Cybersecurity: a market positioned for continued growth

Our resident EasyAssetManagement Chief Investment Officer Shaun Krom shares his views on the cybersecurity industry and a few companies which he believes have a positive growth outlook.

Last year marked yet another year where the threat landscape was worse than the year before. In the UK alone 32% of businesses reported suffering a cyberattack. There were also a number of high-profile breaches:

• A ransomware attack on MGM which cause widespread system outages, including hotel key cards, restaurants, slot machines, and email systems resulting in an estimated cost of $100m.
• A data breach at Ceasars which resulted in personal information like driver's licenses and social security numbers compromised for millions of customers.
• An attack on Clorox in August 2023 resulted in production slowdowns and shortages of popular cleaning products; supply chain disruptions in order processing delays; and disruptions and damage to parts of their IT infrastructure.
• Microsoft recently reported that a Russian state-sponsored actor breached their corporate email accounts.

There are several major contributors that support the thesis of continued growth in the cybersecurity protection market with Generative Artificial Intelligence (GenAI) being top of mind. Hackers are early adopters of new technology and GenAI is no different. Industry experts expect that the volume, severity, and cost of threats (cybersecurity threats are measured over those vectors) will continue to increase and support demand through 2024 and beyond.

Other cybersecurity topics from 2023 that we expect will shape the future cyber landscape include:

• Geopolitical conflicts and state-sponsored actors; as we seem to be moving to a multipolar word (Russia, China, Iran VS the “West”).
• The White House introduced a National Cybersecurity Strategy to protect US government agencies (the US government is a major buyer of cybersecurity products) and US companies. The aim is to “Defend critical infrastructure. Disrupt and dismantle threat actors, shape market forces to drive security and resilience, invest in a resilient future and forge partnerships.”
• The Securities and Exchange Commission (SEC) revamped its rules on cyber risk management, governance, and incident disclosure. This will play a key role in the industry going forward as it requires all companies to disclose their cyber breaches whereas before many companies kept these incidents silent. A breach could have a major impact on a company’s share price, so a requirement to disclose this will make cybersecurity top of mind to management. The SEC also requires that the company makes regular disclosure of their cybersecurity governance and posturing so even if no event occurred, an investor has access to a company’s security posture and this could impact a company’s share price, again putting it top of mind in the C-Suit.
• The cybersecurity landscape is always shifting to new frontiers, with a focus on zero trust, AI, SASE (Secure Access Service Edge) and cloud technologies. New frontiers result in new services and products to offer and thus a growing business.

Companies that may be worth considering are the leaders in their product market; can consolidate share onto their platforms; have exposure to large enterprise spending; have exposure to top CIO spending priorities; and show market leading growth with improving factor fundamentals to support valuation.

Some of these companies include Crowdstrike (CRWD), Palo Alto Networks (PANW) and Cloudflare (Net).

CrowdStrike offers a cloud-based security platform called Falcon that protects businesses from cyberattacks across their entire network, endpoints, and cloud environments. They have a recurring revenue model, strong growth outlook and a focus on innovative AI-powered technology. CrowdStrike has established itself as a technology leader in the Endpoint Security market with a disruptive platform that has enabled it to penetrate core markets and then expand into adjacent markets. They have some of the best unit economics in software.

Palo Alto Networks is taking a hand from the Microsoft playbook and in my opinion is in the best place consolidate share within enterprise security. PANW has a large installed base of over 85,000 customers with a platform both leading hardware and a comprehensive best-in-class cloud security platform. This enables customers to consolidate solutions across on-premise, cloud native and hybrid environments. They have improving factor metrics such as recurring revenue, gross and operating margins (absolute and relative), cash flow etc. Their product profile continues to expand which leads to greater revenue per client as more modules are utilised across their portfolio.

Cloudflare shields websites and applications from a wide range of threats principally Distributed Denial of Service (DDos) where an attempt is made to overwhelm a website or app with traffic; and Web Application Firewall (WAF) where a hacker tries to steal data such as credit card info, that filters web malicious traffic and Bot Management. Cloudflare shares are not exactly cheap right now but they are a leading player in cybersecurity with a large runway. Cloudflare also offers companies a way to access serverless GPUs via their Worker AI solution which is a fast and cost-effective way to deploy AI.

Other companies to consider are Z-Scaler, Cyberark and Datadog.

These companies, and the cybersecurity industry in general, also form part of the EasyAssetManagement Enhanced USD Bundle, a managed portfolio which is available in your USD account.