Security Software: A Non-Secure Future Brings Certain Growth

by: Brett Korsgaard

It is telling that during the years following the 2008 financial crises, one sliver of the enterprise software market separated itself from the rest: expenditures for security software have increased at an annual rate of 10% per annum, a full 5% higher than the growth enterprise market in aggregate. Recent high profile data breaches involving Sony (NYSE:SNE), Citigroup (NYSE:C) and the CIA are a public showcase for the dangers an incomplete security architecture poses to such institutions. This bodes well for a security software industry that, according to Gartner Group is expected to grow at an 11% clip for the next few years.

A Look At a Growing Field

Company Price Market Cap Revenue Country
Symantec (NASDAQ:SYMC) $17 $12 Billion $6.4 Billion USA
Trend Micro (OTCPK:TMICY) $31 $4 Billion $1.25 Billion Japan
*Intel (NASDAQ:INTC) $21 $109 Billion $48 Billion USA
Check Point (NASDAQ:CHKP) $57 $11 Billion $1.17 Billion Israel
**EMC (EMC) $23 $47 Billion $18 Billion USA
**CA Technologies $20 $10 Billion $4.52 Billion USA
Kaspersky Private - $500 Million
Websense (NASDAQ:WBSN) $21 $834 Million $350 Million USA
AVG Private - $350 Million (estimate) Czech Rep

* Intel does not break out revenues from McAfee acquisition
** EMC & CA Technologies do not break out revenues for security offerings

Both the enterprise market and the consumer market are on pace to drive upwards of $20B in security and related product spending in 2011 alone. The trend towards complex and increasingly decentralized networks with the adoption of cloud computing are key drivers of this growth. Additional interest was enhanced with a spate of deals by enterprise outfits such as HP (NYSE:HPQ) which paid $1.5 Billion for ArcSight and the Dell (Dell) purchase of SecureWorks. Clearly these firms are looking to bolster their offerings in this growth segment. Intel’s 2010 purchase of McAfee for $7.7 Billion really primed the pump for such acquisitions in an industry that was quietly plugging along for years but with few marquee deals to showcase.

Such deal flow certainly put the industry in lights and this activity begs the question: if Intel intends to meld software security into computer chip design, why wouldn’t enterprise players such as IBM (NYSE:IBM) or Oracle (NASDAQ:ORCL) for example round out their offerings with acquisitions to further address the demand for security amongst enterprise customers? As security becomes more of the conversation, expect deal activity to heat up in this space. Consequently, the dynamic nature of this market segment is attracting a field of next generation security players that will be ripe for additional acquisitions or as IPO candidates.

With organic growth at hand, a myriad of options will avail themselves to both the stronger established and up and coming players in the industry. So how does the field for security software players stack up? A quick glance illuminates a bifurcated market of large players such as Symantec, McAfee [Intel (INTC)] & Checkpoint focused on traditional security problems with a smorgasbord of firewalls, virus’s and the like. The other side of the spectrum features a bevy of smaller companies laser focused on “next generation security” to address a future that includes ever more sophisticated attacks. Large enterprise companies such as Intel, EMC and CA Technlogies already have substantial offerings in the area of security software, but they don't break out security revenue in earnings reports.

The mass adoption of smart phones and amorphous data networks provide wide open playing fields and entry points for hackers that hit from all corners of the globe. There should be plenty of room for growth among traditional security powers and this list of fast growing aggressive newcomers. These newer entrants are increasingly emanating from geographies that are security flashpoints in and of themselves. The antivirus company Kaspersky is based in Russia and AVG has its roots in the Czech Republic. Of course industry heavy weight Check Point is based in Israel. Reflective of global security problems, the industry is on its way to becoming a truly global in nature.

The list of private companies looking to go public is long and growing. Many companies such as Palo Alto Networks, Splunk, Imperva & WhiteHat Security have plans in place for an IPO or may be ripe for an acquisition. Expect some of these firms to be in the news as the notion of cyber security becomes a hot topic and one that may rival the social networking bonanza that remains foremost in the minds of many tech entrepreneurs and investors today. One thing you can count on, in a world chock full of surprises and uncertainty, look for security companies to sweeten a portfolio in an investing climate that has become anything but a safe haven.

Disclosure: I am long INTC.