Cybersecurity stocks have performed well in 2023, rising about +26.5% YTD, with the security backdrop boosted by an increase in data breaches and ransomware. Quarterly spending has increased approximately +12.7% YoY to ~$37.6 billion through the first half of the year, although commentary from sector leaders Fortinet (FTNT) and Palo Alto (PANW) raised some concerns about spend optimization, with billings forecasts from the two weaker than expected.
Despite beating on the top and bottom lines, Zscaler (ZS) provided flat billings guidance while revenue growth is set to slow. CrowdStrike (CRWD) was GAAP profitable from operations for the first time ever as net new ARR reached a record, but billings and ARR growth both decelerated.
Cybersecurity Market Growth Slows in Q2
Zscaler and CrowdStrike reported their October quarters this week with both providing important commentary that the macro environment is tougher than usual. CrowdStrike’s management said that buyers still remain cautious since the “macroenvironment remains challenging with continued increased budget scrutiny.” Zscaler said that while the “global macro environment remains challenging, and customers continue to scrutinize large deals … customer sentiment seems to be stabilizing.”
Looking back at the cybersecurity market through Q2 offers a bit of color on those broader trends impacting growth this year. The market registered a third straight quarterly deceleration in Q2, per Canalys estimates, as the global market recorded +11.6% YoY growth to $19.0 billion.
This marked a slight deceleration from the +12.5% growth in Q1 to $18.6 billion, and a sharper deceleration from the +15.8% growth rate seen in 2022, as the cybersecurity market topped $71 billion for the year.
Growth in North America remained resilient at +12.6% YoY in Q2, the bellwether of the market considering it accounts for more than half of total spending. Latin America and EMEA growth remained in the double digits, though both decreased approximately 180 to 210 bp sequentially. APAC growth saw the largest slowdown, from +10.7% YoY in Q1 to +8.8% YoY in Q2.
Headwinds Remain in Play in Q3
Budget cuts, consolidation, and optimization are some of the trends at play in the cybersecurity market that are pulling 2023’s growth rates lower. Microsoft CEO Satya Nadella said in January during its fiscal Q2 earnings call that customers were “consolidating on our security stack, in order to reduce risk, complexity and cost.”
CrowdStrike CEO George Kurtz echoed Nadella’s view in the company’s Q1 earnings call in March that customers “want to reduce cost and headcount, reduce the number of point products and agents, reduce complexity and simplify operations.”
Venture capital funding deals and deal value also reflect this challenging environment persisting through Q3. According to Crunchbase, deal count declined just over 15% from Q2 to 153. Although deal value was marginally higher at $1.9 billion compared to ~$1.8 billion in Q2, it was about 30% lower YoY as large late-stage deals faded. VC funding has totaled just $6.4 billion YTD, on track to mark the lowest level of funding for cybersecurity startups since 2019, which totaled $8.8 billion.
Despite such cost and complexity concerns, companies are still committed to protecting data and operations. It’s this point that will drive long-term growth of the industry in the face of these near-term headwinds: there will always be more data to protect.
Fortinet: Q4 Guidance Soft, Billings to Decline YoY
Fortinet declined 12.4% following its Q3 earnings report for three key reasons: Q3 revenues marginally missed estimates, Q4 revenue guide was below consensus, and most importantly, Fortinet is projecting a YoY decline in net billings.
Fortinet reported revenues of $1.33 billion in Q3, which missed expectations by just $20 million. For Q4, Fortinet guided revenues $80 million lower at midpoint than the consensus estimate of $1.49 billion.
Q4 billings were projected to be between $1.56 to $1.70 billion, representing a YoY decline of ~1% to 9%. Management’s transition to SASE and security operations, and challenging network comps, are some of the factors behind the revenue slowdown with Fortinet seeing “modest” revenue growth for the next few quarters.
Fortinet’s billings slowdown and the lowered revenue forecast is a concern as 2023 would mark Fortinet’s slowest billings growth since its IPO in 2009. Growth is estimated at just +10.2% YoY at the $6.165 billion midpoint. It’s also a significant slowdown from the +34% and +35% billings growth seen in 2022 and 2021. Management said the growth slowdown in Q3 stemmed from “1 month shorter contract duration and importantly, lackluster appliance demand.”
A slowdown in product revenue growth is likely a driving factor behind the lowered revenue forecast for 2023. Product revenue is forecast to increase only +9% YoY to $1.935 billion – this is well below 2022’s +42% growth, 2021’s +37% growth, and its +23.7% average growth rate since 2009. CEO Ken Xie said that “the Secure Networking market is experiencing slower growth as product demand returns to normal levels following two years of elevated growth.” He added that “building and product revenue fell below our expectation” due to that slowdown in Secure Networking.
Palo Alto: Billings Weaker than Expected, Underlying Metrics Strong
Palo Alto shares fell 5.4% following its fiscal Q1 earnings report, but have since gained more than +14% to rise to new highs. The initial negative reaction stemmed from a lowered billings forecast as well as hints that revenue growth is slowing below 20%, but other underlying metrics remained strong.
Palo Alto reported +20% YoY revenue growth to $1.88 billion and +16% YoY billings growth to $2.02 billion, which came in below its prior outlook for $2.05 to $2.08 billion in the October quarter. This miss is amplifying concerns that revenue and billings growth is decelerating — revenue growth was at the lowest level since fiscal Q4 2020, while billings growth was at the lowest level in more than four years and marks a second quarter with growth below 20%.
