Cybersecurity powers through 2020 despite COVID-19

Despite the pandemic’s disruptions – including shutdowns and worker displacements – business-focused cybersecurity company performance in terms of revenue growth, ability to beat guidance on the top and bottom line, and share performance was very similar to what we’ve seen in past years.

Based on consensus estimates, aggregate 2020 revenue growth is expected to be 16.4% versus 18.4% actual growth in 2019. This universe typically beats consensus, so when final fourth-quarter numbers are reported early next year, we expect the actual 2020 growth rate to be slightly higher – perhaps 17.4%.

Companies on average and at the median reduced their revenue guidance over the course of 2020 by 1%. This compares to the 1% average guidance increase we saw last year in the same analysis, a difference we view as immaterial.

The one significant variance we identified was the outsized benefit cloud-migration-focused leaders showed in the magnitude of their guidance increases and the positive stock-price response.

The overall continued stalwart performance in the face of the pandemic underscores the favorable qualities of the business-focused cybersecurity market.

Given how unusual this year has been, and since we now have final 2020 guidance for those publicly traded companies on a calendar or Jan. 31 fiscal year, we see this as an opportune moment to examine how COVID-19 and other factors affected cybersecurity sector growth, earnings and stock performance in 2020.

We focus on pure-play cybersecurity companies supplying solutions to businesses. Each year we adjust the names in the group to adhere to this focus. Among this year’s adjustments, we added McAfee (MCFE) back to the analysis for revenue trends due to its relisting in October. However, since it was not public earlier in the year to give initial 2020 revenue and EPS guidance, we exclude it from the guidance analysis. We removed Forescout due to its acquisition by Advent and the delisting of its shares in August. We also removed Splunk (SPLK) because security has declined as a percent of its overall revenue and because we feel non-cybersecurity trends have become the primary drivers of its business and stock price. As in past years, we exclude consumer-focused cybersecurity companies such as NortonLifeLock (NLOK).