Eight stocks to capitalise as the cyber security boom gathers pace
In a world of digital transformation the opportunities for cyber crime are growing all the time and it is not just criminals but states that are using cyberspace to infiltrate and undermine their rivals. We live in a world in a constant state of cyber war about which most of us know very little.
Not surprisingly this is affecting the corporate world both as victims of cyber crime and as customers of other corporations striving to come up with solutions. Cyber security has become an important sector within the Quentinvest portfolio. Below I look at how the existing names are doing to which the short answer is very well and add two more exciting companies to the list. One I don’t mention is Avast which is currently the subject of an agreed bid.
An interesting feature of these battles between the good guys and the bad guys (or bad actors as they are known in cyber speak) is that the war seems to be being waged almost entirely by the private sector even when it is governments and public bodies which are being attacked. Another thing is the lack of transparency. According to one estimate ransomware will cost $20bn this year, a 20-fold increase from 2015 yet we hear very little about it.
Cloudflare. NET. Buy @ $123. MV: $38.6bn. Next figures: 11 November. Times recommended: 12 First recommended: $23.28 Last recommended: $119.50
All these cyber security stocks employ cutting edge technology. Not surprisingly because this is technology being created by geeks who are fighting geeks. I don’t make the slightest pretence to understand how they do what they do. What I am looking for is my 3Gs and that extra bit of magic. I want to see a great chart, great growth, great story and that little bit of zen – something you can’t quantify but you know it when you see it. Cloudflare has all of this. Between 2019 and 2023 sales are projected to grow from $287m to $1088m. The chart is strong. The company was founded in 2009 and is still led by the founders. The company s not just about cyber security but works across the gamut of internet infrastructure but security is a key element in what it does. The latest presentation deploys reams of statistics to show how well the company is doing. It is certainly growing fast. Co-founder. and CEO, Matthew Prince, summed it all up with the latest results.
“We had our strongest quarter as a public company. In Q2, we achieved revenue of $152m, up 53pc year-over-year. Our revenue growth continue to accelerate as we saw strength across all customer segments. In particular, we added a record of 143 large customers those that pay out more than $100,000 per year and ended the quarter with 1088 large customers, 19pc of the Fortune 1000 are now paying customers and we continue to see particular strength across our enterprise business.
Our expansion rate also improved over Q1 with dollar based net retention reaching124pc in Q2, even as strong revenue and customer growth continued. Our gross margin improved to 78pc, up 120 basis points year-over-year. If there were a theme for the quarter, it was Cloudflare winning the business of the largest and most sophisticated companies and organisations in the world.”
As you can see Cloudflare exemplifies the classic enterprise software growth paradigm. It s adding customers at a rapid rate, the customer are spending more driving a net retention ate of 124pc (existing customers increased spending by 24pc over the year) and this in turn means rapid growth in the number of larger customers spending over $100,000 a year.
The business is in phenomenal shape and has a phenomenal opportunity.
“We are nowhere close to being out of ideas for new products to build for customers to buy them. Cloudflare is optimized for innovation and we plan to continue to launch new products, add more customers relentlessly execute and reinvest in growth for the foreseeable future.”
Crowdstrike. CRWD. Buy @ $286. MV: $64bn. Next figures: 31 August. Times recommended: 17 First recommended: $92 Last recommended: $254. Lowest recommended: $51
Crwodstrike was founded in 2011 and is still run by two of the co-founders. It has grown even faster than Cloudflare and really is one of the wonders of American capitalism.
I don’t think I can improve on their description of what they do.
“CrowdStrike was founded in 2011 to reinvent security for the cloud era. Realizing that the nature of cybersecurity problems had changed but the solutions had not, we built our CrowdStrike Falcon platform to detect threats and stop breaches. With our Falcon platform, we created the first multi-tenant, cloud native, intelligent security solution capable of protecting workloads across on-premise, virtualized, and cloud-based environments running on a variety of endpoints such as laptops, desktops, servers, virtual machines, and Internet of Things, or IoT, devices. Today, we offer 19 cloud modules on our Falcon platform via a SaaS model that spans multiple large security markets, including corporate endpoint security, cloud security, managed security services, security and IT operations, threat intelligence, identity protection and log management.”
