Publicly-traded cybersecurity firms rebounded, growing more than 11% in Q3 as the lion’s share of players met or beat Wall Street’s expectations.
Publicly-traded cybersecurity firms rebounded growing more than 11 percent in Q3 as the lion’s share of players met or beat Wall Street’s expectations. But analysts note Palo Alto Networks’ (NYSE:PANW) and Fortinet’s (NASDAQ:FTNT) lagging metrics could signal a reprioritization that leaves firewalls in the dust.
Wall Street hammered Fortinet stock in October when it negatively pre-announced its Q3 report. Shares of Palo Alto Networks, too, crashed 10 percent when the firm missed the high-end of its fiscal Q3 guidance for the first time ever and guided to a backend-loaded January quarter.
Both firms shared a commonality — product sales braked jarringly, but subscription revenue, too, hit a speed bump for the third consecutive quarter. Palo Alto’s product sales dipped to 11 percent growth from 24 percent and 35 percent. Fortinet toppled to 7 percent growth from 19 percent and 28 percent.
Piper Jaffray analyst Andrew Nowinski blames decelerating product sales on shifting enterprise focus. In 2014 and 2015, enterprises prioritized perimeter security — helping boost Palo Alto’s and Fortinet’s valuations. Now, security inside the firewall is getting a renewal.
“There seems to be more of a focus on internal tech,” he said. “But, in 2017, we should still get the (firewall) refresh cycle benefit even if firewall spending is no longer a priority. We’re seeing more of a focus on email, database security and privileged account management.”
He added: “The bigger underlying question is why are security purchases taking longer to close and why are CIOs (chief information officers) treating security purchases the same way they do regular IT and networking purchases?”
William Blair analyst Jonathan Ho says Wall Street had expected Palo Alto’s product revenue to decelerate, but not to the degree it did. Palo Alto’s guidance indicates fiscal Q4 could be the slowest-ever quarter for product sales amid an extended deal cycle.
“I think people thought (Palo Alto Networks) had set the bar lower last quarter,” he said. “Product revenue has been steadily decelerating at a much steadier rate. … They had guided for that, but expectations were for them to do better than that result.”
Cybersecurity Firms Reach Expectations
Nearly three-quarters of publicly-traded security firms met or beat expectations, but many by the skin of their teeth, William’s Blair’s Ho says. Fortinet, alone, had relatively weak results, Piper Jaffray’s Nowinski said. Nearly nine in 10 beat on profitability, but almost a third had losses.
“A lot of the cybersecurity companies’ results were OK, they kind of barely got through it or they had to reset expectations over the last two quarters,” Ho said. “At a high level, going into 2016, companies expected a continuation of spending trends that haven’t really held up this year.”
Cybersecurity Ventures, though, doesn’t buy the slowdown theory. Instead, the spending that would normally bulk up pure security players is funnelling into tech giants like Cisco Systems (NASDAQ:CSCO) and IBM (NYSE:IBM), and hundreds of venture-capital backed plays.
Fiscal Q3 sales as a whole were flat and declined 7 percent, respectively, for IBM and Cisco Systems. But both managed to grow security revenue by 11 percent apiece. Between 2017 and 2021, spending will top $1 trillion across the sector, Cybersecurity Ventures predicts.
But that may not extend as robustly to the public sector. Major breaches of Target (NYSE:TGT), Home Depot (NYSE:HD), Ashley Madison and the U.S. Office of Personnel Management stoked so-called “emergency spending” and record security valuations in 2014 and 2015, Ho said.
Security spending could rebound somewhat in 2017, Ho and Nowinski say. But Ho says that won’t approach 2014-2015 levels. Nowinski predicts a firewall refresh at the five-year mark after Palo Alto added a massive number of customers in 2012. Neither sees a major jump, though.
“I don’t expect (spending in 2017) to revert back to 2014 and 2015 with blank-check spending when people were panicking,” William Blair’s Ho said. “It will be more selective. But we plan for that increase. We can still have continued growth in the marketplace.”
Steve Morgan, Founder and Editor-In-Chief at Cybersecurity Ventures, offers a more optimistic view on spending. “Cybercrime damages are predicted to cost the world $6 trillion annually by 2021, up from $3 trillion last year” says Morgan. “With that, governments, corporations, and consumers will hike up their spending on cyber protection.”
“The biggest news in the recent U.S. presidential election was email security” notes Morgan. “In 2016 we witnessed major hacks on the DNC, LinkedIn, Dropbox, Yahoo, and countless others. It if doesn’t feel as serious as last year, it’s because the world is getting used to cybercrime.”
Niche Players Gain Momentum
Calendar year Q3 represented a small rebound for security firms which grew 11.3 percent on average following 9.2 percent growth in Q2. Public sector growth slowed considerably from 20.8 percent in Q1 and 23.3 percent in Q4.
But there are standouts. Though Palo Alto Networks missed the Street’s expectations, its 34 percent total sales and 57 percent earnings growth is nothing to sneeze at. Still, the best growth came from Proofpoint (NASDAQ:PFPT), Rapid7 (NASDAQ:RPD) and CyberArk Software (NASDAQ:CYBR), all niche players.
Proofpoint, Rapid7 and CyberArk grew 44 percent, 42 percent and 37 percent, respectively, in Q3. Less than half of pure security players (47.8 percent) outperformed the industry. But for that trio, alongside, Palo Alto Networks, it was the fourth consecutive quarter to do so.
Others, like Symantec (NASDAQ:SYMC), Barracuda Networks (NYSE:CUDA), FireEye (NASDAQ:FEYE) and Cyren (NASDAQ:CYRN) toed the industry average, growing by low-teens percentages. Symantec’s portfolio is expanding rapidly, though. Over the past two quarters, it added Blue Coat Systems and made plans to acquire Lifelock.
Industry trends are better tilted toward email providers like Proofpoint and Mimecast (NASDAQ:MIME), William Blair’s Ho said. A number of companies are transitioning to Microsoft Office 365 from on-site hardware, and Intel-McAfee is ending its product and recommending Proofpoint.
Like Proofpoint, Mimecast posted impressive sales growth in Q3, up 29 percent vs. the year-earlier quarter. Sales have accelerated for three consecutive quarters. Mimecast is now two quarters into the black, though Q3 earnings declined by half on a year-over-year basis.
Mimecast is ranked eighth in the Cybersecurity Ventures Cybersecurity 500. The company cracked the top 25 for the first time this quarter.
“Email is going through a structural transition,” Ho said. “Office 365 is causing enterprises to reevaluate their security offerings. … Based on what we’ve seen, they (Proofpoint and Mimecast) have benefited from these email trends.”
Allison Gatlin is a journalist, tech reporter, and Cybersecurity Ventures Contributor based in San Jose, Calif.
This post was originally published on Cybersecurity Ventures on November 30, 2016.