What happened
Tic-tac-toe, three in a row -- shares of cybersecurity specialists Palantir Technologies (PLTR -0.23%), CrowdStrike (CRWD -0.68%), and Cloudflare (NET -0.23%) surged in Tuesday trading, rising by 4.8%, 6.1%, and 9%, respectively, as of 1:30 p.m. EDT.
You can probably thank President Biden for some of those gains -- and a group of hackers for the rest.
Image source: Getty Images.
So what
In a statement from the White House Monday afternoon, President Joe Biden reminded Americans that he has "previously warned about the potential that Russia could conduct malicious cyber activity against the United States," and reiterated that warning, citing "evolving intelligence that the Russian Government is exploring options for potential cyberattacks."
Biden promised "to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure," but pointed out that "most of America's critical infrastructure is owned and operated by the private sector." For this reason, he called upon "critical infrastructure owners and operators [to] accelerate efforts to lock their digital doors" and "harden your cyber defenses immediately."
That certainly seems like something that would cause investors to tune into cybersecurity stocks.
And as if to emphasize the point, within hours of this announcement, cybersecurity company Okta (OKTA -0.65%) reported that it had been hacked by the Lapsus ransomware group. (Albeit, it seems that hack actually began back in January, and as noted in a Wired article published Tuesday, the Lapsus group appears most likely to be based in South America.)
Now what
Between President Biden's warning and the news of the cyberattack on Okta, investors are bidding up shares of Palantir, CrowdStrike, and Cloudflare -- and I think that's a perfectly understandable reaction. That being said, I do not agree that all cybersecurity stocks are created equal -- or that these three stocks are equally good bets. Indeed, I kind of suspect that none of them may be good bets.
Consider: Currently, none of Palantir, CrowdStrike, or Cloudflare are profitable by generally accepted accounting principles (GAAP), and Cloudflare isn't even generating positive free cash flow (FCF). Palantir and CrowdStrike do generate substantial free cash flows -- $321 million and $462 million, respectively, over the past 12 months. But even so, their market caps are so high that I fear even positive FCF doesn't make either of them a good investment.
Of the three, CrowdStrike sports the highest market capitalization -- $50 billion, which works out to a valuation of 108 times free cash flow. Palantir stock is only slightly more palatable with a $26.8 billion market cap and a valuation of 83.5 times FCF. Cloudflare, with a $37 billion market cap -- but with no profits or free cash flow to undergird that valuation -- seems to me the riskiest stock of the three.
On balance, I have to conclude that all three of these cybersecurity stocks cost too much to justify an investment at this point, no matter what the headlines say today.
