You may think the time is right to move into cybersecurity stocks amid the latest data breach involving ride-sharing service Uber Technologies (UBER). But right now, the IBD Computer-Software Security group ranks only No. 131 out of 197 industry groups tracked.
The IBD security group is down about 31% in 2022, under-performing the S&P 500. The S&P 500 is down about 25%.
But some cybersecurity stocks hold stable Relative Strength Ratings, such as Palo Alto Networks (PANW). Palo Alto has completed a 3-for-1 stock split.
Meanwhile, the iShares Expanded Tech-Software ETF (IGV) fell over 11% in September. The IGV index has retreated 37% in 2022.
Still, some computer security firms could get a boost from new federal government initiatives, said Wedbush analyst Daniel Ives in a report.
The Cyber Incident Reporting Act of 2021 requires agencies, federal contractors and critical infrastructure operators to notify the Department of Homeland Security when a data breach is detected, a significant step in building security.
“With the shaky macro environment causing nervousness for investors across the board we believe (federal government) cyber security deal flow remains strong in the field,” said Ives. “We believe federal cyber security budgets for some key agencies are up in some cases 35% to 40% year over year for many projects already green lighted and will be a tailwind for well positioned vendors in the space.”
Some cybersecurity firms aim to use artificial intelligence to get an edge on hackers.
When the bear market eases, investors might consider the Global X Cybersecurity ETF (BUG) for a more broad exposure to the sector.
According to a Morgan Stanley survey of chief information officers in July, cloud computing and security software remain at the top of priority lists, followed by business intelligence/analytics, digital transformation and artificial intelligence.
Cybersecurity Stocks Report Mixed Earnings
Zscaler (ZS) stock jumped on stellar fiscal fourth-quarter results.
PANW stock also jumped on better-than-expected fiscal fourth-quarter earnings and guidance. Palo Alto has been building a broad cloud-based services platform via acquisitions. The company has spent more than $3 billion on 10 acquisitions over the past three years.
CrowdStrike Holding (CRWD) reported reported second-quarter annual recurring revenue, or ARR, of $2.14 billion. Analysts expected $2.11 billion, up 59%. CRWD stock has pulled back 19% in 2022.
Check Point Software Technologies (CHKP) reported earnings on Aug. 1. CHKP stock fell on guidance.
Fortinet (FTNT) reported second-quarter earnings, revenue and billings that topped estimates but the size of the beats disappointed. FTNT stock has tumbled 31% in 2022.
Consolidation Impacts Cybersecurity Stocks
Private equity firms continue to be active.
Vista Partners, a long-standing investor in KnowBe4 (KNBE), on Sept. 19 offered to buy the company for $24 per share in cash. The deal represents a 39% premium for KNBE stock.
Thoma Bravo acquired Ping Identity Holdings (PING) for $2.8 billion.
Thoma Bravo also has acquired cybersecurity firms SailPoint Technology, Proofpoint, Sophos and Barracuda. The private equity firm has invested in cybersecurity startups, such as Illumio.
Also, PE firm Permira in May completed its purchase of Mimecast for $5.8 billion. PE firms aren’t the only acquirers.
Further, Google in January acquired Siemplify, a security orchestration, automation and response provider, for around $500 million.
“Increased acquisition activity is being spurred by depressed valuations in the current uncertain macroeconomy,” Cowen analyst Shaul Eyal said in a recent note to clients. “We believe that acquirers are increasingly seeking targets that demonstrate a balance of growth versus profitability and positive cash flow.”
Corporate Spending On Cybersecurity
Meanwhile, Qualys and Fortinet have dropped off the IBD 50 roster of growth companies.
At an investor day for FTNT stock on May 10, Fortinet unveiled 2025 financial targets that call for billings of $10 billion and revenue of $8 billion, implying a three-year average growth rate of 22% for both metrics.
Cybersecurity spending worldwide climbed 13% in 2021 to $172 billion, estimated market research firm Gartner, accelerating from 8% growth in 2020. In both 2022 and 2023, Gartner forecasts 11% growth in cybersecurity spending.
