Why Microsoft’s Cybersecurity Business Is A Key Growth Story To Watch
Contributor since 2022 / 7823 Followers
Summary:
- Microsoft Corporation’s cybersecurity business is the world’s leading company by revenue, with revenue from cybersecurity verticals expected to reach $25 billion in FY 2024.
- Microsoft’s Copilot for Security tool will have new enhancements, including tailored promptbooks, support for multiple languages, and integration with third-party services.
- The cybersecurity market is expanding significantly, with double-digit YoY growth rates expected to continue, creating whitespace for further growth for Microsoft.
- Although I like Microsoft’s cybersecurity position, as a group the company looks richly valued, trading at an EV/EBIT of around 30x. Thus, I reiterate a “Hold” rating on Microsoft shares.
FinkAvenue
On Thursday March 13rd, Microsoft Corporation (NASDAQ:MSFT) announced that its Copilot for Security tool will become widely available to customers starting April 1, featuring new enhancements. The Copilot for Security enables cybersecurity experts to leverage generative artificial intelligence for various tasks, including incident summaries, vulnerability assessments, and data sharing. In that context, Microsoft highlighted the addition of several new functionalities to the tool, such as tailored promptbooks, support for multiple languages, integration with third-party services, as well as detailed usage reports.
I take Microsoft’s Copilot announcement as a prompt to conduct a deep dive into Microsoft’s enormous cybersecurity business, which I believe holds vast, arguably underappreciated, potential for MSFT investors long term. Moreover, as the cybersecurity industry continues to evolve and gain importance, the industry is set for accelerating commercial momentum in 2024. In fact, according to various CIO surveys, IT budgets are set to expand in 2024, and within IT, the demand for cybersecurity is anticipated to outpace the broader software spent. On that note, I argue that a 20-25% YoY top line growth for Microsoft’s cybersecurity business may be reasonable in CY 2024.
For context, Microsoft stock has notably outperformed the broad equities market YTD. Since the start of the year, MSFT shares are up about 11%, compared to a gain of approximately 8% for the S&P 500 (SP500).
Seeking Alpha
Microsoft’s Cybersecurity Business Is Very Big…
Microsoft’s cybersecurity business is very big. In fact, Microsoft is the world’s leading cybersecurity franchise by revenue. In CY 2023, Microsoft disclosed that the group’s revenue from cybersecurity verticals topped $20 billion. This figure has likely grown to around $25 billion in CY 2024, extrapolating a 25% YoY industry growth as suggested by peers.
Furthermore, the figure is expected to jump to above $30 billion by CY 2025, assuming the cybersecurity growth momentum is expected to continue. Modelling Microsoft’s cybersecurity growth back to CY 2020, based on company disclosures, it is noteworthy to point out a ~40% CAGR from 2020 through CY 2024 (expected), compared to a ~15% CAGR for the broader group.
Microsoft disclosures; Cavenagh Research estimates
…With Attractive Whitespace For Further Growth
From a more structural growth perspective, investors should consider that the cybersecurity market continues to expand attractively. In fact, Gartner projected that the Total Addressable Market, or TAM, for the cybersecurity industry topped $188 billion in 2023, growing about 13% YoY. Moreover, greater than double-digit YoY growth rates are expected to persist through the next 5 years, as cybersecurity is projected to claim an increasingly larger share of overall IT spending.
There are quite a few factors driving this, including increasing digital importance for both businesses and individuals, the rise of cloud computing, increasing quantity and sophistication of cyber attacks, as well as regulatory requirements in order to protect trade secrets. On that note, I’d like to highlight Microsoft’s dominance in the market as a SaaS cybersecurity platform vendor. With a proven history of capturing market share across various essential cybersecurity sectors, Microsoft is solidifying its position as a “one-stop shop” for digital protection. Moreover, Microsoft’s rising strength with some of the company’s newer components like identity protection and cloud workload security further underscore the company’s standing in the cybersecurity landscape.
There are quite a few notable arguments why Microsoft is taking share in the cyber security market, and Microsoft may significantly outgrow the broader market backdrop, potentially capturing a 20% CAGR over the next 5 years. First of all, I point out that Microsoft has an enormous customer base in the enterprise market, having penetrated a vast installed base across various products, operating systems, productivity tools, and cloud services. This broad reach allows Microsoft to integrate its security solutions seamlessly across multiple platforms, making it easier for businesses to adopt and implement Microsoft’s security measures.
Secondly, and this is related to the first argument, Microsoft’s security solutions are tightly integrated with its product portfolio such as Windows, Office 365, and Azure. This not only improves customer experience through sourcing cybersecurity protection as an add-on directly from the product vendor, but also strengthens Microsoft competitive edge vs. cybersecurity peers, because Microsoft’s deep understanding of the product/ customer data to improves the R&D for cybersecurity product development.
