A pair of ransomware scares didn’t lead to much business for at least one major security-software company, and competitors felt the sting from investors Friday.
CyberArk Software Ltd. CYBR, -0.66% plunged as much as 19% in Friday trading after the Israeli cybersecurity firm said Thursday afternoon that continued weakness in Europe, the Middle East and Africa resulted in weaker-than-expected quarterly earnings.
Other security-focused companies like Symantec Corp. SYMC, +1.46% , Palo Alto Networks Inc. PANW, -0.22% , FireEye Inc. FEYE, +0.06% , Rapid 7 Inc. RPD, +0.00% and Sophos Group PLC SOPH, +2.96% struggled Friday, sending the PureFunds ISE Cyber Security ETF HACK, +0.20% down more than 1%.
Most of those stocks got a boost last quarter after the “WannaCry” and “NotPetya” ransomware attacks, which reportedly used vulnerabilities first detected by the U.S. National Security Agency and released by hackers to attack businesses. The attacks, which were mostly successful in Europe and Asia, were expected to lead to plenty of consulting work and upgrades as businesses looked to protect their networks.
Stifel analysts said that the actual result may have been the opposite, with a delay in major security purchases as businesses paused to ensure that they had a solid security plan before moving forward.
“The widely publicized WannaCry and NotPetya ransomware attacks, which primarily affected European organizations, could have disrupted sales cycles, as European organizations revisited the robustness of their security posture in an attempt to identify layers that needed to be added to their stack, delaying planned security investments until it is concluded that said investment strengthens its security posture,” the analysts wrote Friday morning.
Stifel maintained a buy rating for CyberArk, but dropped its price target to $55 from $62 and brought down estimates for 2017 and 2018. J.P. Morgan analysts went a step further and downgraded CyberArk to neutral while dropping the price target to $45 from $63.
Deutsche Bank analysts also downgraded CyberArk, giving it a hold rating and dropping the price target to $45 from $60, while saying that the results confirm a lack of big gains for security companies.
“Our recent checks still point to a more measured overall security spending growth backdrop compared to a year ago, with no clear re-acceleration under way, but with increased interest in cloud-centric and/or subscription-based solutions,” the analysts wrote.
Other early checks on the security market’s quarterly results don’t show large gains. Barracuda Networks Inc. CUDA, +1.94% , which sells networking software with a security focus, fell after reporting earnings earlier this week. CyberArk was joined in sending a warning about quarterly earnings on Thursday by A10 Networks Inc. ATEN, +1.30% , which sells network-control software including some security services.
A10, which made about 15% of its revenues from security in 2016, according to KeyBanc Capital Markets analysts, said profit and revenue for the second quarter will be much lower than expected. Companies with similar offerings like F5 Networks Inc. FFIV, +2.21% and Fortinet Inc. FTNT, +0.27% struggled in Friday trading.
KeyBanc analysts downgraded A10 to sector weight, DA Davidson analysts dropped a price target on the stock to $9 from $10, and J.P. Morgan analysts decreased the price target to $9 from $10.50.
“We continue to believe that A10 will gain share in the broader ADC and security markets driven by its better price/performance vs. competitors though this miss gives us some pause on the outlook for the rest of 2017,” J.P. Morgan analysts wrote.
Friday’s security losses stood in contrast to gains for the overall market and tech stocks, with the S&P 500 index SPX, -0.01% , Dow Jones Industrial Average DJIA, -0.04% and tech-heavy Nasdag Composite Index COMP, +0.03% increasing. The Technology Select Sector SPDR XLK, +0.02% was up nearly 0.9% in afternoon trading.