Cybersecurity Software Company Valuations – June 30, 2021 Update

In a rapidly digitalized global economy (further accelerated by the coronavirus pandemic), cybersecurity has continued to be a primary concern among companies of every size. This is not surprising given the media attention on high-profile data breaches and the vast number of people impacted by these attacks. A secure transaction environment has become a minimum requirement in for consumers and businesses alike. Companies have recently become even more vulnerable to security breaches due to the number of people now working from home. We will examine some of the trends currently impacting the valuations of publicly-traded cybersecurity software companies.

This article updates our December 31, 2020 analysis.

Important notes: This analysis examines potential driving factors for cybersecurity software company valuations from a financial statement perspective. An actual business valuation requires an in-depth analysis of the business operations and associated risk factors that are not always evident from the data on financial statements. Also, to keep the length manageable, this article will focus on what the author interpreted as the primary value drivers. It will not touch on every observation in the data. For a quick read on the basic concepts of risk and return and how they apply in the context of this article, please visit: What is Value? and Risk and Return in the Market Approach.

The industry constituents for this analysis are listed below. The effective date of this analysis is June 30, 2021.

List of industry constituents analyzed in this article

Figure 1 summarizes median enterprise value (“TEV”) and median revenues of the publicly-traded cybersecurity software companies. The historical trend of earnings before interest, taxes, depreciation, and amortization (“EBITDA”) is excluded due to a lack of profitability within the industry. The latest fiscal year is notated “LFY” (2020), while the latest 12 months is labeled “LTM” (latest available information as of June 30, 2021).

Historical trend of enterprise values and revenue

Figure 1 illustrates a significant rise in the valuations of publicly-traded cybersecurity software companies. Increases in enterprise value appeared to coincide with improvements in revenue. In the LTM, revenue growth and enterprise values flattened.

The increase in valuations over the last 5 fiscal years and the LTM are not surprising given the increased focus on cybersecurity among companies of all sizes. After all, security is now an expectation in business-to-consumer and business-to-business transactions. Raj Samani, chief scientist at McAfee, notes that cybersecurity should play a significant role in companies’ efforts at building customer confidence and an improved customer experience. Raj’s article highlights a continued (and growing) need for cybersecurity solutions.

Note that McAfee is excluded from this analysis due to its significant consumer focus – this article focuses on companies providing primarily enterprise-level cybersecurity software.

Many of the companies in the industry operate under a Software-as-a-Service (“SaaS”) business model. To provide some brief background, SaaS companies make significant upfront investments in developing their products or services and creating market awareness. Companies frequently incur these costs before the company generates any revenue.

SaaS companies are unique (relative to more traditional business models). Customers subscribe to services and, ideally, will continue to renew their contracts year after year. As new customers are acquired over time and added to the existing subscriber base, revenue growth can start to “snowball.” In addition, the recurring income tends to lend some predictability to (successful) companies in the SaaS space.

When analyzing SaaS companies, another important consideration is the relationship between revenue and expenses. The cost structure of a SaaS company tends to be comprised primarily of fixed expenses, which provides an opportunity for high levels of profitability for companies that can scale up.

SaaS companies tend to trade on revenue metrics due to the expectation of significant growth. Through this growth, the hope is that substantial future returns can be generated in the form of cash flow. Formal business valuations will usually consider a vital revenue metric: annualized run-rate. This figure is a forward-looking measurement of the current revenue-generating potential of a business based on currently subscribed customers. This analysis will be limited to the revenue reported in financial statements under Generally Accepted Accounting Principles (“GAAP”).

Valuation Multiples

Figure 2 presents the historical trend of revenue multiples for the industry.

Historical trend of median revenue multiples

Based on the trends observed in Figure 2, the median valuation multiple decreased in the LTM. The disconnect between the LTM trend noted in Figure 1 and the decline in the median multiple in Figure 2 indicate that are variations in the data. Medians can only tell us so much about the industry. Let’s dive into what seems to be impacting valuations.

The Growth Story

Growth often has a strong influence on how companies are valued. A summary of the consensus forecasts for each group is presented in Figure 3 below (note that “NFY” means next fiscal year; NFY = calendar 2021 for most companies).

Comparison of current year and prior year revenue trends

In Figure 3, the orange line represents data as of June 30, 2020 – during some of the worst months of the pandemic. At the time, projections for the industry suggested a slow-down in revenue growth in 2020. Expectations for 2021 and 2022 indicated a robust post-pandemic recovery.

The blue line in Figure 3 represents information as of June 30, 2021. Ultimately, revenue growth slowed slightly as expected. Analysts continue to anticipate strong growth for the publicly-traded cybersecurity companies in 2021 and 2022.

We also looked to identify a meaningful correlation between growth and observed valuation multiples. See Figure 4 below.

Comparison of next fiscal year revenue multiples vs. projected revenue growth rates

The companies with the highest growth rates traded at the highest multiples, while companies with lower growth rates appeared to sell at lower multiples. The revenue multiples for companies with compound annual growth rates (“CAGR”) of less than 15% over the next three years seemed more tightly correlated with growth rates. However, the dispersion in the data suggests that other factors are likely playing a role in industry valuations.

The Size Story

Larger companies are generally perceived to have lower levels of risk relative to smaller companies. This dynamic can be due to several factors, including improved product or geographic diversification, deeper management teams, access to various distribution channels, and better availability of capital.

Figure 5 presents a possible correlation between size (measured by market capitalization) and LTM revenue multiples.

Comparison of market capitalization vs. latest 12-month revenue multiples

The data in Figure 5 suggests that larger companies tend to trade at higher valuation multiples. There are variations in the data, which suggest that size is not the only determinant for how investors are pricing these companies. For example, Check Point Software Technologies Ltd. was among the largest of the industry constituents. The positive aspect of this company’s size, however, may be offset by its low projected three-year revenue CAGR. Check Point had a 3-year revenue CAGR of 2.3%, one of the lowest growth rates in the group.

The Profitability Story

Revenue multiples are typically influenced heavily by profitability. We usually observe higher revenue multiples in companies with higher levels of profitability.

We did not identify a meaningful relationship between profitability and revenue multiples for the cybersecurity software companies. Since SaaS businesses’ future success depends on their ability to scale up, it makes sense that revenue multiples tend to be more aligned with growth than with profitability.

Tying it All Together

The trends observed in this article suggest that the valuations of publicly-traded cybersecurity software companies appear to be influenced by growth and size. A summary of these observations is presented below and compared to observations as of December 31, 2020.

Summary of factors impacting valuation multiples

The factors impacting valuations between as of the end of 2020 and June 30, 2021 do not appear to have changed significantly. Growth continues to be a primary factor in how cybersecurity software companies are priced. Size also appeared to impact the magnitude of valuation multiples in the industry. As cyberattacks and data breaches continue to occur, the industry is likely to benefit from increasing demand for solutions to this growing problem.

I hope you found this analysis helpful. Any input, feedback, suggestions, and questions (including disagreements with my high-level analysis) are welcome! Thanks for reading.

***

The quantitative industry analytics shown in this analysis was powered by ValuAnalytics’ proprietary valuation analytics platform. If you are looking to assess how your company or client benchmarks against its publicly-traded peers, let us help you automate and accelerate your analysis. ValuAnalytics provides cost-effective, expert-level valuation analytics to give you the insight you need to make better-informed decisions around valuation. Click Request Service to get started.