Bank of America in a recent report said cybersecurity stocks that deliver services via cloud computing platforms will be better positioned.
“We believe ‘born-in-the-cloud’ companies like Zscaler, CrowdStrike and SentinelOne (S) to be relatively resilient to any spending slowdown, also given how critical their solutions are to cyber defense efforts,” BofA analyst Tal Liani said in a note.
Cybersecurity stocks got a lift in February as Russia’s invasion of Ukraine began. Analysts said attacks aimed at shutting down websites could increase.
Further, Congress has finally passed legislation funding infrastructure projects, which is expected to include funding for federal, state and local cybersecurity infrastructure.
Ransomware remains a big threat, though fewer highly publicized incidents occurred in the back half of 2021.
The rise of cryptocurrency Bitcoin has been linked to a spike in ransomware attacks. In ransomware attacks, hackers take over computer systems, encrypt files and demand digital payment to restore access to critical data.
Cybersecurity Stocks With High Composite Ratings
Cybersecurity stocks with Composite Ratings above 90 include Qualys, Fortinet and Palo Alto Networks.
The Composite Rating is a blend of the other five IBD stock ratings: the earnings per share or EPS Rating, Relative Price Strength Rating, Accumulation/Distribution Rating, Industry Group Relative Strength Rating and the SMR Rating.
The latter measures sales growth, profit margins and return on equity. The all-encompassing Composite Rating helps investors easily measure the quality of a stock’s fundamental and technical metrics.
No security stocks currently are members of the IBD Leaderboard. It’s IBD’s curated list of leading stocks that stand out on technical and fundamental metrics.
Hot Cybersecurity Startups Eye IPOs
And initial public offerings are on the table. SentinelOne’s IPO raised $1.2 billion. SentinelOne is a rival of CrowdStrike.
Meanwhile, analysts say Netskope, Illumio and Menlo Security are among cloud security startups that could launch IPOs.
Analysts say a new wave of startups seems to be taking share from industry incumbents.
Darktrace (DARK) launched its IPO on the London stock exchange in April. Darktrace utilizes self-learning artificial intelligence tools in security automation.
Further, consolidation may be coming in the cybersecurity industry. Okta (OKTA) in early 2021 acquired privately held Auth0 in a $6.5 billion, all-stock deal. Also, Okta is expanding into new security markets to take on CyberArk Software (CYBR) and SailPoint.
Microsoft Stock A Big Player In Cybersecurity
Also, Microsoft (MSFT) has moved into this space. The software giant recently disclosed that its cybersecurity revenue tops $10 billion annually. With 400,000 customers, Microsoft’s computer security franchise is growing at more than 40%, the company said.
Microsoft in July 2021 acquired RiskIQ, a security threat management company. Bloomberg reported that Microsoft paid around $500 million. Microsoft also bought CloudKnox Security in July.
In addition, Microsoft is integrating more security tools into its cloud-based Office 365 software. As it expands cloud-based security services, Microsoft could pressure more industry incumbents, such as Okta, CrowdStrike, and Splunk (SPLK).
“Microsoft is clearly pitching itself as offering a full security suite, a competitive advantage as customers increasingly want a unified view of threats,” UBS analyst Karl Keirstead said in a recent note.
Cybersecurity Stocks: Wide Range Of Products
Further, it behooves an investor to know which cybersecurity stocks address ransomware, phishing or other kinds of cyberattacks.
Meanwhile, CrowdStrike uses machine learning and a specialized database to detect malware on laptops, mobile phones and other devices that access corporate networks. In addition, many software companies are using artificial intelligence to get a competitive edge.
In addition, Zscaler is the biggest provider of cloud-based web security gateways that inspect customers’ data traffic for malware.
SailPoint, an identity management software maker, is among companies that garner more than 10% of revenue from government agencies.
