Public Security Companies’ Multiple Volatility

It has been an exciting quarter for the security market. Zscaler IPOed at $16 per share for total gross proceeds of approximately $192 million. The stock traded up ~106% during Zscaler’s first day of trading and now stands at $27.06, up 69% since pricing. Given Zscaler’s pop, we wanted to review public security company multiples, which have experienced volatility over the past five quarters. Mid-term public security companies’ multiples expanded over the period and achieved a mean value of 5.0x TEV/NTM revenue. Not all companies surveyed increased their multiples, reinforcing that individual businesses’ nuances often overpower broader market trends.

Publicly traded security company multiples grew ~2.0x TEV/NTM over the past five quarters. 2017 started off on the lower end of the spectrum with an average company trading around 4.1x forward revenues — total enterprise value outstanding divided by the sum of projected revenues over the next 12 months (NTM). The multiple increased over the past 15 months to a high of 6.1x TEV/NTM revenue. The average over the period was 5.0x TEV/NTM revenue with a standard deviation of 0.4x TEV/NTM revenue.

The average figure obfuscates the variance in forward multiples. By breaking out the multiples on a per stock basis, we expose the true distribution. Identity management and SSO provider OKTA, which went public last spring, achieved the highest multiple at 11.9x TEV/NTM revenue while managed security provider Secureworks came in last at 1.4x TEV/NTM revenue.

In addition to the broad range of multiples, some individual businesses saw significant changes over the past year. Qualys increased its forward multiple by 86%, while SecureWorks and CyberArk contracted (15%) and (23%), respectively.

Overall, the data suggests that the mean forward multiple of 5.0x is a good summary metric for mid-term analysis of security companies. Since SaaS companies traded above security companies at an average ~7.0x TEV/NTM revenue over the same period, investors tended to give premiums to security businesses with a higher software mix. Forward multiples’ wide span and year-over-year variance highlight that multiples also depend on each businesses’ distinct characteristics.

Public markets reflect private market valuations to some extent. Pitchbook reports that globally there are over 425 cybersecurity companies in the seed through Series C stage. In spite of the volume, the most sought-after businesses commanded higher multiples over the past year.