They are growing rapidly.
“Building on last year’s milestone performance, we started and finished the first quarter with strong momentum and results exceeding our expectations. We saw strength in multiple areas of the business, added $143.8m in net new ARR [annualised recurring revenue], and grew ending ARR 74pc to exceed $1.19bn”.
Many of these enterprise software companies say they are just getting started but the opportunity looks immense.
“Our growing brand has become the cybersecurity gold standard translating into a broad customer base that is scaling rapidly, deeper penetration within verticals, and our strong financial success. And third, the demand environment is robust, driven by strong secular trends, including digital and security transformation, cloud adoption, and an ongoing heightened threat environment. This includes the massive influx of ransomware and the operational impact of these attacks that has been seen over the past two years.”
Then scale of the threat is incredible.
“Our 2020 CrowdStrike Global Security Attitude Survey revealed that more than half of organisations surveyed worldwide had suffered a ransomware attack within the previous 12 months.”
Their confidence is amazing.
“While a robust demand environment may serve as a temporary lifeline to inferior technologies, when I look at the competitive landscape, I couldn’t be more confident in our leadership position. I do not see another vendor in the market with our vision, platform, scale, or ability to execute at scale.”
CyberArk Software. CYBR. Buy @ $168.50. MV: $6.7bn. Next figures: 4 November. Times recommended: 5 First recommended: $75.5. Last recommended: $142.50
CyberArk Software has been around longer than some of the cyber security companies mentioned here and is not growing as fast but still has a place in the cyber security section of a 21st century focused equity portfolio. It may also be looking to grow considerably faster in future thanks to strong demand for its special expertise in privileged access security and the success of its transition from a licensed software model to a cloud based business supplying software on subscription.
“Our subscription transition raked out of the gates in the second quarter with the mix of subscription bookings reaching 65pc. Despite the headwind created by the mix [subscription income is deferred], we achieved total revenue of $117m. This revenue level paired with the mix over-achievement [more subscriptions than expected] demonstrates that our bookings were considerably higher than anticipated in our guidance.
In fact, the underlying business significantly accelerated in the second quarter driven by record SaaS bookings and robust subscription demand. Due to our strong bookings, ARR grew by 35pc to $315m as of June 30. Even more importantly, our subscription ARR grew faster than 125pc year-over-year. Recurring revenue reached $81m, an increase of 32pc compared to Q2 2020. Subscription mix, ARR and recurring revenue demonstrate the progress in the subscription transition, momentum in the business and the incredible demand trends we are seeing for our identity security platform, which is centered on PAM [privileged access management].”
Prospects for the business look increasingly exciting.
“Positive secular tailwinds and execution of our land and expand strategy are contributing to the acceleration in our business. Identity Security is at the centre of digital transformation, Zero Trust and hacker innovation, three of the most important and intertwined trends in cyber security. With digital transformation and the move to the cloud, Privileged Access is everywhere and every identity across human users, applications and bots can be privileged under certain conditions. If you think about Zero Trust, organizations around the world are no longer just strategizing about frameworks. They are implementing programs and allocating budgets taking an assume-breach mindset that trusts nothing and verifies everything.”
It does sound exciting.
“We are well on our way toward transforming the business into a fast growing, durable subscription company with our cloud solutions leading the way which will unlock tremendous value for our company, our shareholders, our customers and our partners.”
Darktrace. DARK. Buy @ 637.5p. MV: £4.2bn. Next figures: 14 September. New entry
Recently floated Cambridge-based Darktrace is all about advanced mathematics and artificial intelligence so as geeky as they come. It is also growing fast.
“Darktrace demonstrated the resilience of its business model over the course of a universally challenging year. The group ended FY 2021 with approximately 5,600 customers, having grown its customer base by 42pc year-on-year. The group also delivered strong results in its constant currency annualized recurring revenue (ARR). At its FY 2021 constant currency rates, Darktrace expects ARR at 30 June 2021 of at least $340m, which represents year-over-year growth in constant currency ARR of at least 44pc. Darktrace also expects revenue for FY 2021 of at least $278m, reflecting year-over-year growth of at least 40pc.”
