Digital Safety First
While our economy has been computerized for a while, it is still getting more and more connected.
What data used to be locally stored is now in the cloud. Work is not done in one office but remotely by delocalized teams, often in multiple countries. And most softwares we use are in the cloud. This means that vital or confidential business data are constantly circulated back and forth through the Internet. And that virtually all devices are connected at all times.
This is equally true in our personal lives, where online identity and activities are often as important as the ones “in real life”.
And then the risks are even higher when it comes to defense and geopolitics, with “cyber” now considered by military analysts as a new “fighting domain”, alongside sea, air, land, and space.
All of this makes cybersecurity a growing and all-important concern. Failure in this domain can paralyze businesses, allow for identity theft, or even endanger a nation's safety. Especially as the number of malicious programs has increased by x20 since 2011, reaching an astonishing total of 1.3 billion.
The business model of cybersecurity is inherently sticky, with cybersecurity subscriptions something clients will be very reluctant to cut, lest they get left exposed to catastrophic risks to their operations.
Consequently, the market for cybersecurity services is expected to grow by 13.8% CAGR until 2030, more than doubling from the current $172B.
Top 10 Cybersecurity Stocks for Digital Protection
Cisco Systems, Inc. (CSCO)
The company revenues are mostly in the Americas (59% of the total in Q4 FY 2023). The company protects 840,000 networks and 67 million mailboxes.
Cisco's scale makes it a prime contender for winning at a new level of cybersecurity and network complexity, referred to as “multi-cloud”, where a company relies on many different cloud offerings for its inventory, sales, R&D, etc.
This requires new tools and strategies to handle cybersecurity in a unified fashion. Cisco is able to provide everything from the network's physical infrastructure (routers, datacenters, etc.) to the software and the cybersecurity monitoring tools.
While Cisco mostly works with large international corporations, it also offers its services to SMEs with less powerful, but also simpler to implement cloud services, switches & routers, and firewalls or VPNs.
While not a pure play in cybersecurity, Cisco is very active in the sector and relies on its reputation for safety for the sales of its softwares and network infrastructures. So it is likely to benefit from the trend of increased security needs and remote work.
Palo Alto Networks, Inc. (PANW)
Palo Alto is a leader in cybersecurity, with a focus on firewalls and security platforms. Palo Alto's platform strategy is powered by regular new product launches, covering more and more all possible cybersecurity needs through a coherent offering, instead of patching it together from multiple vendors. Since 2019, the company has multiplied by 5x the number of yearly launches.
The company is also actively embracing AI, both to detect threats (Precision AI) and to handle how customers interact with its products (generative AI, like ChatGPT). Since 2019, the company has moved from only 8 products to 35 using AI, with more still in development.
The growing selection of products is contributing to existing clients increasingly using more and more modules from Palo Alto, leading to larger revenues per client over time, with many expected to use 5 modules or more by 2028.
Palo Alto is growing strongly, with revenues reaching $1.9B in Q4 2023, compared to $1.55B a year before. It is also looking for potential acquisitions, with 250+ companies evaluated per year for the potential of their technology.
All together, this makes Palo Alto a good cybersecurity for investors looking to invest in the industry leaders and exposure to AI.
Fortinet, Inc. (FTNT)
Fortinet is one of the largest cybersecurity companies, offering integrated solutions to enterprises and SMEs. SMEs make up a large part of the company's clients (62%).
The company is partially competing on price, claiming that its “Proprietary ASIC technology (SPU) provides 5x – 10x better performance, contributing to a lower total cost of ownership”, as well as “one of the lowest total cost of ownership in the industry”.
Despite this focus on price, Fortinet managed to show an impressive margin, reflecting the efficiency of the company's operations.
Together with the other major cybersecurity firms, Fortinet is likely to benefit from the trend of consolidating multiple disparate cybersecurity solutions into a unified platform. Unified strategies merging cybersecurity and network infrastructure will help as well.
This trend of moving from solution to platform has been the driver behind Fortinet's growth, with enhanced platform technology growing 38% CAGR since 2019.
Fortinet's business is less US-centric than many of its competitors, with the USA making only 27% of total revenues, and 100+ countries making half of revenues.
Fortinet's leadership, focus on SMEs, and international markets makes it a good stock for exposure to the global cybersecurity markets, especially with SMEs only now fully embracing the digital revolution. Its focus on affordable pricing might also be a strength in case of recession or pressure from rising interest rates on indebted companies.
CrowdStrike Holdings, Inc. (CRWD)
CrowdStrike was founded with a cloud-first approach to cybersecurity.
The company's offer covers all categories of cybersecurity threats, and among its clients are 15 of the 20 largest US banks, 70 of the Fortune 100 companies, and 556 of the Global 2000.
