Which of The 3 Biggest Cybersecurity Stocks is the Best?

Documenting your investment decisions helps you learn from your mistakes and see through the various emotions that surface. Over the years, we’ve translated our patterns of investing into a methodology of sorts that we use to guide future investing decisions. One belief we’ve held is that if there are ETFs available for a particular theme – like Fintech or Robotics – then we prefer to hold the ETF over trying to cherry-pick a winning tech stock from a mature niche. We’re risk-averse investors who know that it’s all about time in the market, not timing the market. If the winner is clear as mud, bet on them all. Set it and forget it.

We recently evaluated eight different cybersecurity ETFs and found a clear winner – the Global X Cybersecurity ETF (BUG). Since cybersecurity is a mature tech theme, there are many pure-play stocks to choose from. The easy way out would be to start accumulating BUG, but we’re going to take a different approach this time. We’re going to look at the three biggest security stocks out there and see if we’d rather hold one instead of the ETF.

Bigger Cybersecurity Stocks are Better

Generally speaking, bigger is better in the tech stock world. Bigger stocks exhibit less volatility which appeals to risk-averse investors who like to sleep well at night. It’s reasonable to assume that the best cybersecurity stock – the one that has the least likelihood of pulling a Bind Therapeutics – would be found among the biggest.

We’ve covered a lot of cybersecurity startups over the years, but haven’t looked at cybersecurity stocks much. The three we looked at in the context of artificial intelligence – Fortinet (FTNT), Palo Alto Networks (PANW), and CrowdStrike (CRWD) – also happen to be the three biggest cybersecurity stocks in the world. That’s a conclusion we reached by simply evaluating the four biggest cybersecurity ETFs out there to see which stocks were most commonly found. Five stocks exist in three of the four ETFs. Of those, three exceeded a $30 billion dollar market cap. Here they are listed with market cap and revenues.

The three biggest cybersecurity stocks and revenues – Credit: Nanalyze

The Fastest Growing Cybersecurity Stock

With just a little bit of data, we can start to paint a picture of what’s happening here. The youngest of the bunch, CrowdStrike, also happens to be the most highly valued using a simple “market cap / annualized revenues” ratio (the smaller the number, the less expectations for future growth). That’s understandable because their revenue growth has been off the hook over the past four years – a compound annual growth rate (CAGR) of 65%.

 FoundedMarket CapAnnualized RevsValuation Ratio4-Year Revenue CAGR
CrowdStrike 2011461.0643.4+65%
Palo Alto Networks2005354.048.7+18%

One of these companies is not like the other two.

Endpoint Protection in the Cloud

CrowdStrike first came across our radar back in May 2017 when they became a unicorn, a cybersecurity startup valued at $1 billion. When the IPO was announced in June 2019, we didn’t give it much of a look as we always thought investing in cybersecurity was better played using an ETF. And here we are today. CrowdStrike is now 40X the size it was four years ago, and we still haven’t opened a position in a cybersecurity ETF yet (though we have found one we like).

Fast-growing CrowdStrike started off as a company that offered endpoint protection to customers from the cloud. If you’re a corporation with millions of assets – phones, computers, laptops, etc. – then all these endpoints need protection. CrowdStrike’s Falcon platform sorts everything out, and they’re using AI to identify viruses on the go as the signatures emerge in real-time. It’s just one of many things they offer while trying to provide customers with a holistic cybersecurity solution that leverages the latest technologies like machine learning.

The rapid growth of CrowdStrike is a testament to how difficult it has been for companies to secure their digital assets. A company’s biggest asset – its people – is also its biggest cybersecurity threat since the majority of big events are because some human gave the wrong person the wrong information. Securing all the devices that connect to the company network in a manner that’s easy for your IT team and the user is the way forward.

What Crowdstrike does is different from the second and third biggest cybersecurity companies in our list.

The Network Security Industry

Both Palo Alto Networks and Fortinet are two of the four dominant players in the network security industry, the other two being Checkpoint Software (CHKP) and Cisco (CSCO). A small team of MBAs (not ours, thankfully) spent several weekends putting together this juxtaposition of companies on a 4X4 grid – the ol’ Gartner Magic Quadrant for Network Firewalls.

It’s surprising to see a legacy name – Cisco – as a challenger. Back in the dot-bomb days, Cisco was the undisputed leader in network hardware, so how come they’ve given up so much ground to a bunch of newcomers? Today, they’re a $218 billion company described in Wikipedia as a conglomerate. That makes it difficult to assess the importance of network firewalls for Cisco and the extent to which they’ll try to play 500-lb gorilla.

We’re quickly concluding that Palo Alto Networks and Fortinet are pretty similar companies using every measure we’ve presented today. They’re what a test engineer might call an “equivalence class.” Investing in one gets you damn near the same exposure as the other, the only difference being company-specific risk that’s nearly impossible to measure, and perhaps only apparent to the people who work inside these firms.

CrowdStrike vs. Palo Alto Networks Vs. Fortinet

In the end, we need to decide if we want to hold one or more of these companies or the Global X Cybersecurity ETF. We only want one asset with exposure to cybersecurity – an ETF or a stock – and only one because we don’t want to spend a ton of time on this theme. We’re bullish on it as everyone else is, but the stocks are tough to follow because the products and services are complex. There are far too many companies to keep track of with things changing too quickly.

While the niche is maturing, there’s plenty of fuel in the tank. We’d welcome some exposure to a growth story that won’t evaporate if there’s a recession, or that isn’t overly exposed to “the ARK effect.” New cybersecurity challenges will always be around the corner and it’s a necessary cost of doing business now.

After evaluating these three stocks, we have a choice to make. We could move forward with accumulating the Global X Cybersecurity ETF. The top three positions are the three companies we discussed today with a combined weighting of 22.6%. All of them are actively acquiring, and any one of those acquired companies could change the game entirely. Things happen so fast in these spaces that we’d much prefer someone else figure out who we should invest in so we can spend time nerding out on Russia’s elite cybercrime fighting unit.

Our other option is to choose between CrowdStrike and two companies that are quite similar in many ways. If you take some time to pore over CrowdStrike’s nicely built investor deck, it’s clear they have some big aspirations, having identified various cybersecurity niches that add up to a $36.5 billion total addressable market.

Credit: Crowdstrike Investor Deck

Around 63% of CrowdStrike customers are subscribed to four modules or more, a percentage that’s been steadily increasing over time. The old land-and-expand appears to be working well, and investors are willing to give CrowdStrike a rich valuation for the promise of an equally bright future. We could just look past that big valuation number and get a position opened, then add to it when it inevitably corrects.

Decisions, decisions.


The biggest cybersecurity company we talked about today is barely old enough to drink. The other one is just starting high school, and the biggest of the lot is just 11 years old. Things happen quickly in cybersecurity because the IT domain is ever-changing. There are loads more device types now, people use their own devices from work, everyone works from home, and every CTO knows the ultimate CLM is their name on the front page of the WSJ. Cybersecurity spending isn’t going anywhere, and we want in on that action.

Are we going to finally open a position in the Global X Cybersecurity ETF? Or did we go all hero-or-zero on CrowdStrike? Become a Nanalyze Premium subscriber and find out.

Leave a Reply

Your email address will not be published.