| INTEGRATIVE INSIGHTS ON EMERGING OPPORTUNITIES |
Integrative research means our extensive company research informs every thesis and perspective. The result is deep industry knowledge, expertise, and trend insights that yield valuable results for our partners and clients.
hsmith@firstanalysis.com
lmoran@firstanalysis.com
- We present our annual analysis of publicly traded, enterprise-focused cybersecurity firm performance. We highlight that 2024 aggregate revenue grew 16.7%, substantially slower than 2023’s 21.9% growth and 2022’s 30.8% growth. Average 2024 revenue growth was 16.6%, better than initial guidance for 15.1% growth on average; initial 2025 growth guidance is 13.4% on average.
- 2024 was a rare year of across-the-board profitability for our cybersecurity group and a rare year of across-the-board profit-guidance beats. We think this indicates the sector has matured to a point where profitability and revenue growth are more or less equally important to investors: There is a strong positive correlation between the past year’s cybersecurity stock price changes and the sums of expected revenue growth rates and profit margins (the metrics used in the Rule of 40).
- We continue to see a trend toward increased market capitalization concentration among the publicly traded cybersecurity companies. These large, established companies are well positioned to continue growing profitably, making it difficult for smaller competitors to challenge them in their core product areas.
- However, innovative, cloud-native companies continue to outperform on growth, showing that technological differentiation and market focus remain powerful drivers of performance. Innovative, specialized companies targeting topical growth areas can profitably grow at above-average rates and be well rewarded in the capital markets.
TABLE OF CONTENTS
How we looked at the market
2024 revenue growth slowed
Cybersecurity stocks appreciate in line with indexes, large market cap stocks continue to account for more of the total cap
Increased concentration of market cap of largest players
Initial guidance for 2024 was conservative, 2025 expectations suggest revenue growth will slow further
Revenue performance above guidance, earnings significantly outperform
All companies showcase positive non-GAAP earnings per share in 2024
Stock performance correlated with the Rule of 40
Dynamics of a maturing market
Concluding thoughts
Cybersecurity index: Soared in February but now back to earth
Cybersecurity M&A: Notable transactions include Wiz and Zilla Security
Cybersecurity private placements: Notable transactions include ReliaQuest and Cyberhaven
How we looked at the market
This report presents our annual analysis of publicly traded, enterprise-focused cybersecurity firms’ performance.
To be included in this year’s analysis of stock performance, companies had to be listed on a U.S. exchange, have most-recent-year revenue greater than $100 million, derive the vast majority of their business from supplying cybersecurity solutions to businesses and government customers, and have been public for all of 2024. Relative to our most recent annual analysis in April 2024, we removed SecureWorks (SCWX) due to its acquisition by Thoma Bravo’s Sophos. We also removed Cisco Systems’ (CSCO) cybersecurity revenue, which only appeared in the revenue growth section, due to its acquisition of Splunk; we plan to add it back next year, as we’ll then have two years of comparable company revenue. We also plan to add recent IPO and former Thoma Bravo portfolio company SailPoint (SAIL).
Consistent with our focus on business-to-business companies, we again exclude consumer-focused cybersecurity companies such as Gen Digital (GEN), formerly known as Norton LifeLock. We perform our analysis at the end of the first quarter so that we can include reported full-year data (as opposed to estimates), including several companies whose fiscal year ends in January, and so we can consider company guidance for 2025.