INTEGRATIVE INSIGHTS
ON EMERGING OPPORTUNITIES

Integrative research means our extensive company research informs every thesis and perspective. The result is deep industry knowledge, expertise, and trend insights that yield valuable results for our partners and clients.

About the Authors:
Howard Smith
Managing Director
Howard Smith has nearly three decades of experience at First Analysis, working with entrepreneurs as an investor and as an advisor on growth transactions to help build leading technology businesses. He leads the firm's work in the Internet of Things, cybersecurity and internet infrastructure sectors. He also built the firm's historical franchises in call centers and computer telephony. His thought-leading research in these areas has been cited for excellence by the Wall Street Journal and other publications. He supports First Analysis' investments in EdgeIQ, Fortress Information Security, ObservIQ, Tracer and VisiQuate. Prior to joining First Analysis in 1994, he was a senior tax consultant with Arthur Andersen & Co. He earned an MBA with honors from the University of Chicago and a bachelor's degree in accounting with highest honors from the University of Illinois at Urbana-Champaign. He is a certified public accountant.
Liam Moran
Senior Analyst
Liam Moran is a senior analyst with First Analysis. Prior to joining First Analysis in 2020, he was in the executive development program with Macy's, where he was responsible for managing the financial modeling surrounding Macy's $3 billion asset-based loan, capital project valuations, and corporate forecasting. Liam graduated from Kenyon College with a bachelor’s degree in economics and a concentration in integrated program in humane studies. He was a four-year member of the Kenyon varsity swimming team.
First Analysis Cybersecurity Team
Howard Smith
Managing Director
Matthew Nicklin
Managing Director
Liam Moran
Senior Analyst
First Analysis Quarterly Insights
Cybersecurity
Public players grew faster again in 2022, but guiding for a slowdown
April 4, 2023
  • We present our annual analysis of publicly traded, enterprise-focused cybersecurity firm performance. We highlight that 2022 revenue grew 26.4%, a slight acceleration from 2021's 24.4% growth and well above 2020's 18.0% growth, and that actual 2022 revenue exceeded initial guidance by an average and median 2%, suggesting overall demand was solid.
  • Companies focused on cloud-based solutions were again the fastest growers, and fast-growing cybersecurity behemoths Fortinet (FTNT) and Palo Alto Networks (PANW) continue to evade the fate of slowing growth typically seen at the sector's largest players.
  • Stock prices for the group declined by a much wider margin over the past year than the major indexes despite the strong revenue growth and despite the group beating 2022 revenue guidance on average. We attribute this to 1) a shift in investor sentiment toward favoring cash flow generation and profitability over growth and 2) 2023 revenue growth guidance that indicates a meaningful deceleration is anticipated.
  • The two largest-market-cap companies (Fortinet and Palo Alto) now account for nearly half the group's total market capitalization, up from about a third a year ago.

TABLE OF CONTENTS

How we looked at the market

Revenue growth suggests demand holding up well

Cloud-based solutions still fastest growers

Fortinet and Palo Alto continue to have distinguished growth at scale

Mixed performance relative to guidance

Negative correlation between stock performance and business performance

Relatively low growth guidance, investor focus on cash, profit likely behind stock price weakness

Market capitalization even more concentrated

Cybersecurity index recovers in Q1

Cybersecurity M&A: Notable transactions include Minerva Labs, Valtix

Cybersecurity private placements: Notable transactions include Netskope, SpiderOak

How we looked at the market

This report presents our annual analysis of publicly traded, enterprise-focused cybersecurity firms' performance.

To be included in this year's analysis of stock performance, companies had to be listed on a U.S. exchange, have most-recent-year revenue greater than $100 million, derive the vast majority of their business from supplying cybersecurity solutions to businesses and government customers, and have been public for all of 2022. Relative to our most recent annual analysis in April 2022, we removed five companies that were acquired during the year: Ping Identity, SailPoint, Mimecast, Mandiant, and Tufin Software. Our revenue growth analysis includes Cisco Systems' (CSCO) separately reported cybersecurity revenue. Consistent with our focus on business-to-business companies, we again exclude consumer-focused cybersecurity companies such as Gen Digital (GEN), formerly known as NortonLifeLock. We perform our analysis at the end of the first quarter so we can include reported full-year data (as opposed to estimates), including several January-year-end companies.

To access the full report, please provide your contact information in the form below. A First Analysis representative will follow up with you shortly. Thanks for your interest in First Analysis research.
First Name required!
Last Name required!
Email required!
Industry required!
Unfortunately, your request to access the complete report has failed.

Please check the contact information you have entered.

If the form submission failure persists, please contact Person at (xxx) xxx-xxxx to handle your request. Thank you.
©2024 by First Analysis Corporation.
One South Wacker Drive
  ·  
Suite 3900
  ·  
Chicago, IL 60606
  ·  
312-258-1400