For the full year, Palo Alto lowered its billing forecast to $10.7 to $10.8 billion, from a prior view of $10.9 to $11.0 billion. This correlates to YoY growth of +16% to +17%, roughly in line with the recent quarter’s +16% growth rate. Palo Alto cited volatility in contract duration, increased financing demand, and increased demand for deferred billings plans for the lowered forecast. CFO Dipak Golechha said that the company “saw the rising cost of money have an important and incremental impact on customer behavior in [fiscal] Q1.” Similar to Fortinet, Palo Alto saw minimal growth in product revenue, at just +3% YoY, with the majority of revenue growth driven by service revenue, +25% YoY.
Aside from that, Palo Alto had multiple underlying strengths in the report, especially with its next-gen offerings. Next-Gen Security ARR increased 53% YoY to $3.23 billion, and SASE ARR increased 60% YoY. Palo Alto saw very strong growth in multi-module customers, with 155% YoY growth in those adopting 5+ modules, and 59% YoY growth in those adopting 3+. XSIAM’s pipeline exceeded $1 billion, with more than $500 million of that pipeline added in Q1.
Zscaler: Billings Guide Unchanged, Revenue Growth May Slow
Zscaler maintained its billing guide for the full year, although revenue and EPS both came in ahead of expectations in its fiscal Q1. Large customer growth continued to slow, while fiscal Q2’s guide hinted at a possible deceleration in revenue growth.
Zscaler reported $497 million in revenue, +40% YoY, which handily beat expectations and the company’s guidance for 33% YoY growth to $473 million in revenue. While it did post 131% YoY growth in adjusted EPS to $0.67 and a surge in free cash flow, Zscaler remains unprofitable on a GAAP basis.
GAAP operating loss improved 33% YoY to ($46 million), while GAAP operating margin improved 10 percentage points to (9%). At its scale of more than $2 billion in annual revenue, it’s likely the market will want Zscaler to soon shift to operating profitability, which could be tough at the moment given that sales, marketing and R&D accounted for ~98.8% of gross profit in Q1. SBC also remained high at $129.1 million, or ~26% of revenue.
Billings growth remained strong, at +34% YoY to $456.6 million. However, Zscaler did not raise its full-year billings outlook as it tends to do, even if only by a few million; its outlook remained unchanged at 24% to 26% YoY growth, or $2.52 to $2.56 billion. That outlook suggests that billings growth will decelerate through the remainder of the fiscal year.
Fiscal Q2’s revenue guide also hinted at some early signs of revenue deceleration, with the $506 million guide pointing to YoY growth of approximately 30.5%. Fiscal 2024’s guide calls for 29.5% YoY growth at midpoint to $2.095 billion, again indicating that revenue growth in fiscal Q3 and Q4 is likely to slow to the mid to high-20% range.
Growth in large customers of over $1M in ARR has slowed significantly by 21 points over the past year, from 55% growth down to 34%. Growth in $100K+ ARR customers has also slowed from 37% to 22%.
CrowdStrike: Net New ARR Rises to Record, But Billings Decelerate
CrowdStrike beat on the top and bottom lines and guided fiscal Q4 marginally above consensus. The report in itself was fairly strong, as net new ARR rose to a record and CrowdStrike recorded its first-ever quarter with positive operating income. However, ARR growth and billings growth both decelerated, similar to peers who are also seeing decelerating billings. Management added that “buyers are still cautious” as the “macroenvironment remains challenging with continued increased budget scrutiny.”
Net new ARR rebounded to a record $223.1 million, +12.6% YoY, a strong recovery from Q1 and setting the stage for another possible record to close out FY24. With this rebound in net new ARR, CrowdStrike’s ARR topped $3 billion for the first time, reaching $3.15 billion in fiscal Q3. CrowdStrike emphasized that it is the “fastest and only pure play cybersecurity software vendor in history” to surpass the $3 billion ARR milestone.
However, ARR growth is still decelerating, as is billings growth. ARR growth in fiscal Q3 was 34.6% YoY, a slight deceleration from Q2’s 36.9% YoY growth rate and a sharper deceleration from the 55% YoY growth rate from fiscal Q3 last year. What’s important is that CrowdStrike soon shows ARR bottoming and stabilizing, instead of decelerating further into the +20% range or even the high teens.
Billings also decelerated, matching what we’ve seen so far with CrowdStrike’s peers. Billings were calculated to have fallen 2% QoQ and +9% YoY to $821.5M for Q3, a significant slowdown from the 13% QoQ and 22% YoY growth rate recorded in the prior quarter.
CrowdStrike also recorded its first quarter to generate operating income, albeit at a razor-thin 0.4% operating margin. However, this shift to a positive margin benefited the bottom-line, allowing net margin to expand ~225 bp QoQ to ~3.4%. This marked CrowdStrike’s third straight quarter of GAAP profitability, with sequential growth in each of the three quarters. We had previously mentioned that while CrowdStrike had begun to post GAAP profitability, it was preferable that the company be GAAP profitable from operations rather than interest income – now, the next task is for CrowdStrike to show further growth in operating income.
Conclusion
Aside from Fortinet, the remaining cybersecurity stocks covered here have all rallied to new highs following earnings, despite each report having some weaknesses. Cybersecurity stocks are investor favorites due to an ever-growing need for cybersecurity solutions among enterprises and high cash flow generation metrics – all of the four reported free cash flow margins higher than 30%. Billings growth remains an important metric to track, given the decelerations seen this quarter and hints at more deceleration ahead. Yet, these key metrics are providing clues as to which companies will be strongest moving into 2024.
Damien Robbins, Equity Analyst at the Tech Insider Network, contributed to this article.