Thirdly, Microsoft’s broad leadership in working with and developing AI catalyses spill over benefits to the company’s cybersecurity offering, as the technology is able to detect, analyze, and respond to threats more effectively. Lastly, Microsoft offers a comprehensive cybersecurity portfolio, offering a wide range of security solutions covering identity, security and access management, as well as threat and information protection. This making Microsoft a one-stop cybersecurity shop for many organizations.
Taking (i) access management, (ii) endpoint security and (iii) security and event management as the key reference applications in notable cybersecurity sub-segments, it is noteworthy to point out that Microsoft is the only company operating in all segments as a leader, according to Gartner. Most competitors, on the other hand, have quite a narrow field of strength: Okta Inc. (OKTA) is strong in access management; CrowdStrike (CRWD) and SentinelOne (S) are strong in endpoint security, and Splunk is strong in security information and event management.
Gartner
Cybersecurity Could Thrive in 2024’s Bull Market
Heading into 2024, the forecast for IT budgets looks increasingly positive. This optimistic trend was supported by observations from Q3 conference discussions, indicating shorter sales cycles for new customers and quicker invoicing for current clients. This change is especially advantageous for cybersecurity funding. The need for effective cyber defense is becoming more urgent due to rising geopolitical tensions and the sophisticated security challenges posed by advancements in GenAI, such as deep-fakes, data corruption, and adversarial threats. Reflecting this, Qualys reported an alarming 26,447 vulnerabilities in 2023, an increase from 2022 and marking the seventh consecutive year of growth in vulnerabilities. Additionally, there was a 72% YoY increase in ransomware incidents in 2023, with attackers rapidly adopting new GenAI technologies to craft malware more efficiently.
In line with this growing security risk, the Piper Sandler 2024 CIO Survey (released on December 11, 2023) shows a strong outlook for cybersecurity expenditure, with it being a top priority for IT budget planners. The survey highlights significant investment focus on areas such as Cloud Security, Endpoint Security, Threat Intelligence, and Network Detection & Response, aligning well with CrowdStrike’s areas of specialization. Likewise, surveys from UBS, Jefferies, and Morgan Stanley project a surge in cybersecurity budgets, emphasizing the importance of addressing GenAI-associated security challenges. Admittedly, the survey are about 2-3 months old.
But still, the fundamental takeaway, projecting strong demand for cybersecurity solutions in 2024, should not have changed over the past quarter. Thus, overall, I am confident in my earlier statement that Microsoft’s cybersecurity business could expand 20-25% YoY in CY 2024, growing to $25 billion in total sales.
Valuation & Investor Takeaway
Microsoft is the world’s largest cybersecurity vendor, generating about $25 billion of annual revenues. On that note, as the cybersecurity sector undergoes continuous evolution and attains heightened significance, it’s poised for rapid commercial advancement in 2024. Recent CIO surveys indicate a projected expansion of IT budgets for the year, with cybersecurity emerging as a focal point surpassing other software expenditures. Accordingly, I argue that expecting a 20-25% YoY growth in Microsoft’s cybersecurity business revenue for CY 2024 appears feasible.
Although I like Microsoft’s cybersecurity position, it is important to note that investors can not directly invest in Microsoft’s cyber security business. Accordingly, it is important to understand the broader valuation backdrop for Microsoft stock. On that note, taking the group perspective, Microsoft stock looks richly valued, trading at an EV/ EBIT of around 30x, suggesting a 45% premium to the IT sector, according to data collected by Seeking Alpha.
Seeking Alpha
In context of valuation, I understand that early indicators show that Microsoft’s adoption of AI technology is robust, positioning the company as a leader in a sector expected to drive significant growth in the next decade or more. This makes a compelling case for long-term investment in Microsoft. However, with other GenAi leaders like Google (GOOG) and Meta Platforms (META) both trading at a more reasonable 20x EV/ EBIT valuation, I prefer investment in these businesses and stay on the sidelines for Microsoft Corporation.
Analyst’s Disclosure: I/we have no stock, option or similar derivative position in any of the companies mentioned, and no plans to initiate any such positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.
Not financial advice
Seeking Alpha’s Disclosure: Past performance is no guarantee of future results. No recommendation or advice is being given as to whether any investment is suitable for a particular investor. Any views or opinions expressed above may not reflect those of Seeking Alpha as a whole. Seeking Alpha is not a licensed securities dealer, broker or US investment adviser or investment bank. Our analysts are third party authors that include both professional investors and individual investors who may not be licensed or certified by any institute or regulatory body.