Analysis
Palo Alto’s 134-slide presentation reveals the insides of the global cyber market
In-depth analysis paints crucial portrait of rapidly evolving cyber landscape
How did Palo Alto Networks unsettle Wall Street? Last week, clear signs of tension became evident among analysts and investors due to the unexpected decision of the Israeli-founded cyber giant, founded by Nir Zuk, to release its financial reports on a Friday night in the middle of August. There are certain things that are simply unacceptable in the New York capital market community. However, Palo Alto, much like its founder, has built its reputation by consistently challenging conventional norms within the industry.
(20.9.23): Palo Alto in negotiations to acquire Talon Cyber Security in $600 million deal
The anticipation was high; pessimists were convinced that the company aimed to "bury" unfavorable figures, hoping that the reports released at such an unconventional time—rather than during the usual midweek period—would go largely unscrutinized. Nevertheless, the reports turned out to be positive. Palo Alto's stock even surged by 11% during after hours trading on Friday. However, the real intrigue lies beyond this development. Alongside the "mundane" statistics, Palo Alto executives presented a 134-slide analysis of the global cyber market. This could be regarded as a sort of "state of the cyber speech," holding significant importance for the Israeli technological ecosystem. Remarkably, a fifth of this ecosystem, more than anywhere else globally, is deeply entrenched in the cyber market.
Check Point can be credited with pioneering the cyber world three decades ago. Yet, today, Palo Alto, with its annual sales exceeding $8 billion, surpassing Check Point's approximately $2.5 billion, is the company best positioned to comprehend and categorize the market's nuances. This understanding enables Palo Alto to provide a comprehensive overview.
Palo Alto's cyber market analysis, although indicating a slight slowdown that is being discussed across the industry, simultaneously underscores its unique strengths. Despite several years of rapid expansion, it has avoided the exhaustion that has afflicted many markets that experienced a boost due to the pandemic, only to subsequently decline. In the realm of cybersecurity, the number of attacks continues to surge, aided by the enhanced capabilities of AI, which provide attackers with more potent tools. The ongoing transition to the cloud, coupled with the expansion of hybrid work models, has significantly broadened the attack surfaces, causing related categories to remain among the fastest-growing segments—even post-pandemic.
Conversely, the cyber market remains highly fragmented, allowing smaller players to make significant strides. No major player commands more than a 10% share—a remarkable exception compared to other sectors within corporate computing. Aspiring Israeli startups and those toying with the idea of establishing a cyber startup would be wise to at least peruse Palo Alto's extensive presentation to grasp the direction to pursue and how to succeed.
Predictions indicate that annual losses from global cyber crimes will escalate to $10.5 trillion by 2025, a surge from $8 trillion in 2022. In 2021, organizations required an average of 44 days to address cyber intrusions from the moment of detection (not necessarily the initial occurrence) until reporting the breach. This duration was reduced to 30 days last year and further down to five days this year. However, this remains inadequate.
Among the many guidelines recently issued by the U.S. Securities and Exchange Commission (SEC), public companies trading on U.S. markets are now mandated to disclose significant cyber incidents within only four days. While deliberation on what constitutes a substantial cyber incident could continue, this directive substantially pressures companies and compels swift action.
This is the primary reason why, despite the broad technology market slowdown affecting all sectors, the effect is less pronounced in cybersecurity. Although both Palo Alto and Check Point, alongside American Fortinet, acknowledged that CFOs are delaying procurement decisions and dividing owed payments, the market continues to expand. Over the past half-decade, the cybersecurity market has surged at an impressive rate of around 14% annually—twice the pace of other software and hardware categories for enterprises.
The enterprise cyber market, valued at $213 billion, encompasses a significant but relatively stagnant $80 billion cyber services sector. Here, growth is modest, projected at around 7% over the coming years. However, this is not the arena of intense competition among companies; it retains stability and is shared among key players. A comparable scenario exists for the $30 billion derived from traditional security solutions, including email and data security. This sector anticipates an annual growth rate of approximately 13%. The true excitement surrounds the remaining $100 billion, which experiences robust double-digit growth. Of this sum, $72 billion pertains to communication network security and endpoint security, surging at about 20%.
Lastly, the smallest sector, currently valued at $29 billion, is also the most dynamic, expanding at an annual rate of 35%. This segment comprises cloud security solutions, remote connections to corporate clouds, and security for network-connected consumer products (IoT). In 2018, the cloud security market was merely a $2 billion industry, but today it stands at five times that size. With the increasing number of individuals opting for online shopping over visiting local supermarkets, security needs will only surge, expanding the market further.
