This article is excerpted from Tom Yeung’s Moonshot Investor newsletter. To make sure you don’t miss any of Tom’s picks, subscribe to his mailing list here.
Cybersecurity Threats Continue Growing
On Tuesday, Zoom Communications (NASDAQ:ZM) revealed that a security researcher at Google’s Project Zero had discovered four security vulnerabilities that could let attackers hack victims “just by sending them a message.”
Just last week, a study published by the Pew Charitable Trusts found that hospital patients are becoming increasingly at risk of ransomware attacks. And in April, U.S. intelligence officials suggested that Russian hackers had successfully used a “wiper” to take down satellite communication stations before it invaded Ukraine.
These attacks will only get worse.
We have a “seemingly pathological need to connect everything to the internet,” former Director of the Cybersecurity and Infrastructure Security Agency Chris Krebs bluntly said in an address to Congress, calling the situation a “dumpster fire.”
And he’s right.
Self-driving cars… smart power grids… connected healthcare devices… the range of targets is only growing.
But there’s some good news:
American firms are learning to fight back.
And on the forefront are the high-growth Profit & Protection cybersecurity stocks we’ll examine today.
2 Top Cybersecurity Stocks to “Set It and Forget It”
There’s no shortage of cybersecurity stocks vying to become… well… top dog.
But markets are acting as if we’ve already caught the bad guys. The top nine cybersecurity stocks have lost 40% of their value over the past six months; $145 billion has vanished from the market.
That’s created a golden opportunity for long-term investors to jump in. Though the market cycle suggests several more months of drawdowns, these set-it-and-forget-it companies are the kind of growth stocks that the Profit & Protection trading system shows outperform over time.
Though its name might look strange, Zscaler’s (NASDAQ:ZS) business is anything but.
The cybersecurity firm operates the Zscaler Zero Trust Exchange, a platform for previously unknown devices to access secure systems.
As the number of bring-your-own devices has exploded, so too have the headaches of securing an enterprise network. When thousands of workers use their personal phones to access work servers, how can IT departments ensure a breach doesn’t spread across the entire network?
That’s where Zscaler comes in.
By using a “zero trust architecture,” the company’s system acts like an intelligent switchboard that quickly allows and disallows access as required. The system also distorts IP addresses, making it harder for would-be hackers to attack something they can’t “see.”
No security system is perfect, but Zscaler is one of the best in the business.
And it shows.
Tilting the ZScales in Our Favor
From a product standpoint, Zscaler receives excellent enterprise reviews. The company has been named a “Leader” in Gartner’s Magic Quadrant and has the highest rating of an “ability to execute” among its ten rivals.
“Zscaler Internet Access Platform is the only solution that provides us with a surface with no attack potential,” one Gartner review observed. “It does a superb job of filtering traffic and is particularly strong in terms of security.”
The product quality also shows in its financials.
Since 2019, customer retention rates have averaged 122% — a figure only possible by upselling customers faster than they leave. Gross margins have remained strong, and valuations are at their lowest since the Covid-19 pandemic.
That’s created an ideal convergence of factors. As yesterday’s newsletter mentioned, ZScaler lands a solid “A” grade in its Profit & Protection growth score, giving investors a higher probability of investment success.
There are, however, some downsides.
First, ZS’ marketing team isn’t particularly efficient. Costs have risen faster than revenues, suggesting that online criticism of its poor sales incentives is on the mark.
Second, the company still faces an uncertain competitive landscape. Larger rivals like Cisco (NASDAQ:CSCO) and Palo Alto Networks have far greater resources should they choose to enter the “zero-trust” market. The company’s concentrated ownership (and large market cap) makes it less appealing as a takeover target, even for tech giants like Microsoft (NASDAQ:MSFT).
Finally, there’s short-term timing. Today’s rising rate environment suggests that healthcare, energy and homebuilders are better tactical plays for traders looking for immediate profits. Lossmaking firms like ZS could have further to fall before rebounding.