The company has achieved $2.7B of annual recurring revenues (ARR) in Q1 2023, a year-to-year growth of 42%, for a free cash flow of $227M, growing at 53%.
CrowdStrike's growth is supported by a quickly expanding total addressable market (TAM), expected to grow 13% CAGR in the next 2 years. With additional offerings still in development, the company expects to expand its TAM from the current $76B to $158B by 2026.
Another growth factor for CrowdStrike is the expansion of business with pre-existing clients. When a client starts with at least one cybersecurity module, it usually goes on and keeps integrating more modules, with 62% of clients using 5 or more modules, and 23% using 7 or more modules.
This dynamic creates an environment that allows CrowdStrike to grow its margins when a relationship has developed for long enough, with an impressive total gross margin of 78% in 2023.
The transition to the cloud is still mostly ongoing for many large companies. This creates a large opportunity for a market leader like CrowdStrike to help them transition their cybersecurity strategy to the cloud as well.
The company should also see its international business grow, with still 3/4th of the Global 2000 companies yet to enter the CrowdStrike ecosystem.
The cloud-first approach of CrowdStrike has allowed it to quickly take market share and is now replicated by all the large cybersecurity companies. So investors will want to pay attention to CrowdStrike's ability to retain its advantage despite mounting counter-attacks by the industry.
Zscaler, Inc. (ZS)
Zscaler is a pioneer in cloud security, since its foundation in 2007. The company partially relies on a strategy of a partner network/alliance, including with Amazon's leading cloud service AWS or Microsoft, as well as large cybersecurity firms like CrowdStrike, Okta, or Splunk.
Zscaler claims excellent results in its case studies, like an 80% faster user experience for GE, 35x fewer infected machines for NOY, or a 70% reduction in infrastructure costs for Siemens.
The company has grown its revenues very quickly, by 52% CAGR since 2019, driven by the global wave of cloud adoption by companies of all sizes.
Zscaler has early on targeted the international market, with 50% of its revenue coming from outside of the Americas.
Zscaler's business is mostly with enterprise-level customers, driving the growth of the company, with a 37% growth for customers >$1M ARR (Annual Recurring Revenue) and 25% growth for customers >$100k ARR.
The company also expects strong results from upsell (selling more to existing customers), with a 6x potential just from existing products.
Zscaler's early move into the key point of cloud cybersecurity has made it a central partner for many of the largest players in the cloud industry, as well as large corporations highly reliant on cloud services. This trend is still ongoing at a strong pace and should carry Zscaler's growth.
Splunk Inc. (SPLK)
Splunk is a cybersecurity company focused on “monitoring and observability”. In layman's terms, this means Splunk is more concerned about threat detection than infrastructure, firewalls, or other cybersecurity tools. This specialization means that Splunk's offering is more of a complement than that of a competitor of many other cybersecurity offerings.
Reflecting this complementary nature, 90 out of the Fortune 100 companies have deployed Plunk offerings, often alongside cybersecurity solutions or platforms. And the number of customers with more than $1M ARR (Annual Recurring Revenue) has grown steadily since 2022.
Splunk's threat detection is using a mix of “human-in-the-loop” and deep learning, and AI to make detection easier and automate security checks and reports.
Another segment for Splunk is manufacturing and IoT, with its Edge Hub. This device gathers and monitors cyber activity from sensors and IoT devices into an easy-to-analyze and check platform. In turn, this helps reduce downtime, avoid equipment failure or inconsistent product output.
The company has grown its revenues by 14% year-to-year, reaching $911M in Q2 2023. It also turned from a negative free cash flow of -$428M in Q2 2021 to a forecast of positive $805M in Q2 2024.
The need for extra information and visibility on security risk is powering Splunk's growth while allowing it to carve a smaller but profitable niche in the very competitive cybersecurity market.
In the long run, the adoption of IoT could also be a new driver of growth, with innovations like the Edge Hub likely to be adopted when more IoT data are available, and a centralized analytic center physically present on the factory floor will help boost productivity.
Akamai Technologies, Inc. (AKAM)
Akamai is a company centered around the concept of “edge computing“. In short, it is the concept of having computing and decisions made as close as possible to where the data is, instead of a distant centralized place.
This is a concept relevant to multiple applications, many of them becoming prevalent today, including streaming and cybersecurity.
In 2022, Akamai acquired cloud provider Linode. The merger allows for the company to deliver distributed cloud services, in contrast to centralized ones like AWS. Interestingly, companies like Amazon, the owner of AWS, are now launching “local zones”, a concept very similar to edge cloud computing championed by Akamai.
This creates a unique positioning, at the border between the large enterprise-scale cloud providers, and the more easy-to-use and developer-friendly alternatives.
Another advantage of a localized, “fragmented” cloud is security. The dominant paradigm of “Zero Trust Network Access” only really works with a segmentation of the data by geography and/or roles.
