The combination of a nearly overnight shift to working from home and the increased level of general uncertainty left countless employees and companies vulnerable to eager cybercriminals
The increased demand for cybersecurity solutions has translated into strong top-line performance across the sector
We believe that companies should turn their focus toward planning and implementing a robust cybersecurity roadmap designed to deal with the complexities of today’s work environment
Q3 came and went with minimal abatement of the issues gripping our country over the past several months. COVID-19, the dominant concern, remains the leading conversation topic across dinner tables, political debates, and board rooms, as decision-makers everywhere attempt to balance safety with economic continuity. Similar to Q2, the stock market largely ignored the noise in Q3 and continued on its “up and to the right” trajectory. All else equal, this pattern would seem to be directly at odds with high unemployment, increasing debt, widespread business closures, and more. The picture becomes clearer when considering the aggressive measures taken by the Fed, including near zero interest rates and unlimited bond buybacks.
With Q2 financial data now available for public cybersecurity companies, we can see that demand translated into strong top-line performance across the sector
Within cybersecurity, volatility has accelerated demand for best-of-breed solutions to protect against mounting cyber threats. As postulated in Adams Street’s Q2 2020 Cybersecurity Market Update, the combination of a nearly overnight shift to working from home and the increased level of general uncertainty left countless employees and companies vulnerable to eager cybercriminals. Looking at the data from Q2, it’s clear that these bad actors jumped on the opportunity. According to the FBI Cyber Division, inbound cybersecurity complaints jumped 3-4x in the early days of COVID as international and domestic hackers looked to exploit the increasing online presence of Americans. These attacks have manifested themselves in many different ways but are all intended to prey on stressed individuals and vulnerable businesses:
The past few months have shown that the current environment is fertile hunting ground for cybercriminals. Businesses of all sizes have had to lean heavily on cybersecurity solutions to effectively secure a distributed workforce. With Q2 financial data now available for public cybersecurity companies, we can see that demand translated into strong top-line performance across the sector. Of the 26 public cybersecurity companies (excluding Sumo Logic given in-quarter IPO), all but 2 (Splunk and Radware) beat consensus revenue estimates for the quarter ending June or July. Additionally, the median margin above expectations was 3.74% compared to 1.71% in Q1’20 and 2.47% in Q4’19. Management revenue guidance trends also underpin the strong performance of the cybersecurity sector. Of the 13 cybersecurity companies that released 2020 revenue guidance at the end of Q2, 8 are projecting the same or higher revenue as they expected at the end of Q4’19 (before the COVID pandemic). This is especially impressive given the broader economic slowdown and enterprise disruption present in 2020.
The high-growth cybersecurity index outpaced the S&P 500 by more than 2x over Q3
Performance within the public markets has been mixed. The high-growth (>20% 2020E revenue growth) cybersecurity index outpaced the S&P 500 by more than 2x over Q3, with all six companies (excluding Sumo Logic) trading upwards during the quarter. The low-growth cybersecurity index did not perform as strongly, finishing the quarter down 1%.
Growth over profitability continued to reign as the high-growth cybersecurity companies saw TEV / NTM revenue multiple expansion (7%) during the quarter while the low-growth companies experienced contraction (-4%). This is despite a median 2020E EBITDA margin of 3.2% for the former bucket and 19.4% for the latter.
So, what’s next for cybersecurity? Businesses that initially scrambled to meet the demanding needs of a remote workforce now have a moment to come up for air. We believe these companies should turn their focus toward planning and implementing a robust cybersecurity roadmap designed to deal with the complexities of today’s work environment. The piecemeal, “just good enough” security measures that some companies scrambled to pull together at the beginning of the pandemic will not be sufficient moving forward. Working from home won’t be permanent for all companies but it is the reality for many for the foreseeable future. A viable cybersecurity program should include critical capabilities such as:
One thing that is certain is that cybercriminals are here to stay. Their attacks will continue to become more advanced and creative. To avoid harmful breaches, it is paramount that businesses lay the groundwork for a strong cybersecurity presence with the resources to remain agile as new threats present themselves.
Data and analytics provided by S&P Global Market Intelligence. List of public cybersecurity companies compiled by Adams Street. Data sourced September 30, 2020.
Important Considerations: This information (the “Paper”) is provided for educational purposes only and is not investment advice or an offer or sale of any security or investment product or investment advice. Offerings are made only pursuant to a private offering memorandum containing important information. Statements in this Paper are made as of the date of this Paper unless stated otherwise, and there is no implication that the information contained herein is correct as of any time subsequent to such date. All information has been obtained from sources believed to be reliable and current, but accuracy cannot be guaranteed. References herein to specific companies or sectors are not to be considered a recommendation or solicitation for any such company or sector. Projections or forward-looking statements contained in the Paper are only estimates of future results or events that are based upon assumptions made at the time such projections or statements were developed or made; actual results may be significantly different from the projections. Also, general economic factors, which are not predictable, can have a material impact on the reliability of projections or forward-looking statements.