Nevertheless, those seeking long-term profits could do well to buy Zscaler. The company’s large cash position — and an “A” growth grade — make it a firm to keep in your back pocket. Initial Profit & Protection target price begins at $250.
Close behind is CrowdStrike (NASDAQ:CRWD), a leader in endpoint security.
The firm is on the frontline of defense against cybersecurity attacks. Its cloud-based Falcon system attempts to identify dangerous activity and defend endpoints against viruses, ransomware and malware.
And the larger the firm gets, the better it becomes: as its name suggests, CrowdStrike relies on crowdsourced data to train its AI systems on impending threats.
In other words, CRWD has created more than an antivirus program ready to repel attackers. They’ve made a system that proactively monitors abnormalities and adapts to new hazards before encountering them.
Crowdstrike also gets glowing reviews from Gartner, particularly about how easy it is to implement its cloud-based software. Entire enterprises can get set up in less than a day, making for a compelling choice relative to slower-moving competitors.
Crowding Out the Bad Guys
CrowdStrike’s quality shows through its financial figures. Retention rates remain above 120%, and analysts expect growth to top 48% this year. From a price-to-sales standpoint, CRWD stock is at its cheapest since March 2020.
The firm has also managed to keep costs under control. Operating expenses increased slower than revenues last year, pushing CRWD’s free cash flow up by 50% to $440 million.
And best of all, the company is a “land-and-expand” play, as analysts at Morningstar observe. Each additional subscription module the firm sells raises the company’s gross margin, not just its operating one. That means CrowdStrike could break even by 2025 and reach almost 20% EBIT margins two years later.
But like ZScaler, there are some drawbacks to buying a stock like CrowdStrike’s today:
- Black Swan Events. First, there’s a long-tail risk of an internal breach. Though it’s unlikely that CrowdStrike could fall, a successful attack could make the poster child of cybersecurity into the next SolarWinds. Shares could go to $50 overnight.
- Lower Upside. CrowdStrike has less upside than firms like ZScaler. Despite a 53% decline since November, CRWD still trades at 17x forward price-to-sales, making it one of the most expensive cybersecurity stocks. Investors are paying a premium for quality.
- Market Timing. CRWD isn’t immune to macro trends. The company might sell products to healthcare and energy firms, but it isn’t a countercyclical play.
Still, CrowdStrike is riding a massive wave of cybersecurity threats. Corporations have woken up to the risks of ransomware, and high-profile hacks have perversely become the industry’s best advertising campaign that money didn’t buy.
A Big Bet on the Future
In 1988, Cornell graduate student Robert Morris wrote a computer program to identify the size of the internet.
But a programming mistake made “The Morris” spread too quickly.
Within 15 hours, most of the internet — around 15,000 computers — had become infected by the first online-based computer virus (talk about a bad day at work).
Since then, cybersecurity attacks have only become more nefarious. In 2013, the CryptoLocker virus introduced a half-million computers — and their unfortunate users — to the concept of ransomware. And spyware breaches like the SolarWinds hack of 2020 have shown that even the most sensitive government data isn’t immune to prying eyes.
In 2021, Americans finally seemed to wake up to the threat when the Colonial Pipeline suffered a massive ransomware attack. The six-day disruption was enough to wreak havoc across much of the east coast’s gasoline supply.
But you think that was worrying… imagine what could come next.
As more IoT devices are connected to the internet, the range of potential hacking targets will only grow. And while having your smart lights hacked might be an annoyance, doing the same to a gas heater or moving vehicle could have far worse consequences.
Cybersecurity firms are fighting back. And as cybercriminals become ever more sophisticated, these firms will quickly become the superstars of tomorrow’s high-stakes battles.
On the date of publication, Tom Yeung did not have (either directly or indirectly) any positions in the securities mentioned in this article.
Tom Yeung, CFA, is a registered investment advisor on a mission to bring simplicity to the world of investing.