Ransomware attacks, which lock up systems and force victims to pay ransoms to save their data, have skyrocketed over the past decade. The rise of cryptocurrencies, which enable hackers to anonymously accept payments, is often linked to aggressive attacks.
The number of global ransomware attacks rose more than 150% last year, according to the cybersecurity firm Group-IB, as remote work and online learning during the pandemic presented new opportunities for hackers.
Some of these attacks were so damaging that they sparked layoffs and permanently shut down entire companies. Earlier this year, a ransomware attack temporarily shut down the Colonial Pipeline and sparked panicked gasoline purchases across America.
Faced with these challenges, the Biden administration signed an executive order in May to bolster the country's cybersecurity standards, and intends to spend billions of dollars to achieve those goals. Let's take a look at three companies that will benefit from the escalating war on ransomware and other cybersecurity threats.
Most cybersecurity companies install on-site appliances to block cyberattacks. This approach is capital intensive, difficult to scale as a company expands, and requires constant maintenance. CrowdStrike Holdings (CRWD -2.95%), which was founded 10 years ago, eschews that approach and only offers cloud-native services, which are easier to scale and lock in users with sticky subscriptions.
CrowdStrike's main cloud-based platform, Falcon, provides a suite of endpoint security, threat detection, and cyberattack response services for large organizations. It already serves nearly half of the Fortune 100, including major banks, healthcare organizations, and energy companies.
CrowdStrike uses a "land and expand" strategy, which locks users into one module to cross-sell additional modules. At the end of fiscal 2021, which ended this January, 47% of CrowdStrike's subscribers had adopted five or more of its modules, up from 33% a year ago. It ended the year with a net retention rate of 125%, which means its existing customers spent 25% more money on its services.
CrowdStrike's revenue rose 82% to $874 million for the full year, and it expects 50% to 51% growth this year. It posted an adjusted net profit of $63 million in 2021, and it expects that figure to rise in the range of 2% to 14% this year.
Those growth rates are impressive, but the stock is undeniably expensive at about 360 times forward earnings and nearly 40 times this year's sales. However, CrowdStrike's disruptive cloud-first approach to cybersecurity and its impressive growth rates could justify that premium valuation.
Palo Alto Networks
Palo Alto provides three main security platforms: Strata, which is built atop its next-gen firewall appliances; Cortex, an artificial-intelligence-powered threat detection platform; and Prisma, its suite of cloud-based security services.
Over the past two years, Palo Alto spent nearly $3 billion on acquisitions to strengthen Cortex and Prisma -- which it calls its NGS (next-gen security) services -- in the face of tougher competition and evolving threats.
Last quarter, 70% of its Global 2000 customers had purchased products from more than one of its three main platforms, up from 58% a year ago; 41% percent of those Global 2000 customers now use all three of its platforms.
For fiscal 2021, which ends in July, Palo Alto expects its revenue to rise 23% to 24%, and for its adjusted earnings to increase 22% to 23%. Next year, analysts expect its revenue and earnings to grow 24% and 19%, respectively. Palo Alto's top-line growth might not be as impressive as CrowdStrike's, but the stock looks much cheaper at about 50 times forward earnings and eight times this year's sales.
Conservative investors who think Palo Alto is still too pricey should buy shares of Cisco Systems (CSCO 0.06%), which provides end-to-end cybersecurity services with its core networking hardware products.
Cisco's security business only generated 7% of its revenue in the first nine months of fiscal 2021, which ends this July. But it's still growing much faster than its Infrastructure Platforms (networking hardware) and Applications businesses, which both struggled throughout the pandemic.
On a stand-alone basis, Cisco's security business also generates more annual revenue than CrowdStrike and other smaller cybersecurity firms. Like Palo Alto, it provides a mix of on-site appliances and cloud services, and constantly expands its ecosystem with acquisitions. But Cisco also bundles its cybersecurity software within its market-leading networking hardware and software, which locks in customers and widens its moat.
Cisco still generates most of its revenue from networking switches and routers, and those businesses are slowly recovering from the pandemic's impact on enterprise spending. Analysts expect its revenue to rise about 1% this year, and for its earnings to stay flat.
But next year, they expect Cisco's revenue and earnings to grow 5% and 6%, respectively, as the pandemic passes and companies resume their network upgrades. Its stock trades at just 16 times forward earnings and pays a forward yield of 2.8%, which makes it a much more value-oriented play than CrowdStrike or Palo Alto.