Join our community of smart investors

The best cyber security pure-plays

Former City analyst Robin Hardy examines some of the companies investors should consider for exposure to the wave of investment in cyber security
The best cyber security pure-plays

Cyber security is a high-growth business thanks to the volume and complexity of threats growing week-by-week. Along with the rest of the technology sector, shares in this space have taken a beating since the rotation away from growth stocks in November: the tech-oriented Nasdaq index fell by 30 per cent to its recent low and, as Figure 2 shows, may have now undershot its longer trend.  But, as has long been the case with this sector, growth remains strong and, unlike value stocks, that growth does not deplete or become exhausted.

Growth in tools to counter cyber attacks arguably have amongst the best prospects in the technology sector and, unlike other sub-sectors where a specific technology might or might not play out, businesses require many different cyber security solutions from an array of different and specialist providers of what is not largely well-proven technology. So, this is an environment in which most providers should do well. 

Technology stocks have started to rally partly because value has crept in (many stocks have halved), partly because benchmark interest rates driving discounted cash flow valuations have stopped rising and, as our sister publication the Financial Times recently reported, some executives have started aggressively buying the dip. We could well be at an attractive entry point.


US benchmark interest rates that drive DCF valuations

Source: Factset


Nasdaq Technology 100 index - absolute and long trend

Source:  FactSet, Investors’ Chronicle


A heavily US-biased sector

Almost all of the investible value for private investors in cyber security currently resides in US markets and there are more than two dozen companies with a market value of greater than $1bn. In this article we will look at some of the largest and the fastest-growing pure-play businesses – there is some, limited, exposure available through broader technology majors, but we will focus on pure-plays.

So, a selection from the US listings noting, as with all tech selections, that a portfolio approach is the safety-first option:

Crowdstrike (US:CRWD) – this is one of the largest and fastest-growing cyber stocks in the US. It operates in the cloud-based endpoint protection platform (EPP) segment (endpoints are various devices we all use to connect) along with providing threat intelligence and response services. Its unique selling point (USP) is that it aims primarily to pre-empt threats, but also offers managed detection and response (MDR) services, dealing with live threats. Another attraction is that its Falcon platform is resource-light and users report that it is especially easy to use and integrates well with other cyber defence tools and platforms such as Amazon Web Services (AWS) and Google Cloud. 

There is rapid growth here with more than 90 per cent revenue expansion in the past five years and a compound annual growth rate (CAGR) of more than 35 per cent is forecast for the next three years. CRWD is profitable, with earnings before interest, tax, depreciation and amortisation (Ebitda) forecast to triple between 2022 and 2025, which drives a ‘rule-of-40’ score of around 55. So growth is high, but so is the rating: 16 times sales and 90 times Ebitda for year-one forecasts, but estimates today are almost 50 per cent higher than a year ago while the share price is more than 25 per cent lower. Fair value could easily be well above $200 (£159) a share versus today’s $160-$165.

PaloAlto (US:PANW) – this is primarily a firewall business working to prevent unwanted entry to a network, with its USP being that it does not cause data bottlenecks, a common problem with high data volumes. It also offers a suite of software-as-a-service (SaaS) security services, including endpoint, access logging and threat intelligence. To some extent, strong perimeter defences are a mature segment and are ceding ground to the likes of artificial intelligence (AI) and machine learning (ML) systems as growing data theft has made it easier for hackers to gain seemingly legitimate access. This can limit firewalls’ efficacy.

This is reflected in the growth rates: still impressive but at 20 per cent CAGR for 2022 to 2024 this is relatively low in the tech arena, and there is also lowish momentum in estimates, which have only increased by 9-10 per cent in the past 12 months. Indeed, since the first quarter (Q1) of this year, forecasts have edged down slightly. PANW still achieves a rule-of-40 score of around 45, meaning there is still value here, but less than in CRWD.

This relative maturity is reflected in a much lower rating of 8 times sales and 35 times Ebitda. The share price has also been more robust, being almost 40 per cent higher than a year ago and at broadly the same level as when the big tech sell-off started in November 2021. For extra choice, Fortinet (US:FTNT) operates in the same space with a very similar valuation and recent share price profile. 

Okta (US:OKTA) – this is an authentication and authorisation service that can be added to any network entry, software application, mobile app or cloud service. This allows developers to skip that step when building a product or service by outsourcing the process. This allows Okta’s products to be used with other firewall or ‘hunt-and-kill’ services to add an additional security layer and, using tools such as multi-factor verification, the impact of stolen credentials can be reduced. Its services are typically unseen, with users seeing the platform’s or software’s own branded entry barrier – something of an unsung hero. 

Okta does serve to show the risks in this space. It was connected to a data hack in January 2022 using stolen credentials first to breach a protected customers installation before then breaching upwards into Okta’s core network. This has hurt the share price and, while the likes of PANW are less than 10 per cent down over six months, Okta is more than 60 per cent lower. Reputation is vital in this sector, and Okta highlights a key risk of making investments in this space. Growth is still strong (doubling revenue in two years), but breakeven has been pushed back, meaning that Okta just clings to a positive rule-of-40 score. Riskier, but the bombed-out share price has started to turn. 

