Three Stocks Poised for Growth Within the Cybersecurity Industry

This week, we use AAII’s A+ Investor Stock Grades to provide insight into three cybersecurity stocks that have benefited from investments in the industry. For investors focused on opportunities in this industry, should you consider these three cybersecurity stocks of NortonLifeLock Inc., Qualys Inc. and Zscaler Inc.?

Cybersecurity Stocks Recent News

Cybersecurity is an industry that has only grown in relevance in the last five years. As attacks on American cyberspace from foreign outlets such as China and Russia have continued, staying protected from identity theft and other attacks is crucial. Regardless of whether you are an individual or firm, it is important to secure your data.

Cybersecurity can be described as the collective methods, technologies and processes to help protect the confidentiality, integrity and availability of computer systems, networks and data against cyber-attacks or unauthorized access. The main purpose of cybersecurity is to protect all organizational assets from both external and internal threats as well as from disruptions caused due to natural disasters. Given the rapidly evolving landscape and the ever-increasing adoption of software across various sectors including finance, government, military, retail, hospitals, education, energy to name a few, more and more sensitive information is becoming digitized and accessible through wireless and wired digital communication networks and across the omnipresent internet. All this highly sensitive information is of a great value to criminals and evil doers, which is why it is important to protect it using strong cybersecurity measures and processes. The importance of good cybersecurity strategies is evident in the recent high-profile security breaches of organizations such as Equifax, Yahoo and the U.S. Securities and Exchange Commission (SEC), which lost extremely sensitive user information that caused irreparable damage to both their finances and reputation.

Cybersecurity stocks could see more upside due to two factors: the increased persistence of ransomware attacks and recent vulnerabilities detected in Log4j, software used to record activities under a wide range of computer systems. The threat from ransomware attacks continues as online extortion potentially costing millions of dollars besieges corporate America. Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or an entire computer system, typically through encryption, until the victim pays a ransom fee to the attacker. Due to the prevalence of these attacks, cybersecurity stocks have had a solid 2021 as client companies upped spending to fend off evolving online threats. The coronavirus pandemic expanded the cybersecurity battleground as companies shifted to remote work, opening new alleys for hackers.

Mike Sentonas, chief technology officer at CrowdStrike Holdings, noted that in the past, ransomware was commonly implemented on personal computers. The hackers targets have shifted from individuals to corporations. He stated, “Now, we see criminal groups targeting large businesses, governments and there are examples of ransomware demands of well over $10 million. They’re becoming much more brazen because a lot of money is being made. And there’s a huge ecosystem now. You’ve got criminal groups that build a platform, rent it out and take a percentage of the profits.”

Log4j records events — errors and routine system operations — and communicates diagnostic messages about them to system administrators and users. It is an open-source software provided by the Apache Software Foundation. A common example of Log4j at work is when you type in or click on a bad web link and get a 404 error message. The web server running the domain of the link you tried to get to tells you that there’s no such webpage. It also records that event in a log for the server’s system administrators using Log4j. The associated vulnerability, Log4Shell, has been deemed a serious threat in exploiting computer systems.

Log4Shell works by abusing a feature in Log4j that allows users to specify custom code for formatting a log message. This feature allows Log4j to, for example, log not only the username associated with each attempt to log in to the server but also the person’s real name, if a separate server holds a directory linking usernames and real names. Unfortunately, this kind of code can be used for more than just formatting log messages. Log4j allows third-party servers to submit software code that can perform all kinds of actions on the targeted computer. This opens the door for nefarious activities such as stealing sensitive information, taking control of the targeted system and slipping malicious content to other users communicating with the affected server.

One of the major concerns about Log4Shell is Log4j’s position in the software ecosystem. Logging is a fundamental feature of most software, which makes Log4j very widespread. In addition to its use by popular games like Minecraft, it’s used in cloud services like Apple iCloud and Amazon Web Services, as well as a wide range of programs from software development tools to security tools. This means hackers have a large menu of targets to choose from: home users, service providers, source code developers and even security researchers. So, while big companies like Amazon can quickly patch their web services to prevent hackers from exploiting them, there are many more organizations and individuals that will take longer to patch their systems, and some that might not even know they need to.

Overall, these problems are not the worst to come as hackers create new avenues for exploiting and harming the masses. Cybersecurity stocks are poised for growth due to their popularity among investors and the continued issues arising that will need prevention. However, having a keen eye and using safe practices can prevent such instances. Some of the best practices to prevent a breach include conducting cybersecurity training and awareness, performing risk assessments, enforcing secure password storage and policies, backing up data, encrypting data-at-rest and data-in-transit and designing software with security in mind. It is best to ask whether or not you feel comfortable with your security, and if the answer is no, consider finding a software that best fits your needs.

Grading Cybersecurity Stocks With AAII’s A+ Stock Grades

When analyzing a company, it is useful to have an objective framework that allows you to compare companies in the same way. This is one reason why AAII created the A+ Stock Grades, which evaluate companies across five factors that have been shown to identify market-beating stocks in the long run: value, growth, momentum, earnings estimate revisions (and surprises) and quality.

Using AAII’s A+ Stock Grades, the following table summarizes the attractiveness of three cybersecurity stocks — NortonLifeLock, Qualys and Zscaler — based on their fundamentals.

