After getting propelled to the stratosphere in 2015 as businesses dialed up their security tech spending in response to a slew of major hacking incidents, cybersecurity stocks have lost some of their luster this year. For investors who can stomach a potentially weak set of third-quarter earnings reports, that could spell an opportunity.
Security tech stocks fell today after Fortinet (FTNT) , a top provider of unified threat management firewalls, warned it expects third-quarter revenue of $319 million to $324 million and billings of $343 million to $348 million, well below prior guidance of $311 million to $316 million and $372 million to $376 million. At its midpoint, the revised billings guidance represents 15% annual growth, a marked slowdown from the second quarter's 26%.
Fortinet closed down 10.1% on Wednesday to $30.66, a level last seen in June. Security peers CyberArk, Imperva (IMPV) , Rapid7 (RPD) , Proofpoint (PFPT) , Qualys (QLYS) and FireEye (FEYE) posted declines ranging from 1.3% to 3.7% on a quiet day for markets. The PureFunds ISE Cyber Security ETF (HACK) fell 0.9%.
Like many enterprise tech companies that have previously warned, Fortinet partly blamed sales execution issues, while adding they involved North American sales and stemmed from "the newness of our sales organization." It also blamed macro pressures in the U.K. and Latin American, and (notably) "the lengthening of deal cycles as enterprises are becoming more strategic with their purchasing decisions and buying with less urgency than last year."
The warning comes after Palo Alto Networks (PANW) , another company that has been growing rapidly and taking firewall share, issued light guidance in August. In July, firewall incumbent Check Point (CHKP) provided soft third-quarter guidance, and peer Juniper Networks (JNPR) , which has been losing share for some time, reported its security revenue fell 27% annually.
While cybersecurity is still one of the stronger parts of the corporate IT spending landscape, businesses clearly aren't in "panic mode" anymore over the need to upgrade their defenses. It also doesn't help that Cisco Systems (CSCO) appears to be pricing its security appliances aggressively, as the networking giant makes growing its security sales -- both organically and via acquisitions -- a priority under CEO Chuck Robbins.
Nonetheless, this is still a growth market. Numerous CIO surveys name security as a top IT spending priority, and research firm Gartner forecast in August global spending on IT security products and services will rise 7.9% this year to $81.6 billion. Upstarts such as Fortinet, Palo Alto, CyberArk, Proofpoint, Qualys and Rapid7 have been growing much faster than that, thanks in part to share gains against incumbents such as Juniper, Symantec (SYMC) and Intel Security (formerly McAfee).
Writing about Fortinet's warning, Jim Cramer observed Palo Alto and Proofpoint had told him "business was very strong and they saw big tailwinds for their cybersecurity wares." At the same time, he cautioned investors might not distinguish between stronger and weaker names in the near-term.
The group could certainly remain volatile in the coming weeks, as third-quarter reports come out and other security tech firms potentially report seeing some of the demand headwinds Fortinet reports witnessing. But with valuations for many names looking more reasonable than they did for much of 2015 and 2016, there could be some opportunities to go bargain-hunting.
Fortinet, for example, might be trading for just 3 times its 2017 billings, depending on one's projections. Palo Alto, still expected by analyst to deliver roughly 30% sales growth in fiscal 2017 (ends in July 2017), could be trading for less than 5 times next year's billings.
FireEye, which reportedly explored a sale earlier this year and has been the subject of much M&A speculation, trades for just 2.6 times the midpoint of its 2016 billings guidance range. Admittedly, the company has been struggling to deal with sales issues and tough competition from Cisco and Palo Alto. But it still possesses valuable technology and services assets in areas such as malware-detection, endpoint protection, threat intelligence and forensics... assets that could appeal to a larger enterprise tech player.
Various other names also now have moderate forward sales and/or more billings multiples. The euphoria surrounding cybersecurity names has clearly died down, perhaps to the point where investing in some of the companies in the space amounts to a contrarian play.