The cybersecurity industry attracted approximately $168 billion in spending from businesses in 2022. But according to a report by McKinsey & Company, that's nowhere near enough to protect against the growing threat landscape created by the widespread adoption of digital cloud-based operations.
To put it in perspective, the firm estimates the damage caused by cyberattacks will reach $10.5 trillion in 2025, increasing 300% from 2015 levels -- corporate spending on protection sure seems tiny by comparison.
Image source: Getty Images.
A strong opportunity for cybersecurity providers
McKinsey thinks companies should be spending up to $2 trillion collectively on cybersecurity products and services right now, more than tenfold what they're actually spending. That means there's a value gap of about $1.8 trillion, and while there's no guarantee it will be filled, there are signs the corporate sector is growing more conscious of its need for these services.
In a 2022 survey by Morgan Stanley, leading corporate chief information officers said cybersecurity was the last expense they planned to cut, even if an economic recession occurs.
Governments, investors, and customers are increasingly holding companies to a higher standard when it comes to protecting their information. Data breaches and ransomware attacks are constantly making the news, which has put executives on notice; the consequences are no longer simply financial, as it can be difficult to recover from the reputational hit, too.
According to the McKinsey report, companies in highly regulated industries (like banking) are flocking to public cloud platforms four times faster than companies in more lightly regulated industries. In other words, they rely more on security conscious cloud giants like Amazon Web Services and Microsoft Azure to manage their critical data and infrastructure.
That's a good sign, but it's not enough. The gap between what companies are actually spending and what they should be spending will have to close (at least partially) over time. Here are two top cybersecurity providers that could benefit the most if that happens.
1. CrowdStrike
There's a growing need for full-stack cybersecurity solutions. Technology is transforming how we do business, particularly how we work, with remote employment more common than ever. Companies need end-to-end protection, from networks right down to the endpoint devices used by employees. CrowdStrike (CRWD 2.20%) is that solution for 23,019 customers, and it's one of the fastest-growing providers in the industry.
According to the company, 90% of successful cyberattacks and 70% of successful data breaches originate at the endpoint -- whether through an employee's emails, messaging platforms, phone calls, identity credentials, or even online purchases. It's no surprise, then, that CrowdStrike is focused intently on that cybersecurity segment, and it's a recognized leader by the International Data Corporation and Gartner (NYSE: IT).
Artificial intelligence (AI) is the secret sauce behind CrowdStrike's success. Its models are fed 2 trillion events per day, leading to rapid improvement that scales as the company acquires more customers (more users equal more data). AI is the key to automated security, faster response times, and proactive threat hunting, which seeks out attackers before they find an opportunity to breach.
The average corporate employee is neither a cyber expert nor has time to actively manage endpoint threats, so cybersecurity software must do the heavy lifting.
CrowdStrike's growth has been mind-boggling. It generated $119 million in revenue in fiscal 2018, and by fiscal 2023, that number had grown 20-fold to over $2.2 billion. That's a compound annual growth rate of 80% over the five-year period.
Large, complex organizations are flocking to the company for protection. It now has 3,553 customers spending between $100,000 and $1 million per year, up from just 262 customers five years ago, highlighting the rapidly growing need for advanced security tools.
And there's more good news for investors. Amid the broader sell-off in the technology sector, CrowdStrike stock is down 55% from its all-time high. Given the company's leadership position and its growth, this could be a great opportunity to buy in at a discount for the long term.
2. Tenable
Tenable (TENB -1.35%) often flies under the radar in the investment world; the company is valued at just $5 billion (compared to CrowdStrike's $30 billion). But it has a leadership position in the cybersecurity industry's vulnerability management and threat detection segments.
Tenable protects over 40,000 organizations globally, and its flagship Nessus platform is ranked No. 1 in accuracy, adoption, and coverage. It protects against over 75,000 common vulnerabilities and exposures (CVEs) -- topping all its competitors -- and it does so with the industry's lowest rate of false positives.
But while Nessus is a broad vulnerability management tool, Tenable also offers a portfolio of industry specific solutions, whether a customer is in automotive manufacturing, financial services, logistics, or even the government. See, as more day-to-day operations are shifted online, companies find themselves with a growing attack surface and threats they've never faced before.
Advanced vulnerability management pays for itself -- a car manufacturer, for example, can lose $22,000 for every minute of unplanned downtime, and 82% of them have reported four hours or more of unplanned downtime over a 12-month period.
It's little wonder Tenable is experiencing strong growth in its top-spending customer cohort. At the end of 2022, it had 1,420 customers spending at least $100,000 annually, up 30% compared to 2021.
Tenable generated $683.2 million in revenue during 2022, exceeding the midpoint of its initial guidance of $666 million. Considering the broader economy was deteriorating last year, with many tech companies laying off workers and slashing their forecasts, Tenable's ability to surpass its guidance speaks volumes of the demand for advanced cybersecurity tools. If the $1.8 trillion gap in the industry does close, this company could be set for a juicy windfall.
