Back in January, Israeli financial newspaper TheMarker claimed that firewall and security software vendor Check Point Software (NASDAQ:CHKP) was in "initial talks" to buy privileged accounts protector CyberArk Software (NASDAQ:CYBR).
At the time, JPMorgan analyst Sterling Auty claimed that combining both companies made sense since they had complementary technologies and were both based in Israel, and Check Point's wider distribution channels could boost CyberArk's sales to a "new level of scale." CheckPoint finished last quarter with $3.7 billion in cash and equivalents, which would easily cover CyberArk's enterprise value of $1.1 billion even after factoring in a hefty acquisition premium.
But Oppenheimer analyst Shaul Eyal claimed that the buyout had a "low probability" of happening, since Check Point generally buys much smaller companies and CyberArk would be its biggest acquisition ever. CyberArk CEO Udi Mokady then told Reuters that the company was interested in growing "independently", which doused hopes of a quick takeover. Nonetheless, Check Point investors should understand the benefits that a potential buyout might offer.
Boosting sales and earnings growth
Check Point's sales have risen 8% to 9% annually over the past few quarters, while CyberArk has been posting over 40% sales growth. Analysts expect Check Point's sales to rise 7% to $1.75 billion this year, and improve another 7% to $1.87 billion next year. CyberArk's sales are expected to grow 31% to $211 million this year, and another 22% to $258 million next year. If Check Point buys CyberArk today, its annual revenue this year would rise 12%. Sales for fiscal 2017 would also be 14% higher than Check Point's own estimated revenue.
Unlike many other cybersecurity companies, CyberArk is profitable by both non-GAAP and GAAP measures. CyberArk is expected to post 22% annual earnings growth over the next five years, while Check Point's earnings are expected to improve just 11%.
CyberArk expects to generate up to $33 million in non-GAAP net income for 2016, which would add an average of $8 million per quarter to Check Point's bottom line. That would be equivalent to about 4% of its non-GAAP earnings from the first quarter of 2016. That boost could be much higher after redundancies between the two companies are eliminated and Check Point invests more heavily in expanding CyberArk's business.
CyberArk controls a valuable niche market
Check Point's flagship firewall product faces many challengers in the perimeter security market, including next-gen firewall player Palo Alto Networks and networking giant Cisco. Check Point is still the market leader in firewalls and controls over 20% of the market, but that's down from about 40% two decades ago.
Check Point has done a sound job of adding more security services to its firewall to retain customers and boost sales, but it would make sense to widen its moat by buying smaller cybersecurity players that dominate specific niche markets that larger companies can't touch. CyberArk is one such company, because it dominates the privileged account management (PAM) market, which prevents hackers and disgruntled employees from stealing data through high-level internal accounts.
40% of the Fortune 100 companies and 17 of the 20 biggest banks in the world currently use CyberArk's PAM solutions, and research firm IDC calls it the "big gorilla" of the PAM market. While the overall PAM market is much smaller than the firewall and threat prevention market, it's one with fewer competitors.
CyberArk also previously stated that its growth is ultimately limited by its ability to hire new sales and marketing representatives. Check Point's deeper pockets could shatter that bottleneck and enable CyberArk's PAM solutions to reach a much wider range of customers.
It makes more sense than treading water
Check Point stock has stayed nearly flat over the past 12 months due to its tepid sales growth and concerns that slower enterprise spending would throttle cybersecurity demand. Yet the company has repurchased more shares over the past 12 months than it ever has before.
I believe the $888 million it spent on buybacks over that period (equivalent to over 90% of its free cash flow) could arguably have been better spent on strategic acquisitions like CyberArk.
I also don't think that the current lull in cybersecurity stocks will last much longer, due to the rise of increasingly sophisticated hacks and data breaches. Weaker companies with unjustified valuations and narrow moats could get flushed out, but stronger names like CyberArk -- which has fallen more than 30% over the past 12 months -- could be smart buyout targets at current prices.