M&A drive from the diversified tech and defense sectors.

Chanin runs the HACK exchange-traded fund which has ramped 35 percent since hitting a 2016 low in February. Shares of the 35-company ETF are now up 7 percent for the year. Sales growth wasn’t strong overall in Q2, but Chanin says investor appetite is returning.

He credits the cybersecurity stock resurgence to the “cat-and-mouse” paradigm emblematic of the industry. With breaches of Yahoo, Snapchat, LinkedIn and Dropbox in the rearview, companies are on edge. And investors are ready, Chanin says.

“Some of this movement (in the HACK ETF) could be investor appetite coming back and making up from being one of the more oversold areas of technology,” he said. “We could be seeing a trend change here.”

Q2 In Review

Wall Street titters of a broad cybersecurity slowdown have plagued the industry since February when former FireEye CEO David DeWalt said “emergency spending” in the wake of the notable Target and Home Depot breaches had subsided.

Analysts have largely dismissed the suggestion as cybersecurity darlings like Palo Alto Networks, CyberArk, Proofpoint, Mimecast and Rapid7 continue outgrowing the broader industry. Cybersecurity Ventures, too, isn’t a believer in the so-called slowdown.

Public pure players like Palo Alto, FireEye and Check Point Software Technology are feeling the heat from tech giants like Cisco Systems and IBM, and hundreds of venture capital-backed start-ups, says Cybersecurity Ventures’ founder and editor-in-chief Steve Morgan.

On average, security firms publicly-traded on the NYSE or NASDAQ grew 7.2 percent in Q2, slowing from 12 percent growth in Q1. Growth was more robust in Q4 and Q3 when security players tacked on 19.9 percent and 24.8 percent, respectively, in average sales growth.

That’s amid more competition from tech giants like Cisco and IBM which saw security sales grow 16% and 18% for their quarters ended in July and June, respectively. Security comprises 4 percent of Cisco’s total sales and 2.5 percent of IBM’s.

But, there were standouts among the pure players. Small-cap Rapid7 led the pack in terms of sales growth, up 45 percent year over year to $37.3 million. That sales growth came at the expense of earnings. Rapid7 lost 22 cents per share ex items.

Meanwhile, bigger Palo Alto and Proofpoint trailed, up 41 percent vs. the year-earlier quarter to $400.8 million and $89.8 million in sales. Palo Alto posted 50 cents EPS minus items, up 79 percent and Proofpoint swung to a 6-cent gain vs. a 9-cent loss in the year-earlier period.

The enterprise market is largely a “two-horse race” between Palo Alto and Check Point, Piper Jaffray analyst Andrew Nowinski wrote in a Sept. 12 research note following calendar Q2. Check Point trails Palo Alto in terms of market cap.

But Check Point’s Q2 sales growth of 7 percent decelerated from 10 percent year-over-year growth in the prior quarter, and wasn’t enough to keep up with small-caps like Rapid7 and root9B.

Adversary pursuit and cyber operations specialist root9B tops Cybersecurity Ventures’ Cybersecurity 500 list. During Q2, root9B shifted focus to become a pure cybersecurity play. It pulled in $10.2 million in sales, up 28 percent, but losses widened to 6 cents per share.

Healthcare, IoT, Mobile Expected To Drive Q3

root9B is diving full-tilt into mobile protection where it will face off with niche players like Mimecast and Proofpoint. The mobile and Internet of Things segments were key in Q2 — evidenced by Mimecast’s 24 percent sales growth during the quarter.

PureFunds’ Chanin, Business Insider and market tracker IDC all say mobile will be a driving force in Q3 and beyond. Malware is now refocusing to smartphones and mobile devices, leaving laptop and PC attacks largely in the dust, Cybersecurity Ventures’ Morgan says.

Meanwhile, ransomware’s torqued advance will push an expected $6 trillion in cybercrime losses by 2021, according to a Cybersecurity Ventures analysis. Thus far in 2016, ransomware attacks are up 300% including a $17,000 hit on Hollywood Presbyterian Medical Center.

Attacks on the healthcare sector are up 35 percent year to date vs. this time last year, Cybersecurity Ventures found in its Hackerpocalypse report. In 2015, healthcare, manufacturing, financial services, government and transportation were the most targeted cyber-industries.

That’s because medical data is immutable and victims don’t always know they’ve been breached. Largely, companies are in the same straits, PureFunds’ Chanin says. That lingering specter spooks — and drives — the cybersecurity industry, he says.

“There’s always another major breach looming,” he said. “We’re just finding out about Yahoo now. How many more companies are there that have been breached and are just trying to figure out what to do?”

Spending Outlook

“We expect worldwide spending on cybersecurity products and services to eclipse $1 trillion cumulatively for the five-year period from 2017 to 2021” says Steve Morgan, founder and Editor-In-Chief at Cybersecurity Ventures.

Cybersecurity Ventures anticipates 12-15 percent year-over-year growth through 2021, compared to the 8-10 percent projected over the next five years by several industry analysts.

Rob Owens, Senior Research Analyst for Security and Infrastructure Software at Pacific Crest Securities, recently told Investor’s Business Daily that he sees pent-up demand for cybersecurity spending. He says companies are spending a relatively low 3 percent of their capex (capital expenditures) that’s focused on IT security.”

“From our optics, if you define cyber as data collection, storage, security, analysis, threat intelligence, operations and dissemination, then the $1 trillion market forecast from Cybersecurity Ventures barely scratches the surface” says Jeremy King, President at Benchmark Executive Search, a boutique executive search firm focused on cyber, national, and corporate security. “Cyber will never go away as the bad guys will never stop exploiting this new medium.”

Allison Gatlin is a journalist, tech reporter, and Cybersecurity Ventures Contributor based in San Jose, Calif.


stevemorgancvheadshotCYBERSECURITY VENTURES

Steven C. Morgan, Editor-In-Chief

Steve Morgan is Founder and CEO at Cybersecurity Ventures, and Editor-In-Chief of the Cybersecurity Stock Report and the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies. Steve has written hundreds of cybersecurity blogs and articles which have appeared in CIO, Computerworld, CSO, Forbes, Homeland Security Today, InformationWeek / DarkReading, Infoworld, ITworld,, TMCnet, and others.



Don’t miss an issue of the Cybersecurity Stock Report.

Join our mailing list to be notified when we publish each quarterly edition of the Cybersecurity Stock Report, the Cybersecurity 500, and our other cybersecurity lists and reports.

This list has a privacy policy.

* We will not sell, rent or share your email address with anyone.

To UNSUBSCRIBE from our mailing list, enter your email address in the box above and follow the instructions.

© 2016 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of the Cybersecurity Stock Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.


Market quotes are powered by

300x250-gif_v2 hunt_3