UK-based Darktrace kicked off the cybersecurity earnings season with a robust set of figures and a guidance upgrade, giving confidence that the recent rally in security stocks is sustainable as fundamentals improve.
In H1 (calendar H2), Darktrace delivered 27% revenue growth, 3% above expectations, with an EBITDA margin above 19% (100-200bps above consensus) and raised its FY24 guidance for both revenue (to 23-24.5% from 22-23.5%) and EBITDA margin (to 18-20% from 17-19%).
Even if some of these improvements are company specific as Darktrace has had to deal with operational issues, it is clear that the company is benefiting from the underlying cybersecurity market strength and that most security peers should come up soon with their own guidance upgrades as 2024 is shaping up as a strong year.
First, the global IT spending environment is expected to be supportive, with IT research firm Gartner projecting spending to accelerate to 8% in 2024, twice the level of 2023. Unsurprisingly, cybersecurity is expected to remain a major driver with Gartner forecasting 14% year-over-year growth as cyberattacks proliferate and as numerous AI initiatives require robust data governance and security.
Then, cybersecurity companies should benefit from a major product cycle as they have been infusing or announcing generative AI features in their security offerings to automate the prevention and detection of cyber threats. Looking at the initial monetization initiatives from software peers including Microsoft, Adobe and Salesforce, we estimate that the monetization of AI cybersecurity products could deliver, at least, a 10% boost to industry revenue over the next couple of years.
Finally, they should benefit from a more stringent regulatory environment. The recent adoption by the SEC of rules requiring public companies to report material security breaches within four business days is likely to encourage them to improve their vulnerability management, threat detection and past incident response practices. While many public companies already report incidents, they don’t necessarily do it consistently and some companies don’t report at all.
Overall, we would expect positive surprises for cybersecurity vendors at the topline level in 2024 in light of the various demand drivers, as well as at the margin level as the industry scales and consolidates and as wage inflation is easing.