Cybersecurity IPOs

There is some speculation that the two year drought in cybersecurity IPOs may come to an end in 2024. The IPO of chip maker Arm gave people hope that tech was back. I am not so sure. At least at $63.90, ARM is above its IPO price but not by enough to get excited about.

The last two years have been remarkable for the number of public cybersecurity vendors that have been taken private; ForgeRock, Ping, Knowbe4, for instance. The public market is shrinking!

That said, there are a bunch of companies that qualify for IPO. I look at company size and growth. In recent years, hitting 1,000 employees and growing at 40-60% year over year have been strong indicators of a company’s readiness for the public markets. If memory serves, both Fortinet and Zscaler fit these criteria.

During extended times when Wall Street is spooked these companies continue to grow so there may be some with much more that 1,000 people when they finally IPO. Keep in mind that cybersecurity, much like tech in general, is a growth play. Starting in November of 2021 the markets abandoned growth for profitability. Most cyber stocks fell by more than 60% at the time, although they have been making a comeback this year. Check out these growth numbers since January 6, the bottom of the cybersecurity market.

You can follow along with this Google Sheet I put together.

Let’s look at a few vendors that have declared their intention/desire to go public.

Rubrik is a data protection company in the old sense of “data protection:” backup and recovery. When DSPM (Data Security Posture Management) became a thing Rubrik jumped right in. They solidified their position with the acquisition of Laminar in August. At 3,545 employees today they are long past due for an IPO. 14.2% is not an exciting growth number but they are very consistent.

The perfect time for Snyk, the application security company, to have gone public was in February of 2022 as they crossed that 1,000 headcount number. They continued to grow to 1,421 then stalled out and shrunk, with a 10% decline in 2023. They should probably show growth again if they want to have a successful IPO. That said, maybe the markets will value profitability higher than growth.

Armis began life as a pure play IoT security vendor. After taking in massive amounts of funding it is in the hands of private equity so a public offering is inevitable. They have expanded their scope to asset management in general.

Netskope is another vendor that missed the optimum window to go public thanks to an un-receptive market. They will be ready to go when that window opens up again.

I expect Cato Networks to be one of the first to announce an IPO later in 2024. Their growth curve is consistent and on track to 1,000 people. They took in $238 million in September in a classic mezzanine round that usually leads to an IPO.

Axonius is recognized as the leading asset management solution. They took in $655 million in funding through March of 2022. That level of funding was visible to conference goers by the private booth hosting Simone Biles as celebrity spokesperson. They need to demonstrate positive growth again before filing an S1.

Not since Check Point Software went public three years after its founding has a cybersecurity company grown so fast. We won’t know what its actual revenue is until we see an S1 but Wiz claimed $100 million ARR eighteen months after it hit $1 million ARR. At its latest round, Wiz had a valuation of $10 billion. No cybersecurity stock has ever IPO’d at that valuation.

I am participating in the EskenziPR webinar on preparing for an IPO this morning at 9 AM Eastern US. Sign up here!