The cybersecurity market is expected to grow at a Compound Annual Growth Rate of 9.20% from 2022 to 2030 when it will reach $479.15 billion according to Vantage Market Research. This means that there is scope for companies like Qualys (NASDAQ:QLYS) to accelerate revenue growth, but, investors seem to think otherwise as seen by the whipsawing stock price below.
The company indeed faces challenges as this thesis will elaborate upon, and to make my point, I will compare with competitors Palo Alto (NASDAQ:PANW) and CrowdStrike (NASDAQ:CRWD)as well as consider how in the current economic environment, a change in customers’ behavior can impact sales.
I start with the specific features provided by the company which are relevant to the cybersecurity industry.
The Cloud Approach but Revenues are Challenged
Qualys which was more widely known for its compliance solutions, is also a provider of cloud-based IT security addressing a broad range of customer segments namely large enterprises, government entities, and SMBs. In response to hackers being able to weaponize vulnerabilities faster than cybersecurity experts can patch (address) these, corporations are favoring the platform approach for automatic protection instead of relying purely on intrusion detection and alerting, as before.
Therefore, the company delivers its solutions through a cloud platform, which is also the prevalent mode for distributing software today and it has security intelligence offerings as well as tools to automate the lifecycle of IT assets comprising discovery, vulnerability assessment, and compliance management.
www.qualys.com
Then, you would expect revenue to progress steadily on a quarterly basis.
However, as per the CEO, new business was challenging as potential customers exercised more scrutiny than usual when budgeting and also postponed projects, thereby impacting bookings. This in turn impacted revenues for the first quarter of 2023 which while increasing by $17.3 million on a year-on-year basis still decreased slightly by $0.1 million sequentially as shown in the chart below.
However, this trend is not compatible with research done by Gartner which shows that despite IT spending slowing, cybersecurity budgets, both for security technology and services are not likely to fall. On the contrary, Gartner expects an annual growth rate of 11% in cybersecurity from 2022 to 2026, which is even faster than predicted by Vantage Research as mentioned in the introduction.
To get a confirmation as to whether business conditions are really challenging I make a graphical comparison of the quarterly sales progressions with peers below.
Qualys’ Contrasts with Competitors’ Optimism
In this case, as seen by the orange and pale blue charts respectively, Palo Alto and CrowdStrike have seen sales increasing steadily both on a year-on-year and sequential basis. Additionally, their revenue levels are much higher than Qualys by at least five times, which partly explains why they are managing to generate more sales as I elaborate upon.
Thus, they benefit from a much larger customer base to drive sales and have to rely less on acquiring new clients. This is precisely the issue brought up by Qualys CEO during the first quarter of 2023 (Q1) earnings call who mentioned that “new business was challenging as organizations continued to apply additional layers of scrutiny to spending and delay project dates”. However, this is in sharp contrast to Palo Alto’s position and its CEO speaking at a technology conference on June 8 said: “In the last nine months no customers said to me, this is really nice, I like it, but I’ll buy it another six months later”. Looking further, his point of view is also aligned with CrowdStrike’s CEO speaking during its latest quarter earnings call: “We’re seeing customers looking to spend more with us but then reduce other spends from other competitors”.
Moreover, for products like antivirus, one key requirement is constant updates in order to counter the threats posed by cybercriminals as they grow in sophistication. Consequently, again considering the difference in revenue levels and scale as evidenced by the differing market cap (table below), Qualys’ competitors dispose of a higher installed base. This, in a way, also acts as a mitigation against economic risks as CIOs are more likely to favor operational expenses on maintenance and upgrades rather than spending capital on new implementations.
Better Profitability Metrics, but Dim Outlook
Furthermore, as per Qualys’ management, bookings are likely to remain under pressure for the rest of the year as customers look to reduce costs in the short term. This implies that the revenue regression seen in Q1 can be sustained in the second, third, or fourth quarters.
The outlook is expected to improve over the long term as customers embark on a long-term transformation journey for their IT security systems and take advantage of tools like Qualys VMDR which is all about automatic vulnerability management with detection and remediation of misconfiguration. These amount to being proactive.
Also, the company’s gross margins of 79% are higher than its competitors despite benefiting from a lower revenue base on which to spread its costs, in turn signifying a high degree of platform optimization. Along the same lines, its double-digit net income margin of 22% also stands out and shows relatively lower operating costs, while the price-to-sales multiple of 9.61x makes it more attractive from the valuation perspective. However, the stock already trades at a premium when compared to the median for the IT sector, by more than 200%.
www.seekingalpha.com
Therefore, even if there are long-term opportunities for growth and the company has better profitability metrics, it is not an opportunistic buy at the moment.
The Potential is There
However, it does have potential and could spend more money for growth since it spent an average of only 31.5% out of total revenues on marketing during the last four quarters compared to 44.6% and 54.3% for Palo Alto and CrowdStrike respectively. One area where its products deserve to be better known is endpoint security.
In this case, while it has a highly innovative VMDR as I touched upon earlier, the fact that it does not have a solid presence in endpoint security products as per a classification by Solutions Review makes it more vulnerable to losing market share. For investors, endpoints refer to laptops desktops, servers, and smartphones and these are the very entry points to a corporate network, and protecting these is a top priority. With their strength in endpoint protection, Palo Alto and CrowdStrike are more likely to also win contracts covering the protection of other IT assets too as customers favor end-to-end service providers in order to benefit from discounts.
In conclusion, this thesis has shown that while there are billions of dollars of opportunities when looking from the top perspective, things are different when deep diving and there are various dynamics at play in the cybersecurity industry. Against a backdrop of macros that favor cost-cutting in IT, the ability to grow the topline also depends on the size of the customer base in addition to the security product itself. Also, Qualys does have endpoint solutions for a wide variety of use cases as shown below, but, being also more profitable than its peers, it does have more leeway to market these.
www.qualys.com
Finally, this is more a company to put on your watchlist.
Read the full article here