This is how they describe themselves.
“Darktrace, a global leader in cyber security AI, delivers world-class technology that protects over 5,000 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. The company’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has 1,500 employees and over 30 offices worldwide. Darktrace was named one of TIME magazine’s ‘Most Influential Companies’ for 2021.”
The company recently had its IPO at 250p and is currently consolidating after a sharp rise. The top management team has impressive credentials including a CEO, Poppy Gustafsson, who has already been awarded an OBE for her services to the security industry. It looks exciting and classic 3G.
Fortinet FTNT. Buy @ $314.50. MV: $51.4bn. Next figures: 4 November. Times recommended: 6. First recommended: $203. Last recommended: $297
Like other companies in the sector Fortinet is enjoying strong trading.
“Billings increased 35pc to $961m driven by solid execution and was the best it has been since 2015. Secure SD-WAN accounted for 14pc of second quarter billings. Total revenue grew 30pc to $801m with product revenue up 41pc. Product revenue growth was the highest for nearly 10 years. Free cash flow was $395m, a quarterly record level. With strong business momentum, we remain focused on growth.”
You can see why when you look at what is going on in the world.
“There are lots of similar attacks occurring every day as every year cyberattacks cost $6 trillion [the quote says trillions but surely should be billions which is still a huge figure] for the world, and it is expected that the number will climb to $10.5 trillion by 2025. It is also estimated that there are 1000 ransomware attacks every week against US companies which means that every 10 minutes there is a new hacking attack.”
The next quote gives a flavour of what they do.
“:FortiCare secure service offer market-leading AI-enabled, secured capability that regularly adjusts protection across the Fortinet Security Fabric. Today, we announced a new FortiGate 3500F, the industry’s high-performance next-generation firewall. We integrate uTrust newer access and ransomware protection, powered by the Fortinet MG7 SBU the 7,500 app offers an average six times more performance than other competitive products based on our security compute reading. This makes a Fortinet app the best protection for high-speed internal network on base centres. We continue to see the momentum and adoption of our SD-WAN new trust me access and cloud solutions among the, world’s largest service providers.”
Don’t ask me to go into more detail or explain it all in layman’s terms because that would only introduce errors. The point for me is always like the song – it’s not was you do, it’s the way that you do it. Everything about Fortinet and the other companies alerted here suggests that they are good at what they do and are providing a much needed service in a world which is transitioning from old school bricks, mortar and everything being done physically and in person to a dramatically more virtual, digitally transformed, networked world which is desperately vulnerable to a growing army of hackers and cyber attacks.
We need from the companies protecting us against bad actors in the cyber world constant vigilance and perpetual innovation. It is a classic arms race. Fortinet is one of the leading companies providing these services which is why the shares have climbed 40-fold since 2010.
The group says its long-term aim is to balance growth and profitability but with so many opportunities it is leaning more towards growth.
“Looking forward, our goal remains to balance growth and profitability. And given the growth opportunities that we believe lie ahead, we continue to expect to tilt our bias within this framework more toward growth for at least the next several quarters. The opportunities we see are supported by a strong pipeline, increased sales effectiveness, the growing success with a single integrated security platform strategy and the convergence of security and networking, the response to the current threat environment and our development efforts, which include continuing to invest in our ASIC advantage, which enables a shared operating system across the Security Fabric platform drives our price for performance advantage, increase the capacity to add features and functions while maintaining price points.”
Long sentence but you get the point. There is a lot going on at Fortinet to drive continuing strong and even accelerating growth.
Palo Alto Networks. PANW. Buy @ $458. MV: $44.6bn. Next figures: 22 November. Times recommended: 9 First recommended: $205 Last recommended: $398
Shares in Palo Alto Networks exploded higher after their latest quarterly results which smashed expectations and suggested that the business was embarking on a whole new era of strong growth. Palo Alto was a star performer earlier in the millennium but then seemed to lose its way a little as everything moved to the cloud. But companies can change and the latest figures suggested that the group is adapting brilliantly to the new environment.