AAII’s A+ Stock Grade Summary for Three Cybersecurity Stocks

What the A+ Stock Grades Reveal

NortonLifeLock Inc. (NLOK) sells cybersecurity and identity protection for individual consumers through its Norton antivirus and LifeLock brands. The company helps customers protect their devices, online privacy, identity and home networks from cybercrime. The company is focused on selling subscription-based cyber safety solutions primarily direct-to-consumer through Norton and Avira websites and indirectly through partner relationships with retailers, telecom service providers and hardware original equipment manufacturers (OEMs). The company’s products include Norton 360 Security offerings, Norton Security, Norton Secure virtual private network (VPN), Avira Security, and other consumer security solutions. It also offers protection products, including Norton 360 with LifeLock offerings, LifeLock identity theft protection and other information protection solutions. The company divested the Symantec enterprise security business to Broadcom in 2019. The Arizona-based company was founded in 1982, went public in 1989, and sells its solutions worldwide.

NortonLifeLock has a Value Grade of C, based on its Value Score of 46, which is considered to be average. The company’s Value Score ranking is based on several traditional valuation metrics. The company has a score of 58 for the price-to-free-cash-flow ratio, 14 for shareholder yield and 49 for the price-earnings ratio (remember, the lower the score the better for value). Successful stock investing involves buying low and selling high, so stock valuation is an important consideration for stock selection.

The Value Grade is the percentile rank of the average of the percentile ranks of the valuation metrics mentioned above along with the enterprise-value-to-EBITDA, price-to-sales and price-to-book ratios.

The company has average Growth and Momentum Grades of C and has a current dividend yield of 1.9%.

Qualys Inc. (QLYS) is a provider of cloud-based security and compliance solutions to enterprises, government entities and small- and medium-sized businesses. The firm’s solutions are delivered through the Qualys Cloud Platform and provide security intelligence by automating the life cycle of information technology (IT) asset discovery, security assessment and compliance management. Its solutions enable customers to collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities and recommend actions. The company derives revenue from subscriptions to its cloud-based solutions, typically on an annual basis. A large majority of the firm’s revenue is generated in the U.S.

A higher-quality stock possesses traits associated with upside potential and reduced downside risk. Backtesting of the quality grade shows that stocks with higher quality grades, on average, outperformed stocks with lower grades over the period from 1998 through 2019.

Qualys has a Quality Grade of A with a score of 95. The A+ Quality Grade is the percentile rank of the average of the percentile ranks of return on assets (ROA), return on invested capital (ROIC), gross profit to assets, buyback yield, change in total liabilities to assets, accruals to assets, Z double prime bankruptcy risk (Z) score and F-Score. The score is variable, meaning it can consider all eight measures or, should any of the eight measures not be valid, the valid remaining measures. To be assigned a quality score, though, stocks must have a valid (non-null) measure and corresponding ranking for at least four of the eight quality measures.

The company ranks strongly in terms of its return on assets (ROA) and buyback yield, ranking in the 85th percentile of all U.S.-listed stocks for both. However, it ranks poorly in terms of its change in total liabilities to assets, in the 39th percentile.

Earnings estimate revisions offer an indication of what analysts are thinking about the short-term prospects of a firm. The company has an Earnings Estimate Revisions Grade of B, which is considered positive. The grade is based on the statistical significance of its last two quarterly earnings surprises and the percentage change in its consensus estimate for the current fiscal year over the past month and past three months.

The company reported a positive earnings surprise last quarter of 8.7%, and two quarters ago reported a positive earnings surprise of 16.3%. Over the last month, the consensus earnings estimate for the full year 2021 has increased to $3.176 per share based on 12 upward revisions. For the fourth quarter of 2021, the current I/B/E/S consensus earnings estimate of $0.796 per share has increased from $0.735 per share three months ago based on 11 upward revisions.

Qualys has a Momentum Grade of B based on its Momentum Score of 68, and a strong Growth Grade of B. The company does not currently pay a dividend.

Zscaler Inc. (ZS) is focused on providing a cloud security platform that is designed on a zero-trust architecture. The company’s architecture is designed to allow users and devices to safely access authorized applications and services in the cloud using the internet as the preferred connectivity medium. Zscaler’s security and user experience solutions are purpose-built on a multi-tenant, distributed cloud exchange that secures access for users and devices to applications and services, regardless of location. The company delivers its solutions using a software-as-a-service (SaaS) business model and sells subscriptions to customers to access its cloud platform, together with related support services. The firm focuses on large enterprise customers and offers two primary product suites: Zscaler Internet Access, which securely connects users to externally managed application and websites (such as Salesforce and Google), and Zscaler Private Access, which securely connects users to internally managed applications. Both product suites encompass a broad range of capabilities situated across the traditional security stack. The third product suite, Zscaler Digital Experience, is a cloud-native service, part of the world’s largest security cloud that analyzes, troubleshoots, and resolves user experience issues.

Zscaler has an A+ Growth Grade of B. The growth grade considers both the near- and longer-term historical growth in revenue, earnings per share and operating cash flow. The company reported fiscal first-quarter 2022 revenues of $231 million, up nearly 62% from $143 million in the year-ago quarter. The company reported quarterly diluted earnings per share of $0.14, remaining constant year over year. The company reported a non-GAAP operating income of $24 million, up 20% compared to the prior-year quarter.

Zscaler has a Momentum Grade of A, based on its Momentum Score of 84. This means that it ranks in the top tier of all stocks in terms of its weighted relative strength over the last four quarters. The weighted four-quarter relative strength rank is the relative price change for each of the past four quarters.

The company has an ultra expensive Value Grade of F and a Quality Grade of C, based on respective scores of 97 and 49. Zscaler does not currently pay a dividend.


The stocks meeting the criteria of the approach do not represent a “recommended” or “buy” list. It is important to perform due diligence.

If you want an edge throughout this market volatility, become an AAII member.



American Association of Individual Investors

Since inception in 1978, the nonprofit AAII has helped over 2 million individuals build their investment wealth through programs of education and publications.