You may think the time is right to move into cybersecurity stocks as private equity firms targeting the sector.
But the IBD Computer-Software Security group ranks only No. 187 out of 197 industry groups tracked. While the Nasdaq and S&P 500 have rallied in 2023, most cybersecurity stocks remain in the doghouse. the iShares Expanded Tech-Software ETF (IGV) has gained more than 12% in 2023.
One question is how much companies will prioritize computer security in 2023 as they reassess information technology budgets.
“Cybersecurity while looking defensive is certainly more vulnerable than investors perceived 6 to 9 months ago,” said Deutsche Bank analyst Brad Zelnick in a report. “We believe the group is ultimately proving to be later-cycle vs. other areas of software.”
Some cybersecurity stocks, such as CrowdStrike Holdings (CRWD) and zscaler (ZS), sold off in early January. A few cybersecurity stocks hold stable Relative Strength Ratings, such as Palo Alto Networks (PANW).
December and January quarter earnings results are starting to come in. Fortinet (FTNT) reports fourth quarter earnings on Feb. 7.
Cybersecurity Stocks: Corporate Budgets
Cloud computing giants are changing the cybersecurity market with their own offerings, acquisitions and software marketing deals. Microsoft (MSFT) poses the biggest threat to incumbents in the sector as it sells multiple products to companies in discounted deals.
According to a Morgan Stanley survey of chief information officers in July, cloud computing and security software remain at the top of priority lists, followed by business intelligence/analytics, digital transformation and artificial intelligence.
But many companies are tightening budgets, said William Blair analyst Jonathan Ho in a report. As a result, computer security companies are offering price discounts.
“We are observing a continuation of trends focused on additional scrutiny of spending, longer sales cycles, additional approvals, and greater emphasis on value for dollars spent,” said Ho.
He added: “While we are noticing the environment continues to be cautionary, we believe security still remains a high priority and demand for solutions is persistent. Our biggest concern is that customers may opt to buy fewer additional features upon renewal and spread out spending over a longer time frame, as macro uncertainty continues to weigh on spending sentiment. We are also observing more aggressive pricing behavior than in prior periods resulting from a more difficult environment.”
Private-Equity Firms Target Cybersecurity
Private-equity firms remain active. Thoma Bravo on Oct. 11 agreed to buy ForgeRock for $23.25 a share in an all-cash deal valued at about $2.3 billion. The deal represented a 53% premium to ForgeRock’s closing share price on Oct. 10. The deal is expected to close in the first half of 2023. FORG stock had retreated 65% in 2022 prior to the deal.
Previously, Thoma Bravo acquired Ping Identity Holdings (PING) for $2.8 billion. Thoma Bravo has also acquired cybersecurity firms SailPoint Technology, Proofpoint, Sophos and Barracuda. The private equity firm has invested in cybersecurity startups, such as Illumio.
Also, private-equity firm Permira in May completed its purchase of Mimecast for $5.8 billion.
Private equity firm Vista Partners, a long-standing investor in KnowBe4 (KNBE), on Oct. 13 acquired KnowBe4 in a $4.6 billion leveraged buyout.
Federal Markets A Tailwind?
Google-parent Alphabets (GOOGL) last year acquired cybersecurity firm Mandiant in an all-cash $5.4 billion deal. Mandiant is now part of Google’s cloud computing business.
Further, Google in 2022 acquired Siemplify, a security orchestration, automation and response provider, for around $500 million.
Still, some computer security firms could get a boost from new federal government initiatives.
The Cyber Incident Reporting Act of 2021 requires agencies, federal contractors and critical infrastructure operators to notify the Department of Homeland Security when a data breach is detected, a significant step in building security.
Some cybersecurity firms aim to use artificial intelligence to gain an edge on hackers.
When the bear market eases, investors might consider the Global X Cybersecurity ETF (BUG) for a more broad exposure to the sector.
Further, Congress has finally passed legislation funding infrastructure projects, which is expected to include funding for federal, state and local cybersecurity infrastructure.
Ransomware remains a big threat.
Cybersecurity Stocks With High Composite Ratings
But initial public offerings are on the table. SentinelOne’s 2021 IPO raised $1.2 billion. SentinelOne is a rival of CrowdStrike.