The new PANW reflects decisions taken three years ago that are now coming to fruition.
“One, that the network will transform with the introduction of the cloud. This is accelerated with the pandemic, with SASE [secure access service edge] and virtual firewalls leading the transformation. Not only that, we supplemented our firewall platform strategy with software capabilities like DLP [data loss prevention], IoT [internet of things], SaaS [software as a service] visibility, DNS [distributed network security], and SD-WAN [software defined networking in a wide area network] . Our second insight was the cloud is going to be big and it’s here to stay. We have now seven modules in our cloud security platform, which is being used by over 75 Fortune 100 companies. And our third insight was more AI [artificial intelligence] and machine learning will be needed to support the automation of our security platforms and our security operating centres. Our Cortex platform validates that for us every single day. Underpinning this innovation strategy has been a flurry of product releases from Palo Alto Networks.“
As so often this new sense of purpose reflects a change in personnel. On 1 June 2018, Nikesh Arora, formerly a senior executive at Google and president of SoftBank Group, arrived as CEO and chairman and has clearly had a decisive impact.
“When I came to the company, we sat down and decided what we needed to do was to get our innovation and product strategy right. Something many cybersecurity companies have struggled to do is stay relevant. You can see from this slide, we’ve gone from 13 major releases to 29 this year, tripling our product release capability over three years.”
This is starting to have a significant impact on growth.
“In the fourth quarter of 2021, we delivered billings of $1.87bn, up 34pc, and well ahead of our guided 22pc to 23pc growth. The size of the deals with our large strategic customers grew and our total customer count expanded, with over 2,500 customers added in the quarter. Q4 revenue of $1.22bn grew 28pc and was above the high end of our guidance range. Growth was driven by strong demand across all geographies and major product areas. Total deferred revenue in Q4 was $5.02bn, an increase of 32pc. The remaining performance obligation, or RPO, was $5.9bn, increasing 36pc.”
It’s all systems go.
“In closing, we are entering the fiscal year ’22 with strong momentum. We’re pleased with our operational execution and organic growth prospects as drivers of continued momentum.“
Varonis Systems. VRNS. Buy @ $68. MV: $7.35bn. Next figures: 1 November. New entry
Varonis has built its business around protecting data.
“We’re fighting a different battle than conventional cybersecurity companies, relentlessly focused on securing data. Data assets are the most valuable – and vulnerable – components of the global economy. Along with employees, data is at the heart of almost every organization, yet conventional cybersecurity solutions, by themselves, have failed to protect it. On average, 20pc of an organization’s data is accessible to every employee. Seventy percent of attacks take months or years to discover. But not for our customers. Our customers always know where their most valuable data is – on premises or in the cloud. Only the right people have access to only the right data. With real-time awareness of how employees use data, our clients flag and stop malicious behavior in its tracks.”
This focus is driving strong growth.
“Financial highlights in Q2 include 33pc total revenue growth year-over-year, driven by strong ARR growth of 39pc, to $328.2m. Demand for our platform continues to be driven by both new customer acquisitions, where the average new customer is now buying approximately five to six licenses and continued expansion from our base of existing customers. As we discussed last quarter, these trends continue to dramatically increase customer lifetime value. As of June 30th, 2021, 68pc of our total customers with 500 or more employees purchased four or more licenses, up from 58pc a year ago and 48pc two years ago. At the same time, 35pc of our total customers with 500 or more employees purchased six or more licenses, up from 24pc a year ago and more than double the 16pc we had two years ago.”
They explain why their opportunity is so large.
“Data protection is an immensely difficult problem to solve, and in conversations with our customers and prospects, we ask three simple questions. One, do you know where your important data is stored? Two, do you know that only the right people have access to it? And three, do you know that they are using it correctly? To keep data safe, you have to be able to answer yes to all of these questions, but most organizations that turn to us can’t answer yes to any of them.”
