Networking giant Cisco (CSCO +0.71%) is best known as one of the world's top manufacturers of routers and switches. Since both are slow-growth businesses in commoditized markets, Cisco is generally considered a "mature" tech stock with limited growth potential.
However, some investors overlook the fact that Cisco's fastest-growing business is actually cybersecurity. Let's discuss how big Cisco's cybersecurity business is, and why it represents a major threat to its smaller industry rivals.
Image source: Cisco.
How big is Cisco's cybersecurity business?
Cisco's cybersecurity revenue rose 13% annually, to $1.97 billion in fiscal 2016. Its revenue rose 12%, to $1.6 billion the first nine months of 2017, and it should easily cross the $2 billion mark when it reports its year-end earnings after the close on Aug. 16.
Two-billion dollars represents just 4% of Cisco's projected revenues of $48 billion for 2017, but its double-digit growth crushes the low single-digit gains or dips that the routing and switching businesses typically report.
How does that compare to other cybersecurity companies?
Two-billion dollars is also a massive figure compared to other comparable players in the cybersecurity sector. Next-gen firewall vendor Palo Alto Networks (PANW +1.00%) is expected to generate just $1.7 billion in revenues this year. Its rival Check Point Software (CHKP +0.80%) is expected to generate about $1.9 billion in revenue.
Meanwhile, Wall Street expects threat-detection company FireEye (FEYE +0.00%) to generate about $740 million in sales this year. CyberArk (CYBR +0.00%), the market leader in privileged account-management solutions, is expected to generate just $255 million in sales.
Cisco's cybersecurity business generates more revenue than all those companies, but it's still smaller than Symantec (SYMC 1.61%) -- the 800-pound gorilla in the cybersecurity market, which is expected to generate $5.2 billion in revenues this year.
How did Cisco grow its cybersecurity business?
Cisco mainly grew its cybersecurity business through acquisitions. It bought Cognitive Security, Sourcefire, and ThreatGRID to beef up its firewalls and threat-detection systems. Acquiring companies like CloudLock, Lancope, Portcullis, and OpenDNS further enhanced its security capabilities in both on-premise and cloud-based networks.
Image source: Getty Images.
Since 2000, Cisco acquired about two dozen security-related companies. That streak won't likely end anytime soon, since Cisco generated $12.7 billion in free cash flow over the past 12 months. Moreover, 96% of its $68 billion in cash and equivalents remains overseas, and lower corporate tax rates would enable it to repatriate that cash for domestic acquisitions.
Why stand-alone cybersecurity companies should be worried
Cisco has a long history of crushing competitors by bundling its routers, switches, and software together in cost-competitive packages for big enterprise customers. Cisco already offers a wide range of next-gen firewalls to compete against Palo Alto and CheckPoint, and its suite of threat-detection solutions targets FireEye's similar services.
These smaller competitors have dedicated customer bases, but Cisco's ability to bundle security services with other hardware products or software services (like collaboration solutions) could steal away bigger customers.
Therefore, it isn't surprising that Palo Alto, FireEye, and other high-growth security companies have recently posted decelerating sales growth. There's also the belief that Cisco will eventually gobble up smaller "best in breed" players, like FireEye, to inherit their customers.
The key takeaways
The growth of Cisco's cybersecurity business won't offset the sluggish sales of its routers and switches anytime soon. Nor will it address the looming challenges of generic "white box" hardware and open-source software.
Nonetheless, investors should know that Cisco is one of the biggest cybersecurity companies in the world. That position perfectly complements its position as a top networking hardware and software maker, and represents a major threat to stand-alone security players like Palo Alto and FireEye.