Coronavirus Outbreak Boosted Demand For Cloud Security
Other cybersecurity firms with a sizable government business include Tenable Holdings (TENB), Rapid7 and CyberArk. Tenable in 2021 acquired France-based Alsid, which focuses on identity access management.
In addition, Rapid7 and Qualys specialize in vulnerability management services.
Amid the rapid global spread of Covid-19, many companies instructed employees to work from home. That has increased demand for computer security products that support remote work.
The coronavirus emergency and shift to remote work has accelerated the growth of cloud-based network security. So the industry now has a new term for the infrastructure that supports distributed workers and branch offices.
It’s spelled SASE — pronounced “sassy” — and it stands for Secure Access Service Edge.
SD-WAN Technology Changes Security Needs
Corporate America has hiked tech spending on security aiming to protect intellectual property as well as consumer privacy. Hackers continue to steal credit card data and intellectual property.
Spending on security technologies has evolved as companies shift business workloads to cloud computing service providers. Amazon Web Services, part of Amazon.com (AMZN), is the biggest cloud services firm. Amazon looms as a potential rival as it builds more security tools into its cloud services.
Also, Fortinet competes with Palo Alto Networks and others in the firewall security market. Firewalls reside between private networks and the internet. They block unauthorized traffic and check web applications for malware.
As large companies shift to off-premise cloud computing services, one view is that firewall technology will play a lesser role. Fortinet has targeted software-defined wide area networks, or SD-WANs, an emerging computer networking technology.
Aiming to catch-up in SD-WAN technology, Palo Alto Networks acquired startup CloudGenix.
Cybersecurity Products Battle Ransomware, Phishing
Cybersecurity stocks span a wide-range of products and services. In addition, some security vendors are shifting to software-based subscription business models from selling hardware appliances. Among them, Proofpoint specializes in email and data-loss protection.
Meanwhile, hackers often aim to compromise networks by targeting employees or management who have administrative access. CyberArk manages privileged accounts. In addition, Okta provides identity management services.
To slow down hackers, more companies are focusing on internal security threats though a strategy known as Zero Trust. In addition, traditional security measures aim to keep the bad guys out of corporate networks. Further, network firewalls focus on intruders from the public internet.
Zero Trust cybersecurity models focus on internal threats, such as hackers stealing someone’s security credentials. Security firms verify the identity of network users and limit access to applications.
CrowdStrike, Okta, Netskope and Proofpoint recently formed a Zero Trust alliance. Targeting Zero Trust security, Cisco Systems (CSCO) in 2018 acquired Duo Security for $2.35 billion.
Artificial Intelligence Changing Cybersecurity Market
Also, many fast-growing cybersecurity firms are in the endpoint market. Their tools detect malware on laptops, mobile phones and other devices that access corporate networks.
Further, CrowdStrike’s initial public offering in June 2019 raised $612 million, one of the largest cybersecurity offerings. CrowdStrike’s rivals include VMware‘s (VMW) Carbon Black, Palo Alto and startup Cybereason.
The “Human Element” causes at least 75% of cyber breaches, according to a new study by Cowen Research and Boston Consulting Group. Many companies have stepped up employee training to deter ransomware attacks and other threats. Cowen favors Cloudflare (NET), Fortinet, CrowdStrike and KnowBe4 (KNBE).
In addition, state-sponsored hackers and cybersecurity firms are both using artificial intelligence to get an edge.
Artificial intelligence should improve computer security tools by speeding up incident responses. It could help thwart email-delivered ransomware or swarming botnets that knock out access to websites.
Follow Reinhardt Krause on Twitter @reinhardtk_tech for updates on 5G wireless, artificial intelligence, cybersecurity and cloud computing.
YOU MAY ALSO LIKE
How This IBD Tool Simplifies The Search For Top Stocks
Find Compelling Growth Stocks With IBD’s Stock Of The Day
Get A Free Trial Of IBD Leaderboard
Best Growth Stocks To Buy And Watch: See Updates To IBD Stock Lists