Quarterly Outlook
Macro Outlook: The US rate cut cycle has begun
Peter Garnry
Chief Investment Strategist
Chief Investment Strategist
Summary: Most high growth industries have a high sensitivity to the economic outlook but the cyber security industry becoming a necessity for the corporate sector and governments around the world. This means that the underlying demand function is stable throughout the economic cycle and the increased number of cyber attacks have increased the awareness and need for massive investments. The industry is still small and will likely see double-digit growth growth rates over the coming decades as the digitalisation continues and with the rise of Internet of Things. Our cyber security consists of 25 largest publicly-listed cyber security companies.
This year we have been rolling out 15 new equity theme baskets and today we are launching our 16th equity basket focusing on the cyber security industry. This industry has grown considerably the past year and delivered strong returns to shareholders over the past five years. However, the best feature of the cyber security industry is that it has defensive characteristics combined with an above average growth outlook.
The basket
Our cyber security basket consists of 25 companies mainly based in the US with only three non-US companies showing the dominance of the US in cyber security. Despite the growing threats from cyber attacks with the most recent high-profile attack being on a major US pipeline, the industry is still small with a combined market value of $381bn across the 25 companies in our basket.
Name | Market Cap (USD mn.) | Sales growth (%) | EPS growth (%) | Diff to PT (%) | 5Y return % |
Crowdstrike Holdings Inc | 57,108 | 77.3 | 41.1 | 1.3 | NA |
Fortinet Inc (**) | 39,206 | 20.3 | 37.6 | -8.5 | 652.3 |
Okta Inc | 36,615 | 40.4 | -39.9 | 12.4 | NA |
Palo Alto Networks Inc | 35,878 | 22.2 | -69.7 | 19.7 | 202.5 |
Cloudflare Inc | 32,224 | 51.0 | NA | -6.6 | NA |
Zscaler Inc | 29,981 | 53.7 | -352.1 | 5.5 | NA |
VeriSign Inc | 25,487 | 3.1 | -13.2 | 3.6 | 168.8 |
Splunk Inc | 22,571 | -3.0 | -79.6 | 19.2 | 151.2 |
Check Point Software Technologies Ltd | 15,825 | 3.8 | 9.9 | 14.2 | 49.6 |
NortonLifeLock Inc | 15,792 | 2.4 | 75.2 | 1.9 | 145.5 |
McAfee Corp | 12,216 | NA | NA | -2.2 | NA |
F5 Networks Inc | 10,984 | 7.0 | -11.0 | 18.6 | 62.5 |
Proofpoint Inc | 9,970 | 16.4 | 28.0 | 1.4 | 190.3 |
Trend Micro Inc/Japan | 7,443 | 5.2 | -13.1 | 7.3 | 94.8 |
Avast PLC | 7,127 | 2.5 | -19.2 | 16.6 | NA |
Varonis Systems Inc | 6,189 | 24.3 | -12.5 | 17.7 | 633.3 |
CyberArk Software Ltd | 5,410 | 5.8 | -96.6 | 29.5 | 181.4 |
Rapid7 Inc | 5,383 | 24.8 | -52.3 | 1.8 | 650.5 |
SolarWinds Corp | 5,341 | 6.8 | 448.6 | 16.6 | NA |
Sailpoint Technologies Holdings Inc | 4,842 | 25.4 | -26.6 | 21.6 | NA |
FireEye Inc | 4,838 | 6.5 | 33.4 | 9.8 | 30.4 |
Tenable Holdings Inc | 4,684 | 22.2 | 71.8 | 33.0 | NA |
Venustech Group Inc | 4,154 | 32.0 | 27.6 | 48.1 | 29.2 |
Qualys Inc | 3,996 | 12.3 | -4.1 | 9.9 | 239.6 |
CommVault Systems Inc | 3,701 | 7.8 | 96.1 | 1.4 | 87.3 |
Aggregate / median | 380,749 | 14.3 | -11.0 | 9.9 | 160.0 |
Source: Bloomberg and Saxo Group
* Sales and EPS growth is measured on 12-month trailing figures, Diff to PT is the difference between consensus price target and the current price in %
** Peter Garnry has holdings in these companies
The median revenue growth over the past year is 14% which is quite attractive relative to a global pandemic and lockdowns in many countries. Earnings growth is volatile across the industry with a few players showing stable profit margins while most cyber security companies are investing heavily in growth and expanding the client base. Analysts covering the industry are generally positive on the industry with a median price target being 10% above the current price. Of the 16 companies with a five-year history the median five-year return has been 160% which has been attractive.
The industry and why it is attractive for investors
The cyber attack on the Colonial pipeline was a big deal and brough cyber attacks to the attention of company leaders and political leaders with Biden bringing it up as topic at the recent summit with Putin. Cyber security is becoming a critical part of any country and company’s infrastructure as the world goes more digital and some are even suggesting that it should become compulsory. A Danish home improvement retailer was recently exposed to a cyber attack and the CEO has been out saying that dealing with the pandemic was much easier than this cyber attack. This underscores the growing attention by business leaders that cyber security is a necessity.
The cyber security industry is expected to grow 11% annualized until 2028 from a current estimated market size of $167bn, but this could prove to be too low an estimate given the increased threat from cyber attacks. With the adoption of Internet of Things which we back in May described as the next growth cycle for the semiconductor industry more things will be coupled and connected creating even bigger demand for cyber security.
The combination of double-digit growth rate and defensive characteristics, companies and governments need cyber security no matter the state of the economy, are what makes the cyber security industry attractive for investors.
Key risks
Many cyber security stocks are aggressively valued due to increased attention of investors and the growth outlook. These high valuations make cyber security vulnerable and more volatile over earnings releases as they respond more to the changing outlook. The high valuations also mean that cyber security stocks in the short-term could be sensitive to higher interest rates. As most of the companies in the basket are US-based a higher USD is negative for earnings and revenue growth which means that higher US inflation could be a negative the industry.
Cyber security technology is evolving fast, and some companies might not be able to switch to the new technology vectors. The Orion hack back in 2020 exposed SolarWinds and has caused a crisis at the company and in general this is one of the big tail-risk events for any cyber security company that one day your systems cannot prevent a big cyber attack on your customers’ systems. This could lead to loss of clients and ultimately a failure as a company.