Other cyber-security vendors can learn from the success of CrowdStrike, Okta and Zscaler
Listen to or download the associated podcast
The revenue of the vast majority of major, publicly traded cyber-security vendors continued to increase year-on-year in 2020. In this article, we explore the trends in the financial and operational metrics of the cyber-security vendors that have grown their revenue the fastest. They all have high net revenue retention rates (that is, they are highly successful at upselling), have made acquisitions to address missing capabilities and target segments of the cyber-security market that are rapidly expanding.
The data presented here is also available in Analysys Mason’s Cyber-security vendors’ revenue tracker.
CrowdStrike’s revenue continues to grow much more quickly than that of any other major cyber-security vendor
CrowdStrike’s annual revenue grew from USD119 million in 2017 to USD874 million in 2020 (Figure 1). To put that into perspective, the annual revenue of FireEye (one of CrowdStrike’s top competitors) increased from USD780 million to USD941 million during the same period and Trend Micro (another competitor, with a significantly longer standing in the endpoint security space than CrowdStrike) increased its enterprise revenue from USD977 million to USD1246 million.
Figure 1: Annual revenue of FireEye plus the four vendors with the highest 2020 year-on-year revenue growth rates in Analysys Mason’s Cyber-security vendors’ revenue tracker, worldwide, 2017 and 20201
Source: Analysys Mason, 2021
CrowdStrike’s sustained strong revenue growth was supported by significant investment in sales and marketing (S&M) activities, the expansion of its product portfolio and a high level of customer satisfaction (the vendor’s trailing 12 months (TTM) dollar-based net retention rate was 125–131% throughout 2020).2
The vendor’s S&M efforts, which were focused on growing its partner network, resulted in an increasing share of sales being sourced through channel partners (75% in 2020 compared to 69% in 2019). Its partnership with AWS, which began in 2018, is also showing strong signs of success. CrowdStrike’s annual recurring revenue (ARR) transacted through the AWS Marketplace surpassed USD50 million in 4Q 2020 and grew by 650% year-on-year in 2020.
The modularity of CrowdStrike’s Falcon security cloud is another reason behind its success; additional modules (or products) are easy to purchase after the initial sale because they are all part of the same platform. CrowdStrike offers existing customers free trials of modules that they are not currently using to entice them into spending more.
CrowdStrike has also made the following three acquisitions.
- Payload Security, a small malware analysis specialist, in November 2017.
- Preempt Security, an identity behaviour data specialist, in September 2020 for USD91 million.
- Humio, a cloud log management specialist, in March 2021 for USD400 million. CrowdStrike has since launched a new module (product) based on Humio’s capabilities.
Okta and Zscaler are also growing their revenue rapidly
Okta and Zscaler both achieved revenue growth rates of over 40% year-on-year in 2020. These rates were lower than CrowdStrike’s (Figure 2), but were still among the highest in the industry. Okta, Zscaler and CrowdStrike all focus on different segments of the cyber-security market: CrowdStrike is an endpoint and cloud workload security specialist, Okta provides identity and access management products and Zscaler is best-known for its secure web gateway solutions.
Figure 2: Selected financial and operational metrics for CrowdStrike, Okta and Zscaler, year ending 31 January 2021
|Revenue||USD874 million (+82% year-on-year)||USD835 million (+44% year-on-year)||USD536 million (+49% year-on-year)|
|R&D expenditure (as a percentage of revenue)||USD215 million (25%)||USD223 million (27%)||USD134 million (25%)|
|S&M expenditure (as a percentage of revenue)||USD401 million (46%)||USD427 million (51%)||USD364 million (68%)|
|Net profit (loss)||(USD93 million)||(USD266 million)||(USD191 million)|
|Accumulated deficit||USD730 million||USD967 million||USD462 million|
Source: Analysys Mason, 2021
Okta’s strong focus on upselling is a key reason behind its high revenue growth rate. Its TTM dollar-based net retention rate was 121–123% throughout 2020 and has consistently been around 120% for the last 3 years. Conversely, the TTM dollar-based net retention rate of its competitor Ping Identity fell from 115% at the end of 2019 to 108% at the end of 2020. Okta’s strong revenue growth was also supported by the vendor’s acquisitions of Stormpath in 2017, ScaleFT in 2018 and Azuqua in 2019; its total spend on these acquisitions was USD64 million.
Similarly to CrowdStrike, Zscaler has a modular approach to its offering and a ‘map’ of how to drive the customer take-up of additional solutions. Customer satisfaction is key to turning this strategy into a success. Zscaler claimed a net promoter score (NPS) of +76 at the end of 2020, and its TTM dollar-based net retention rate was 122% in December 2020. Other drivers of its revenue growth include a strong focus on growing the portion of sales that are partner-sourced, technical alliances with Microsoft, AWS and CrowdStrike and making acquisitions to address missing capabilities. The vendor acquired four companies in 2018–2020, and spent a total of USD54 million on doing so.
Others can learn from the success of these vendors
CrowdStrike, Zscaler and Okta all compete in different markets, but they have a number of things in common.
- They all have industry-leading dollar-based net retention rates. This indicates that they are well-versed in upselling to existing customers, which suggests that customers are satisfied with their solutions.
- They are all actively making acquisitions. All three companies have acquired technologies that have enabled them to expand their market shares and/or addressable markets.
- They are all addressing segments of the cyber-security market that are rapidly growing (or where there is a strong appetite for the replacement of legacy solutions).
Other vendors seeking to grow their revenue (or customer bases) rapidly should take note of these vendors’ strategies.
1 The data for FireEye and Cloudflare is based on calendar years. For CrowdStrike, Okta and Zscaler, the 2017 data is for February 2017–February 2018 and 2020 data is for February 2020–February 2021.
2 The trailing 12 months (TTM) dollar-based net retention rate compares a vendor’s annual recurring revenue from a set of subscription customers against the same figure for those subscription customers from the prior year. This metric reflects customer renewals, expansion, contraction and churn, and is usually reported quarterly.
Operators in the Middle East and North Africa should grow their security portfolios to boost cross-selling
SentinelOne: cyber security
Approaches to providing security services to the mid-market: operator case studies in the Middle East