Meanwhile, analysts say Netskope, Illumio and Menlo Security are among cloud security startups that could launch IPOs.
Analysts say a new wave of startups seems to be taking share from industry incumbents.
Darktrace (DARK) launched its IPO on the London stock exchange in April. Darktrace utilizes self-learning artificial intelligence tools in security automation.
Further, consolidation may be coming in the cybersecurity industry. Okta in early 2021 acquired privately held Auth0 in a $6.5 billion, all-stock deal. Also, Okta is expanding into new security markets to take on CyberArk Software (CYBR) and SailPoint.
Cybersecurity Stocks: Wide Range Of Products
Further, it behooves an investor to know which cybersecurity stocks address ransomware, phishing or other kinds of cyberattacks.
Meanwhile, CrowdStrike uses machine learning and a specialized database to detect malware on laptops, mobile phones and other devices that access corporate networks. In addition, many software companies are using artificial intelligence to gain a competitive edge.
In addition, Zscaler is the biggest provider of cloud-based web security gateways that inspect customers’ data traffic for malware.
SailPoint, an identity management software maker, is among companies that garner more than 10% of revenue from government agencies.
Other cybersecurity firms with a sizable government business include Tenable, Rapid7 and CyberArk. Tenable in 2021 acquired France-based Alsid, which focuses on identity access management.
In addition, Rapid7 and Qualys specialize in vulnerability management services.
Amid the rapid global spread of Covid-19, many companies instructed employees to work from home. That has increased demand for computer security products that support remote work.
The coronavirus emergency and shift to remote work has accelerated the growth of cloud-based network security. So the industry now has a new term for the infrastructure that supports distributed workers and branch offices.
It’s spelled SASE — pronounced “sassy” — and it stands for Secure Access Service Edge.
SD-WAN Technology Changes Security Needs
Corporate America has hiked tech spending on security aiming to protect intellectual property as well as consumer privacy. Hackers continue to steal credit card data and intellectual property.
Spending on security technologies has evolved as companies shift business workloads to cloud computing service providers. Amazon Web Services, part of Amazon.com (AMZN), is the largest cloud services firm. Amazon looms as a potential rival as it builds more security tools into its cloud services.
Also, Fortinet competes with Palo Alto Networks and others in the firewall security market. Firewalls reside between private networks and the internet. They block unauthorized traffic and check web applications for malware.
As large companies shift to off-premise cloud computing services, one view is that firewall technology will play a lesser role. Fortinet has targeted software-defined wide area networks, or SD-WANs, an emerging computer networking technology.
Aiming to catch-up in SD-WAN technology, Palo Alto Networks acquired startup CloudGenix.
Cybersecurity Products Battle Ransomware, Phishing
Cybersecurity stocks span a wide-range of products and services. In addition, some security vendors are shifting to software-based subscription business models from selling hardware appliances. Among them, Proofpoint specializes in email and data-loss protection.
Meanwhile, hackers often aim to compromise networks by targeting employees or management who have administrative access. CyberArk manages privileged accounts. In addition, Okta provides identity management services.
To slow down hackers, more companies are focusing on internal security threats though a strategy known as Zero Trust. In addition, traditional security measures aim to keep the bad guys out of corporate networks. Further, network firewalls focus on intruders from the public internet.
Zero Trust cybersecurity models focus on internal threats, such as hackers stealing someone’s security credentials. Security firms verify the identity of network users and limit access to applications.
CrowdStrike, Okta, Netskope and Proofpoint recently formed a Zero Trust alliance. Targeting Zero Trust security, Cisco Systems (CSCO) in 2018 acquired Duo Security for $2.35 billion.
Also, many fast-growing cybersecurity firms are in the endpoint market. Their tools detect malware on laptops, mobile phones and other devices that access corporate networks.
Follow Reinhardt Krause on Twitter @reinhardtk_tech for updates on 5G wireless, artificial intelligence, cybersecurity and cloud computing.
YOU MAY ALSO LIKE
IBD Digital: Unlock IBD’s Premium Stock Lists, Tools And Analysis Today
Learn How To Time The Market With IBD’s ETF Market Strategy
How To Use The 10-Week Moving Average For Buying And Selling
Get Free IBD Newsletters: Market Prep | Tech Report | How To Invest