Integrative research means our extensive company research informs every thesis and perspective. The result is deep industry knowledge, expertise, and trend insights that yield valuable results for our partners and clients.

About the Authors:
Howard Smith
Managing Director
Howard Smith has over three decades of experience at First Analysis, working with entrepreneurs as an investor and as an advisor on growth transactions to help build leading technology businesses. He leads the firm's work in the Internet of Things, cybersecurity and internet infrastructure sectors. He also built the firm's historical franchises in call centers and computer telephony. His thought-leading research in these areas has been cited for excellence by the Wall Street Journal and other publications. He supports First Analysis' investments in EdgeIQ, Fortress Information Security, ObservIQ, Stamus Networks, Tracer and VisiQuate. Prior to joining First Analysis in 1994, he was a senior tax consultant with Arthur Andersen & Co. He earned an MBA with honors from the University of Chicago and a bachelor's degree in accounting with highest honors from the University of Illinois at Urbana-Champaign. He is a certified public accountant.
Liam Moran
Liam Moran is an associate with First Analysis. Prior to joining First Analysis in 2020, he was in the executive development program with Macy's, where he was responsible for managing the financial modeling surrounding Macy's $3 billion asset-based loan, capital project valuations, and corporate forecasting. Liam graduated from Kenyon College with a bachelor’s degree in economics and a concentration in integrated program in humane studies. He was a four-year member of the Kenyon varsity swimming team.
First Analysis Cybersecurity Team
Howard Smith
Managing Director
Matthew Nicklin
Managing Director
Liam Moran
First Analysis Quarterly Insights
Growth continues to slow with more focus on profitability
April 2, 2024
  • We present our annual analysis of publicly traded, enterprise-focused cybersecurity firm performance. We highlight that 2023 aggregate revenue grew 18.4%, substantially slower than 2022's 26.5% growth and 2021's 24.3% growth. Average revenue growth was 16.4%, somewhat below 2023 initial guidance for 18.5% growth on average; initial 2024 growth guidance is only 13.5% on average.
  • We believe the revenue growth slowdown reflects cybersecurity companies heeding investors' desire for more focus on profitability. From 2022 to 2023, EBIT/EBITDA margins increased on average by 730 basis points, and 2024 guidance implies margins will increase by another 320 basis points.
  • Should it continue for multiple years, we think investors may view a shift to slower sector growth, even if accompanied by greater profitability, as limiting the sector's long-term potential. However, we don't see anything in the threat environment to make us believe market growth will slow for an extended period, and we are hopeful that our public cybersecurity group will sustain double-digit revenue growth, perhaps above 2024 projected levels, for some time to come.
  • In the past we've noted a trend toward increased market capitalization concentration among the publicly traded cybersecurity companies that might portend a winner-takes-most market structure; however, given recent shifts and considering other evidence, we remain optimistic the market will continue to be open to many winners, including smaller companies.


How we looked at the market

2023 revenue growth slowed, consistent with initial 2023 guidance

Guidance suggests revenue growth will slow further

Cybersecurity stocks rebounded from 2022's rough performance

Profit margins continued to increase, and 2024 guidance suggests further expansion

Cloud-centric players' stocks hit the hardest in 2022, but appreciate the most in 2023

Revenue performance in line with guidance, but earnings significantly outperform

Where will the market's focus go?

Winner-take-all dynamics not accelerating in this market

Cybersecurity index lead over Nasdaq narrows

Cybersecurity M&A: Notable transactions include ZeroFox and Avalor Technologies

Cybersecurity private placements: Notable transactions include Axonius and Extrahop

How we looked at the market

This report presents our annual analysis of publicly traded, enterprise-focused cybersecurity firms' performance.

To be included in this year's analysis of stock performance, companies had to be listed on a U.S. exchange, have most-recent-year revenue greater than $100 million, derive the vast majority of their business from supplying cybersecurity solutions to businesses and government customers, and have been public for all of 2023. Relative to our most recent annual analysis in April 2023, we removed ForgeRock, which was acquired during the year. Our analysis includes Cisco Systems' (CSCO) separately reported cybersecurity revenue in the revenue growth section. Consistent with our focus on business-to-business companies, we again exclude consumer-focused cybersecurity companies such as Gen Digital (GEN), formerly known as Norton LifeLock. We perform our analysis at the end of the first quarter so that we can use reported full-year data (as opposed to estimates), including several companies whose fiscal year ends in January, and so we can consider company guidance for 2024.

To access the full report, please provide your contact information in the form below. A First Analysis representative will follow up with you shortly. Thanks for your interest in First Analysis research.
First Name required!
Last Name required!
Email required!
Industry required!
Unfortunately, your request to access the complete report has failed.

Please check the contact information you have entered.

If the form submission failure persists, please contact Person at (xxx) xxx-xxxx to handle your request. Thank you.
©2024 by First Analysis Corporation.
One South Wacker Drive
Suite 3900
Chicago, IL 60606