Shares of cybersecurity software stocks CrowdStrike (CRWD -1.90%), Palo Alto Networks (PANW -1.31%), and Fortinet (FTNT -0.85%) were falling today, down 2.1%, 1.1%, and 1.3% as of 1:49 p.m. ET, even though the broader Nasdaq Composite was up by about 1.5% at that time. Furthermore, each of these stocks were down much more than that at the beginning of the day before recovering.
What caused the weakness in the cybersecurity segment specifically? Likely, it had to do with another cybersecurity peer giving cautious guidance on Tuesday night, casting a pall over the sector on Wednesday.
There wasn’t much company-specific news to cause these stocks to fall. Yesterday, Palo Alto announced the closing of its acquisition of Cider Security, a leader in software application protection. However, that was announced yesterday, and today’s across-the-board declines likely points to something macroeconomic or industry-specific today.
On Tuesday night, cybersecurity peer BlackBerry had its fiscal third-quarter earnings report, in which management noted some caution in closing large cybersecurity deals in the near term, as sales cycles have become “elongated,” which is a fancy term for customers being slower to sign off on purchases.
Although cybersecurity is a long-term growth industry and mission-critical for many businesses, it appears fears over a recession next year is causing enterprises large and small to more closely examine every dollar spent. That likely means more approvals and negotiations with vendors, even for important software products such as cybersecurity.
Of course, last night’s BlackBerry commentary shouldn’t be shocking news. Even CrowdStrike, which is among the highest-growth companies in the space with the most in-demand cloud products, noted a slowdown in the sales cycle on its conference call back in late November. CEO George Kurtz said on its earnings call:
… Organizations were starting to respond to macroeconomic conditions by adding extra layers of required approvals and extending the time it took to close some deals. As Q3 progressed and fears of a recession grew, this dynamic became more pronounced… In our smaller, more transactional nonenterprise accounts, we saw customers increasingly delay purchasing decisions… While sales cycles lengthen, we believe the vast majority of these deals are not lost, just delayed… In Q3, these larger customers continue to prioritize their CrowdStrike investments, but some also had to manage timing issues related to opex budgets and cash flow amid the rapidly evolving macro.
So while these three stocks are currently growing revenue like gangbusters, with CrowdStrike growing 52.9%, Palo Alto growing 25.3%, and Fortinet growing 32.6% last quarter, investors may now be pricing in some deceleration ahead.
That can make a big difference in stock prices, since cybersecurity software stocks tend to trade at high valuations. Despite material declines in their stock prices year to date, CrowdStrike, Palo Alto, and Fortinet still trade at 12.8., 7.8, and 10 times sales, respectively. Given that none of these companies make GAAP profits yet, except for a small profit at Fortinet, which still trades at 55 times earnings, these companies still need to demonstrate much more growth over the long term to justify their stock prices.
While cybersecurity stock valuations have been hurt by rising interest rates this year, many thought their growth would be relatively resilient compared with other types of products and software, given the proliferation of cybersecurity threats in recent years.
However, the recent commentary from these industry leaders, and then BlackBerry last night, appears to show that even cybersecurity software isn’t immune from macroeconomic pressures and fears over a recession. So while rising long-term Treasury bond yields took down these companies’ valuations earlier this year, with the most expensive CrowdStrike falling the most despite its leading growth figures, now fears of a slowdown are materializing on top of the higher-rate environment.
Cybersecurity software has long been known as one of the better growth sectors to be in, and that should remain the case. However, in the age of very low interest rates, these stocks shot up to very high valuations. Now that interest rates have risen and growth is slowing, these stocks are falling back to Earth.
The question is, have they fallen enough to buy? That’s a very difficult question to answer. Any stock is worth the present value of all future cash flows, discounted back to the present. For these stocks, it’s still unclear exactly how profitable they will eventually become, and for Palo Alto and CrowdStrike, the time frame at which they will be profitable on a GAAP basis.
While both CrowdStrike and Palo Alto are reporting high free cash flow today, it’s a bit misleading, since these companies pay out so much in stock-based compensation that they are still unprofitable on a GAAP basis. Even though these companies are fans of reporting numbers “adjusted” for stock-based comp, share-based compensation is a real cost to shareholders.
In determining whether these high-quality cybersecurity names are cheap enough to buy, investors may wish to construct a discounted cash flow model to check assumptions on growth, profitability, and interest rates. Also, make sure to count stock-based comp as a real cost in your analysis, as investors, like companies, are scrutinizing every expense and detail in valuing companies today.