ZScaler (US:ZS) – this is a ‘zero trust’ business, a technology sometimes known as perimeterless security, a sub-sector with the mantra “never trust, always verify”. ZS is entirely cloud-based and is well-aligned with the moves to cloud and/or remote working as there are often major weaknesses in networks with remote endpoint access requests and data movements. Zero trust basically assumes that all connections and movements are harmful unless proved otherwise. This can slow down workflows, but that is a trade-off for the strong verification it provides. 

ZS is growing rapidly (more than 50 per cent a year) but is still lossmaking if the huge share-based payments ($111mn in the last quarter alone) and other profit adjustments are left in the accounts: on an ‘adjusted’ basis it makes 15 per cent margins and upgrades have been healthy. The rule-of-40 score is an attractive 68 and, while the technology it offers may sound cumbersome, it does appear more robust than some of the more esoteric solutions on offer. The stock looks interesting after a 60 per cent drop.

NortonLifeLock (US:NLOK) – previously known as Symantec, this is the only one of our selection that operates primarily in the retail/consumer space; many will be familiar with the Norton AntiVirus home internet security tools. Most instances of its software are local installations rather than SaaS of cloud-managed solutions, and interestingly in its own presentations uses the term ‘cyber safety’ rather than security. A lot of its customer base is inherited initially free software bundled with new computers, but the business is looking to branch out from largely private internet security more into corporate markets and other areas, such as internet-of-things security, identity protection and online privacy.

Growth is fairly pedestrian (for this sector) with 6 per cent CAGR forecast for 2022 to 2025, and the shares have made lower total returns than most peers over five years. It also trades on a ‘normal’ price/earnings ratio of 13 times and even offers a yield of 2 per cent. 

That might seem good value for a technology-biased stock, but the risk is that its products risk becoming legacy as more work is done in the cloud, and the plan to provide a boost via a merger with UK-listed but Czech-domiciled antivirus provider Avast (which would double NLOK’s internet security business) is raising competition issues – NLOK would control a quarter of the global home net security market. Without the merger (worth $8bn), Norton may struggle for momentum. This is a good example of why not to buy a stock because you know/use the product.


Slim pickings in the UK

Cyber security in the UK is largely undertaken by international subsidiaries, private-equity-funded private companies and the international consulting companies, meaning few home-grown investible opportunities. There were a couple of major domestics (Avast and Sophos), but a US major and private equity have acquired or are in process of acquiring them. This leaves only one substantial cyber security pure-play listed in the UK: Darktrace (DARK), which we reviewed back in September 2021 and we look at again here. 

When we last wrote about Darktrace its share price was testing 1,000p; today, the shares appear stuck on a plateau just below 400p, partly due to the broader technology shake-out and partly for more specific reasons. Does this mean, especially when combined with forecasts now c15 per cent higher, that DARK is now automatically good value? Not necessarily. DARK ought to be in the sweet spot for where the cyber battles are heading. As we discussed in the previous cyber security article, many network breaches today are made using legitimate but stolen credentials, which can render perimeter security tools ineffective. DARK’s systems, based on AI and ML, work to detect and lock down non-standard behaviour within a network. As AI and ML are increasingly the tools that hackers use, a mirrored response by cyber security would seem wholly appropriate. 

Previously, we were concerned by DARK’s valuation more than its growth potential or its technology as the business was growing at its slowest rate in five years yet its stock was trading at its highest ever EV/Sales ratio. In the past nine months there has been a major swing in expected profitability here. In September, the forecast consensus was for a pre-tax loss of £20mn-£25mn even by 2024, but today, following positive trading updates, consensus is now for profits of £20mn-£25mn. The shares are trading on 7.5 times sales (although the PE ratio is still more than 100 times two years out), which is not exactly high for a fast-growth market. Profits are growing at around 30 per cent and Ebitda margins are 14 per cent, which gives DARK a rule-of-40 score of c44, which is positive, albeit marginally.

When we last wrote, we suggested that DARK should probably be in the 500p-600p range, making it expensive then but likely too cheap now. Part of the drag on the share price has been the ongoing travails of one of the group’s founders, Mike Lynch. But, as DARK continues to grow its revenues, increasingly this should be viewed as a sideshow. Anyone buying DARK at 350p should expect to see healthy total returns over two to five years as, although it is hardly cheap, there is value here and the rising tide in the US sector should also lift this boat.   

Other UK stocks only have a partial or tangential connection. NCC (NCC), for example is involved in penetration testing; Kape (KAPE) is more of a VPN business (privacy rather than security online); and Micro Focus (MCRO) is a broad-based IT service business with a modest cyber resilience offering. These do not really tick the box for good cyber security exposure. 

There are a few small UK-listed stocks operating in niche areas that could be interesting and we will look at these in our third and final article in this series.