ON EMERGING OPPORTUNITIES
Integrative research means our extensive company research informs every thesis and perspective. The result is deep industry knowledge, expertise, and trend insights that yield valuable results for our partners and clients.
- We present our annual analysis of publicly traded, enterprise-focused cybersecurity firm performance. We highlight that 2022 revenue grew 26.4%, a slight acceleration from 2021's 24.4% growth and well above 2020's 18.0% growth, and that actual 2022 revenue exceeded initial guidance by an average and median 2%, suggesting overall demand was solid.
- Companies focused on cloud-based solutions were again the fastest growers, and fast-growing cybersecurity behemoths Fortinet (FTNT) and Palo Alto Networks (PANW) continue to evade the fate of slowing growth typically seen at the sector's largest players.
- Stock prices for the group declined by a much wider margin over the past year than the major indexes despite the strong revenue growth and despite the group beating 2022 revenue guidance on average. We attribute this to 1) a shift in investor sentiment toward favoring cash flow generation and profitability over growth and 2) 2023 revenue growth guidance that indicates a meaningful deceleration is anticipated.
- The two largest-market-cap companies (Fortinet and Palo Alto) now account for nearly half the group's total market capitalization, up from about a third a year ago.
TABLE OF CONTENTS
How we looked at the market
Revenue growth suggests demand holding up well
Cloud-based solutions still fastest growers
Fortinet and Palo Alto continue to have distinguished growth at scale
Mixed performance relative to guidance
Negative correlation between stock performance and business performance
Relatively low growth guidance, investor focus on cash, profit likely behind stock price weakness
Market capitalization even more concentrated
Cybersecurity index recovers in Q1
Cybersecurity M&A: Notable transactions include Minerva Labs, Valtix
Cybersecurity private placements: Notable transactions include Netskope, SpiderOak
How we looked at the market
This report presents our annual analysis of publicly traded, enterprise-focused cybersecurity firms' performance.
To be included in this year's analysis of stock performance, companies had to be listed on a U.S. exchange, have most-recent-year revenue greater than $100 million, derive the vast majority of their business from supplying cybersecurity solutions to businesses and government customers, and have been public for all of 2022. Relative to our most recent annual analysis in April 2022, we removed five companies that were acquired during the year: Ping Identity, SailPoint, Mimecast, Mandiant, and Tufin Software. Our revenue growth analysis includes Cisco Systems' (CSCO) separately reported cybersecurity revenue. Consistent with our focus on business-to-business companies, we again exclude consumer-focused cybersecurity companies such as Gen Digital (GEN), formerly known as NortonLifeLock. We perform our analysis at the end of the first quarter so we can include reported full-year data (as opposed to estimates), including several January-year-end companies.