So Akamai's unique approach is an advantage for companies with strong developing capabilities and wanting to keep direct control over their cybersecurity. Or looking to reduce the price per byte delivered. Or for whom cybersecurity is an absolute must instead of an extra concern.
This can include a lot of different situations, from banks to streaming services or fast-moving e-commerce with a lot of internal tech knowledge.
It often pays in the tech sector to be a first mover or to have a unique approach. Akamai's early focus on edge computing provides both. So while this might not make it a service likely to reach the scale of AWS, it is equally likely to stay an integral and growing part of the cloud computing ecosystem. A good indication of that is how strongly the traffic on Akamai grew over time, almost 5x since 2018.
Okta, Inc. (OKTA)
At the core of most cybersecurity solutions is the concept of identity. Is this person/computer/software who he claims to be, and is he authorized to access or modify this dataset?
This is a crucial question, because too easy access leads to security breaches, but too strong can make an IT system anywhere from annoying and inefficient to useless.
Okta provides identity verification and cloud security certification with 99.99% uptime through its Okta Identity Platform.
This is a growing field, especially with so many activities moving to the cloud and remote or hybrid work becoming a new business model. This is driving Okta's revenue growth, with a forecast of doubling revenues since Q1 2022.
Okta also grew its customer base from 10,000 in 2021 to 17,600 in 2023. This includes very different industry leaders, like pharmaceutical maker Takeda, utility Engie, FedEx, HP, S&P Global, and T Mobile.
Okta was somewhat of a “pandemic stock”, with its stock price rising rapidly in 2021 before falling back down. However, its business performance as measured by revenues, cash flow margin or client base did not show any slowdown in growth.
So this might be an opportunity for investors to buy the stock at a cheaper point, when identity certification and other remote work-centered business models are out of favor, despite a strong underlying trend in that direction.
Leidos Holdings, Inc. (LDOS)
One sector very interested in digital transformation & cybersecurity, and often lagging behind in actually performing well in that respect, is public institutions and government services. This is where Leidos enters and helps them secure their digital infrastructure.
The company's activity is split between defense (57%), civil (24%), and healthcare (19%). Health was the strongest growth driver in Q2 2023 at 9% growth, followed by defense (7%) and civil (5%), for a total revenue growth of 7%.
One of the company's key activity is cybersecurity, bringing the zero-trust concept to the public sector. Something that is now commonly accepted in the private sector, but where Leidos' experience navigating the public institution structure brings extra value.
The company is also active in helping assess the impact of quantum computing, a very important question in the defense industry, where encryption and its possible breaking by quantum computing can be of vital strategic importance.
Beyond pure cybersecurity, Leidos is also active in digital transformation, cloud computing, and the development of integrated systems like drone navigation, autonomous unmanned vessels, biometrics, strikes systems, space & hypersonic, and security checks, all crucial to the defense industry.
The government sector, and especially defense, has been both a hard-to-crack nut and a segment of interest for the largest tech companies. This includes Google, Palantir, Microsoft, Amazon, and many others.
Leidos is another more important actor in this sector, with a long-established and trusted partnership regarding the most vital and secured digital requirements in the US government.
Considering the growing importance of cyberdefense, and the constantly growing international tensions with Russia, China, Iran, and other US “adversaries”, it is likely that companies like Leidos will be on the receiving end of growing defense and cyberdefense budgets.
In addition, most federal and governmental agencies are just starting to modernize and migrate to the cloud, providing plenty of opportunity for Leidos to grow these segments.
Juniper Networks, Inc. (JNPR)
Juniper is claiming to offer the #1 cloud-native wireless solution, and the only AI-driven WiFi network. This puts it directly in competition with older and more established giants like Cisco. Juniper's technology called Juniper Mist is claimed to be more scalable, more flexible, and better at anomaly detection than its Cisco's equivalent offers.
The company's solutions rely heavily on AI, with its AI engine “Marvis” used at all network levels, from user to datacenter.
When it comes to security, Juniper also shows outstanding results on firewalls, threat defense, and defense against exploits, outperforming most vendors like Fortinet, Palo Alto, Zscaler, etc…
To keep growing, the company is working on turning from being a network company to a software company as well. It includes AI-driven analytics, cloud management software, and automation.
Overall, Juniper is a very ambitious company, with great technical performance. Its actual growth is a little less spectacular, with 5-6% growth in revenues expected for 2023. Still, it should convert into a double-digit earning per share growth, thanks to a disciplined approach to expenses. It is also looking to give back to shareholders at least 50% of free cash flow, through dividends and opportunistic stock buybacks. Altogether, this makes Juniper an interesting stock for investors looking for exposure to cybersecurity with a mix of growth, profitability, and a shareholder-friendly policy.