Christopher Gannatti, CFA, Global Head of Research
Gauging the risk of a cyberattack before it happens is difficult. Significant attacks, like the Solar Winds attack from a few years ago, occur over a period of months and have far-reaching implications. Successful hacks may be happening right now, and we will only hear about them at their discovery in the future.
The uptick in geopolitical tensions raises the risk of significant attacks. Russia, Iran and China share a common thread of engaging in offensive cyber activities. Chief information security officers recognize they cannot slack on cyber defenses. It’s also true that there are many actors who would love to disrupt the 2024 U.S. Presidential election.
Are Cybersecurity Company Earnings Boosted by an Increasing Perception of Risk?
Cybersecurity has been consistently near the top of the spending plans for technology budgets.1 It is basically cybersecurity and then AI taking up a lot of IT budgets. Some of the news flow from recent earnings reports:
- Datadog: Revenue growth registered 25% year-over-year, which ended a streak of five consecutive quarters of year-over-year revenue deceleration. Additionally, revenue growth guidance for the current quarter was 21%, which effectively calmed concerns that Datadog would struggle to hit a 20% level exiting 2023.2
- Rapid7: Annual recurring revenue was up 14% year-over-year, beating consensus. The company saw strong performance in its “Managed Threat Complete” and “Cloud Risk Complete” bundles. The market was expecting a 15.3% operating margin, but the firm delivered 18.5% on the back of restructurings and headcount reduction.3
- Palo Alto Networks: Palo Alto Networks is expected to maintain billings growth in the mid to high teens. Their business with the public sector is done on a three-year subscription basis as opposed to a one-year basis.4 The company recently announced a plan to acquire Dig security in the data protection area, and reports speculate about also acquiring Talon, which would be more in the area of access security. Palo Alto Networks has proven over time that it can acquire leading companies, help them with access to funding and allow them to grow.5
- Varonis Systems: Annual recurring revenue was up about 16% year-over-year, beating consensus expectations. Annual recurring revenue has been accelerating, AND the Software-as-a-Service (SaaS) transition is happening faster than expected. SaaS represented 59% of new business, while guidance only predicted 45%.6
- Qualys: Qualys reported year-over-year growth in the billions, which was about 2.2% ahead of consensus, delivering 13.1%. EBITDA margins were also 5% ahead of expectations. The company is predicting overall 2023 billings growth to be about 12%.7
- Trend Micro: Trend Micro has announced plans to increase shareholder returns, including paying 100 billion yen of dividends at the end of December 2023, implying a 70% payout ratio, and then share buybacks worth 40 billion yen.8
- CyberArk: CyberArk reported annual recurring revenue growth at 38%, beating consensus expectations of 35%. Management cited accelerating bookings and a record pipeline.9
- Akamai: Akamai reported security growth of 20% year-over-year, which, combined with operating margins expanding, helped drive earnings per share growth to 30% year-over-year. With cloud and security now above 50% of total revenues, a path to durable earnings per share growth in the low teens could be possible.10
- Check Point: Check Point’s current period results stood out as not positive—they were weaker than expected, and current billings declined. However, it is possible that the firm is nearing the trough of a tougher period in its business, with possibly improved results coming up.11
Artificial Intelligence: A Possible Cybersecurity Catalyst?
Cybersecurity connects back to the AI story. AI without appropriate attention to security can be a bit of a disaster, so we are hoping that companies are researching if or how they will use AI in parallel with how they will secure AI. ChatGPT awakened the world to the promise and possibility of AI, and it became a requirement to talk about one’s AI strategy across earnings calls in 2023.
Cybersecurity also lends itself to AI since there are many millions of attacks daily. The scale of the issue and the limited number of cybersecurity professionals creates a synergy where many AI companies are using AI and machine learning to provide better security solutions.
Conclusion: A Mandatory Megatrend
If you knew a business had no cybersecurity strategy, would you work with it? We have yet to find anyone answering “yes” to this question. The necessity of cybersecurity is clear globally. The question when investing is more about which companies may be positioned to capture the market share and demand for these services, as well as whether it becomes acceptable to outsource cybersecurity to the major cloud infrastructure providers.
Whatever the ultimate strategy, we simply note that every new technology requires thought to be applied to how to secure it because hackers never rest and are always seeking vulnerabilities.
This post first appeared on November 20th, 2023 on the WisdomTree blog
PHOTO CREDIT: https://www.shutterstock.com/g/NicoElNino
Via SHUTTERSTOCK
1 Source: Hamza Fodderwala, “4 Reasons We’re More Bullish Here,” Morgan Stanley Research, 7/31/23.
2 Source: Singh et al., “3Q23 Results: Case for Durable Growth Gets a Boost as Consumption Trends Stabilize,” Morgan Stanley Research, 11/8/23.
3 Source: Fodderwala et al., “3Q23 Vulnerability Management Recap: RPD Back on Track, Mixed Results from TENB,” Morgan Stanley Research, 11/2/23.
4 Source: Fodderwala et al., “Can PANW Continue to Separate From the Pack? We Think So,” Morgan Stanley Research, 11/10/23.
5 Source: Fodderwala et al., “Revving Up The M&A Engine,” Morgan Stanley Research, 11/6/23.
6 Source: Fodderwala et al., “3Q23 Results—Moving In The Right Direction,” Morgan Stanley Research, 10/31/23.
7 Source: Fodderwala et al., “3Q23 Results—Solid Beat in a Difficult Macro; Forward Growth Trajectory Still Uncertain,” Morgan Stanley Research, 11/3/23.
8 Source: Hiroto Segawa, “Sep-Q Results: Moves to Strengthen Shareholder Returns a Positive Surprise,” Morgan Stanley MUFG, 11/9/23.
9 Source: Fodderwala et al., “3Q23 Recap—Getting More Strategic,” Morgan Stanley Research, 11/2/23.
10 Source: Weiss et al., “3Q23 Results—Security Finds Its Groove,” Morgan Stanley Research, 11/8/23.
11 Source: Fodderwala et al., “3Q23 Recap—Delivering on Double-Digit EPS Growth,” Morgan Stanley Research, 10/31/23.
Important Risks Related to this Article
For current Fund holdings, please click here. Holdings are subject to risk and change.
There are risks associated with investing, including the possible loss of principal. The Fund invests in cybersecurity companies, which generate a meaningful part of their revenue from security protocols that prevent intrusion and attacks to systems, networks, applications, computers and mobile devices. Cybersecurity companies are particularly vulnerable to rapid changes in technology, rapid obsolescence of products and services, the loss of patent, copyright and trademark protections, government regulation and competition, both domestically and internationally. Cybersecurity company stocks, especially those which are internet related, have experienced extreme price and volume fluctuations in the past that have often been unrelated to their operating performance. These companies may also be smaller and less experienced companies, with limited product or service lines, markets or financial resources and fewer experienced management or marketing personnel. The Fund invests in the securities included in, or representative of, its Index regardless of their investment merit, and the Fund does not attempt to outperform its Index or take defensive positions in declining markets. The composition of the Index is heavily dependent on quantitative and qualitative information and data from one or more third parties, and the Index may not perform as intended. Please read the Fund’s prospectus for specific details regarding the Fund’s risk profile.