Zscaler (ZS) stock today fell 14% in sympathy with the 28% plunge in shares of cybersecurity competitor Palo Alto Networks (PANW), which lowered guidance and said a shift in its go-to-market strategy would weigh on revenue and billings growth over the next 12 to 18 months.
Recently trading around $214, Zscaler stock is still up 11% since the company in late November reported that fiscal Q1 (Oct.) revenue advanced 40%, double Palo Alto’s top-line growth rate in the comparable quarter. Zscaler will release FQ2 (Jan.) results on February 29.
In FQ1, Zscaler’s revenue of $496.7 million topped the consensus estimate by 4.9%. Billings grew 34% to $456.6 million, above the consensus of $442 million. Deferred revenue of $1.399 billion rose 39%. Total RPO was up 30% to $3.5 billion. Dollar-based net retention of 120% was off just 100 basis points from the previous quarter.
Zscaler continues to attract large organizations, which are often consolidating multiple point solutions onto its platform. In FQ1, the total number of customers with annual recurring revenue (ARR) of more than $100k rose 22% to 2,708. There are 468 customers with ARR above $1 million, up 34% from the year-ago level.
Zscaler in FQ1 saw strong new logo wins, with 14 coming in via large deals with more than $1 million in ARR. There was healthy platform adoption—nearly half of new logo customers bought all three of the company’s core products (ZIA, ZPA and ZDX), raising the average deal size. In addition, the federal vertical contributed record new annual contract value (ACV).
For FQ2, Zscaler expects revenue of $505 million to $507 million (growth of 30% to 31%), with EPS of 57 cents to 58 cents. The FY’24 (July) revenue outlook of $2.09 billion to $2.10 billion represents growth of 29% to 30%. Billings growth for this fiscal year is expected to come in at 24% to 26%.
Zscaler in November announced that it hired Mike Rich from ServiceNow (NOW) as its new chief revenue officer and president of global sales. Rich was at ServiceNow for more than 12 years; his most recent role was president of the Americas region for nearly three years.
Given this sales leadership change, Zscaler management on the FQ1 earnings call said it was “prudent” in its guidance assumptions (including being a “little more conservative” with deal close rates for the January quarter), which is why the FY’24 billings forecast wasn’t lifted from the initial outlook given in September.
A few cybersecurity tailwinds are helping to power Zscaler’s growth—including ongoing cloud migrations, security modernization, adoption of Zero Trust principles, an increasingly distributed global workforce and the rapid rise in targeted breaches.
Citi recently raised its Zscaler price target to $265 from $235 based on the company’s strong positioning in Zero Trust and long-term growth potential. Stifel upped its target to $270 from $240, saying it believes Zscaler can deliver 25% to 30%+ revenue growth in the coming years, calling out the large market opportunity and several expansion drivers (including new logo wins and new products).
Zscaler argues that it can stop ransomware attacks from propagating due to its cloud-delivered approach that directly connects users with applications, minimizing the attack surface, says Stifel. Across the current challenging threat landscape, more organizations are realizing that legacy security methods are no longer sufficient to protect against cyberattacks. Stifel sees this as a major force behind the healthy demand environment experienced by Zscaler.
Last year, the average cost of a data breach was $4.45 million, according to a study conducted by IBM and the Ponemon Institute. The cybersecurity landscape is expected to get even more hostile over the near-term, as attackers become more sophisticated.
Macquarie predicts a continued expansion in the cost of data breaches, especially when it comes to ransomware demands, as criminal groups increasingly coordinate their cyberattacks and begin to standardize ransom amounts based on the victim’s business profile and revenue. In the IBM study, the positive takeaway for Zscaler is that a majority of organizations hit by data breaches said they plan to boost their security investments to try to prevent damage in the future.
The top areas identified for additional investment include incident response planning/testing, employee security awareness training, threat detection and response automation. Security AI and automation are important investments in terms of reducing costs and minimizing the time needed to identify and contain breaches.
Macquarie points out that a massive cyberattack could put critical infrastructure at risk, resulting in a real-world economic impact. The firm thinks nations and infrastructure operators will need to fully assess their vulnerabilities and invest throughout this year to address cybersecurity risks.
In FQ1, Zscaler reported that new ACV in the federal sector rose more than 90% compared to a year ago. On the FQ1 call, Zscaler management said the company is seeing larger federal deals, as multiple U.S. agencies standardize on its platform to fully comply with the executive order to adopt Zero Trust security.
Zscaler in the October quarter closed four U.S. federal deals with more than $1 million in ACV. The company has already landed 12 of the 15 cabinet-level agencies as customers and is now driving user expansion deals across these agencies and cross-selling more products.
The SEC’s new data breach reporting requirements are another tailwind for Zscaler. As of December 2023, the SEC requires companies to disclose “material” cybersecurity incidents in “timely” 8-K filings. Businesses are required to file the 8-K within four business days after they determine that an incident was significant. Security vendors that can provide real-time analytics and risk visibility will be the ones most favored by organizations, says Macquarie.
Zscaler’s new Risk360 service deploys AI and machine learning technology to quantify and visualize cyber risk. The service appeals to CISOs because it offers a comprehensive single dashboard that provides a holistic view of security risks. With recent enhancements to Risk360, the service now enables users to download cybersecurity maturity assessments that are powered by Zscaler’s generative AI, which includes custom LLMs that were developed in-house.