Amid all of the focus on the generative artificial intelligence build-out, the coming initial public offering from SpaceX, and anticipated IPOs for OpenAI and Anthropic, cybersecurity companies are also in a sweet spot — and might offer a different area of focus for investors.
A screen of the cybersecurity space highlights several companies expected to grow their businesses rapidly over the next two years. Some of these companies trade at relatively attractive price/earnings or price/sales valuations when compared with those of the S&P 500 and its information technology sector.
For a screen of cybersecurity stocks, we began by putting together a list of companies held by three industry-focused exchange-traded funds.
The Amplify Cybersecurity ETF was established in November 2014. It has $2.3 billion in assets under management and holds 22 stocks as it tracks the ISE Cyber Security Select Index. The index is designed to provide exposure to the largest companies providing cybersecurity hardware, software and services. The fund’s largest holding is Broadcom, which makes up 7.5% of the portfolio. Its largest three holdings have a combined 22.2% weighting.
The First Trust Nasdaq Cybersecurity ETF was launched in July 2015 and has $12.4 billion in assets under management. It tracks the Nasdaq CTA Cybersecurity Index and holds 42 stocks. But it is more concentrated at the top. Its largest holding is CrowdStrike, which comprises 10.6% of the portfolio, and its top three holdings make up 29.7% of the fund.
The newest of these three ETFs is the Global X Cybersecurity ETF, which was established in October 2019 and now has $1.1 billion in assets. It holds 31 stocks to track the Indxx Cybersecurity Index. BUG’s largest holding is Fortinet, which makes up 7.5% of the portfolio, with its top three holdings having a combined 21.3% weighting.
The portfolios of all three ETFs are dominated by U.S. companies. The BUG ETF has the highest exposure outside the U.S., with companies in five other countries making up 21% of the fund. For the CIBR ETF, companies in seven countries outside the U.S. make up 11.6% of the portfolio, while for the HACK ETF, companies in Israel and Japan make up a combined 10.3% of the portfolio.
Morningstar analyst Malik Ahmed Khan told MarketWatch that it’s important to be selective when considering cyber ETF holdings.
He said cyber ETFs can provide exposure to some companies facing “severe headwinds,” but are included because they are in the cybersecurity business.
ETFs can “have a lot of junk — and by junk I mean cyber companies that are actually not very well competitively positioned, but they are pure plays,” Khan said.
Cybersecurity stock screen
Together, the three ETFs hold 55 stocks. For this forward-looking screen, we are looking at projected compound annual growth rates (CAGR) for the companies’ sales from 2026 through 2028.
The projections are based on consensus sales estimates for calendar years, as adjusted by LSEG for companies whose fiscal reporting periods don’t match the calendar.
We began by cutting the list to 43 companies covered by at least five analysts polled by LSEG and for which consensus sales estimates are available through 2028.
Among the 43 companies, these 15 have the highest projected sales CAGR from calendar 2026 through 2028. All are U.S.-based. More context for the data is below the table.
Company | Projected sales CAGR from 2026 through 2028 | Forward P/E | Forward price/sales | Held by |
Broadcom | 36.9% | 26.9 | 14.6 | HACK, CIBR |
Cloudflare | 27.1% | 154.3 | 23.9 | HACK, CIBR |
CrowdStrike Holdings | 22.3% | 122.6 | 26.4 | HACK, CIBR, BUG |
Arista Networks | 22.3% | 35.3 | 14.1 | CIBR |
Datadog | 22.0% | 80.6 | 16.1 | CIBR |
Rubrik | 20.8% | 208.4 | 8.0 | HACK, CIBR, BUG |
Netskope | 20.6% | N/A | 5.0 | BUG |
Telos | 20.5% | 25.0 | 1.7 | BUG |
Zscaler | 19.1% | 38.2 | 7.3 | HACK, CIBR, BUG |
Jfrog | 18.5% | 71.1 | 13.2 | CIBR |
Microsoft | 18.1% | 21.9 | 8.3 | CIBR |
Alphabet | 17.9% | 27.1 | 9.0 | CIBR |
SentinelOne | 17.2% | 46.3 | 4.8 | HACK, CIBR, BUG |
Varonis Systems | 17.1% | 129.8 | 4.5 | HACK, CIBR, BUG |
SailPoint | 17.0% | 43.8 | 6.4 | BUG |
Sources: LSEG, FactSet (For Netskope’s forward price/sales ratio only) | ||||
The table includes forward price/earnings ratios and forward price/sales ratios for the companies. These are based on consensus earnings per share or sales estimates among analysts polled by LSEG, except for Netskope, for which the forward price/sales ratio was provided by FactSet.
For Netskope, there is no forward P/E because the company is expected by analysts to post negative combined earnings over the next 12 months.
The projected sales CAGR compares with the weighted projected growth rates of 7.9% for the S&P 500 and 20.1% for the S&P 500 information technology sector.
For valuation comparisons, the S&P 500 trades at a forward P/E of 21.1, while the IT sector trades at a forward P/E of 24.3. The S&P 500 trades at a forward price/sales valuation of 3.3, while for the IT sector, this valuation is 7.8.
Among the list of 15 companies above, Microsoft stands out with the lowest forward P/E of 21.9.
Broadcom has the highest projected sales CAGR of 36.9% and may appear to be expensive at a forward price/sales ratio of 14.6. Then again, this stock’s forward P/E of 26.9 is not very high compared with those of the S&P 500 and the IT sector, considering the growth projections.
Telos is the only stock on the list with a lower forward price/sales ratio than that of the S&P 500. It is among six companies on the list, including Zscaler, that trade less expensively than the S&P 500 IT sector on this basis.
CrowdStrike, Palo Alto Networks, Fortinet and Zscaler stand out to him as the “big four” major cyber players to pay attention to, given that these companies have demonstrated competency across core cyber areas, be it endpoint, cloud, security operations, data security or identity.
“I think the correct way to think about it is all these businesses have a core competency which still brings in material cash flow,” Morningstar’s Khan said.
Truist Financial analyst Junaid Siddiqui told MarketWatch that, in the era of agentic artificial intelligence, the platform vendors building the best AI-defensible moats include CrowdStrike, Palo Alto Networks, Zscaler and Cloudflare.
He said data and identity security are becoming core focus areas in the age of agentic security, which he said will benefit other names, including Commvault Systems, Rubrik, Okta and SailPoint.
“As agentic AI evolves, the need to secure those autonomous agents becomes increasingly mission-critical,” he said.