Palo Alto possesses a modest 7% share in the $100 billion enterprise cyber solutions sector. While it's maturing and stabilizing, the cyber market remains divided and fragmented. This condition positions Palo Alto as one of the largest players in terms of sales and the most significant in terms of market value—approximately $70 billion, compared to Check Point's $16 billion and Zscaler's $20 billion, with the latter representing one of the most influential players in the new-generation cyber field focused on cloud computing.
The Israeli company SentinelOne, which at the time registered the largest cyber IPO in history, has also lost ground since 2021 and today trades at a value of only $4 billion. For comparison, in other markets of corporate computer systems, such as databases or software that supports sales systems such as CRM, market leaders hold double-digit market shares ranging from 20% to 30%.
Cybersecurity remains fragmented, allowing smaller entities to gain momentum. In the data from Palo Alto, large organizations use an average of 75 distinct cyber protection solutions. These are frequently unsynchronized, occasionally conflicting, and generally make holistic management challenging. Particularly during the ongoing slowdown, the inclination is to streamline suppliers, which favors larger corporations. Evidently, the trend towards cybersecurity consolidation is set to rise, as not all startups will secure funding. Conversely, given attractive pricing, even non-acquisition-oriented firms, unlike Palo Alto—known for its prolific acquisitions—may be tempted by mergers.
As per Palo Alto's data, approximately one-third of the 3,000 startups operating within the corporate cybersecurity sphere are based in Israel. The company asserts that it evaluates no fewer than 250 startups annually to ensure it doesn't overlook vital and innovative technological advancements. Despite the sector's fragmentation, numerous startups eventually opt for acquisition by firms such as Palo Alto, Check Point, Cisco, Fortinet, and more recently, Microsoft—forming the cornerstone of their exit strategy.
Though entrepreneurs might not readily acknowledge it, from an investor's standpoint, this is a plausible, if not preferred, scenario—oftentimes even more preferable than an IPO scenario. This preference stems from the unique dynamics of the cybersecurity market.
Despite historically showing limited interest in acquisitions, Check Point has acquired seven startups over the past four years. In contrast, Palo Alto, with its stated objective of offering an all-encompassing organizational solution, has procured 13 companies since 2019. Nevertheless, it recently slowed this pace to assimilate the previous acquisitions.
Over the forthcoming years, the trend towards intensified cloud integration in the cybersecurity sector will radically reshape the market, resulting in the emergence of giants from the new generation. Zscaler, a pioneering cloud-based cyber company, epitomizes this trend. With Wall Street's IPO window reopening, Israeli company Wiz, operating in cloud cybersecurity, is poised for its colossal IPO, having already secured a valuation of $10 billion in its most recent fundraising round.
It's still premature to ascertain whether "cloud" categories will mirror the fragmentation of the traditional cybersecurity market or whether dominant players will vie to reinforce their positions through startup acquisitions. Currently, the cloud race is well underway and propelled by established entities that now recognize that a transformation they were questioning over the past five years has materialized with greater force than anticipated—the migration of data and assets to the cloud, accompanied by corresponding attacks.
Related articles:
The count of applications developed in the cloud and currently operational within organizations—500 million—is rising, despite most applications still being grounded in conventional physical infrastructure. Some 33 million developers continually introduce new features to these new applications. According to Palo Alto, an average organization uses 100 applications today, catering to commercial and internal needs alike. In the near future, as AI tools assume an increasingly substantial role in code development, the application count will surge further.
Doubts about the pace of cloud development have been cast aside, best illustrated by the Secure Access Service Edge (SASE) sector. Recently, Check Point made headlines by acquiring Perimeter 81, an Israeli company specializing in this sector, for $490 million —the second-largest purchase in Check Point's history.
To fathom Check Point's decision, one must peruse the slides that Palo Alto offers outlining the secure remote connection of employees to corporate cloud applications. The SASE category, which integrates security solutions, achieved a billion-dollar order rate at Palo Alto in 2023. Importantly, Palo Alto does not hold the dominant position within this segment.
Just last week, Gartner, a leading research company, dubbed Palo Alto the premier solution in the market sub-category of single-vendor providers of SASE. In the integrated system category, Zscaler reigns supreme. Shlomo Kramer's Israeli Cato Networks, the category's progenitor, is characterized as a challenger—rapidly growing and posing a threat. Remarkably, Check Point was excluded from this ranking due to limited adoption of its solutions in the sector, which has expanded by 60%, justifying its strategic decision to make substantial investments.