They also believe they have a significant lead in solving these problems.
“For data to be secure, you need to be able to answer yes to all three questions all the time. This is why our platform and underlying technology provide such a durable competitive advantage, and why we believe we have a 15-year head start. Data has always been our primary focus, and we start by building context around it where it’s stored, what it contains, who can access it, and from where. Automation and machine learning connect these dots to build visualizations of risks and profile of normal usage.”
In conclusion they say. “Because we have aimed to keep pace with the relentless growth and complexity of data, we believe that our platform is uniquely positioned to address the data protection challenges facing all companies, providing Varonis an enormous opportunity to capitalize on the market opportunity we see, while deepening our competitive moat.”
Zscaler ZS. Buy @ $278.50. MV: $38.1bn. Next figures: 9 September. Times recommended: 16 First recommended: $60. Last recommended: $243
In May Zscaler delivered barnstorming Q2 2021 results.
“As you saw in our earnings release, we delivered outstanding results for the third quarter with accelerating growth at scale while increasing adoption of our broader platform. We drove 60pc growth in revenue and 71pc growth in billings. We also generated strong growth in operating profits and delivered record free cash flow. Enterprises are looking to Zscaler to secure their digital transformation and architect for the work from anywhere economy, which we believe is the new normal. Our results exceeded our expectations, and we are again increasing our guidance for fiscal ’21. Our business is firing on all cylinders. Our superior architecture and optimised go-to-market engine is elevating us about the competitive noise.”
Just to give you a flavour of what they do.
“Our Zero Trust Exchange platform connects users, devices, and applications which is fundamentally different from firewall-based castle and moat security. Our platform prevents lateral threat movement and eliminates the attack surface by making applications invisible from the Internet, hence, reducing business risk. Furthermore, our proxy architecture is designed to inspect SSL-encrypted [a standard security technology for establishing an encrypted link between a server and a client] traffic, block sophisticated threats, and prevent loss of sensitive data. Faced with the latest news-making ransomware and other cyber attacks, CISOs [chief information security officers] and CIOs [chief information officers] are turning to Zscaler to dramatically improve their security posture while reducing the legacy IT costs.”
CEO, Jay Choudary, highlighted three factors he believed were driving the strong growth.
“Let me highlight three factors that drove our strong performance in the quarter. First, building on our strength with large enterprises. We closed a record number of seven-figure ACV [annual contract value] deals across a broad range of industries. Most of these wins are three-year commitments to provide our customers the foundation for application, network, and security transformation. Second, an increasing share of our sales is coming from broader platform purchases by new and existing customers. Strong platform upsells drove our 126pc dollar-based net retention rate in the quarter. Our newer solutions like out-of-band CASB [cloud access security broker], Zscaler Digital Experience, or ZDX, and Zscaler Cloud Protection or ZCP, are increasingly contributing to our wins. The breadth and depth of our platform is resonating with customers. And I believe Zscaler is the go-to platform for vendor consolidation, cost savings, increased user productivity, and better cyber protection. Third, our strategic decision last year to increase our investments in go-to-market is yielding fantastic results. I’m very pleased with our performance and momentum across all geos, all market segments, and all products.”
The opportunity is massive.
“In summary, we are making tremendous progress across all three areas: sales organization, marketing, and channel partners, and delivering strong results quarter after quarter. I believe we are on track to capture a material share of our $72bn serviceable market.”
Cyber security is moving to the heart of the digital transformation process, which creates a gigantic opportunity for the companies developing the software. Eight of them are listed above including two new entries to the QV for Shares portfolio. I believe there is a strong case for including all of them in your personal portfolio.
It may seem a lot to have eight shares in your portfolio just delivering cyber security but all these companies are different in what they do and the problems they solve for their customers. Remember also that a central tenet of the QV for Shares strategy is to build a portfolio of 200 shares or even more.
Ultimately every 3G+Magic share in the world is a candidate for inclusion and because they are all so exciting this should not dilute your performance but gives you great protection if some companies fail to deliver.