Business is booming in the cyber security world and Wall Street loves it.
Just look at how investors are gobbling up shares of Rapid7 (, the latest company to cash in on the breach bonanza by selling its shares to the public. )
Shares of Rapid7 spiked 67% on Friday morning as the next-generation cyber company debuted on the Nasdaq under the ticker symbol “RPD.”
The Boston company raised $ 103 million Thursday evening after pricing its initial public offering at $ 16 a share. That was above the expected range of $ 13 to $ 15, signaling strong demand from investors.
The IPO values the company — which has never turned a profit — at $ 605 million. At its intraday peak of $ 27.45, Wall Street was valuing Rapid7 at just over $ 1 billion.
“Investors see the fundamentals: Cybersecurity is a big, unsolved problem for society,” Corey Thomas, CEO of Rapid7, told CNNMoney.
More hacks = more $ $ : Investors are betting Rapid7 and other innovative cyber companies will continue to rake in lucrative contracts from corporate America as CEOs grapple with the increasingly-scary threat from hackers.
Major cyber attacks on Target (, )Home Depot (, Sony, )JPMorgan Chase ( and )even the federal government have heightened concerns about digital security. The latest apparent breach came on Friday when CVS ( took down its online photo center and issued a warning that customer credit card data may have been breached. )
Lots of cyber IPOs: Rapid7 is the first cyber company to go public in 2015, joining rivals that have debuted in recent years, including CyberArk (, )Barracuda Networks (, )FireEye ( and )Palo Alto Networks (. CyberArk is the best example of how hot this space is, with its shares tripling since its )September IPO.
In fact, there are now enough publicly-traded cyber companies that there are two different cyber ETFs, or exchange-traded funds: PureFunds ISE Cyber Security ETF ( and the )First Trust Nasdaq CEA Cybersecurity ETF (. The former, which )launched last year under the ticker symbol “HACK,” ironically rang the opening bell the day after the New York Stock Exchange was hit by a technical glitch. The NYSE outage immediately sparked fears of a cyber attack. (NYSE said the outage was not caused by hackers.)
“People love the fast-growing enterprise security companies. In general, the area has been white hot,” said Kathleen Smith, a principal at Renaissance Capital, which is a manager of IPO exchange-traded funds, or ETFs.
Fierce competition: While betting on cyber security is smart, it’s not without risk. Competition is stiff and companies need to spend heavily on research and development to stay ahead of the pack — and ahead of the hackers.
Shares of Barracuda, which went public in late 2013, have tumbled 16% this year amid a slowdown in gross billings. That is a red flag that future demand for its cyber products may be waning.
“Every time there is a new attack, companies are looking around to get the best and latest thing. You have to have a leading product in this area,” Smith said.
Next-generation security: That’s exactly what Rapid7 claims to have. The company has signed up nearly 4,000 customers — including 30% of the Fortune 1,000 — by trumpeting its next-generation security model. Instead of just protecting against hacks, Rapid7 and other cyber companies are taking a proactive, analytics-driven approach that focuses heavily on data.
It’s an area companies are deploying more and more cash into. By 2020, an estimated 60% of corporate security budgets will be spent on cyber approaches that emphasize rapid detection and response, according to a Gartner study cited by Rapid7.
Rapid7 is slow to generate a profit: While its cutting-edge technology is boosting revenue, Rapid7 has yet to generate a profit. The company is burning through its cash by spending heavily on R&D, marketing and now expenses tied to its IPO.
Thomas declined to specify when Rapid7 will turn a profit, though he did say management is committed to creating a “sustainable company.”
“As we help more and more customers, that will lead to a path of profitability in time,” he said.
Smith said it’s safe to assume there won’t be earnings for several years — and that’s something investors should worry about.
“These companies that do not have earnings can be vulnerable,” Smith said.
For now, investors are focusing way more on how vulnerable companies are that don’t have sophisticated cyber protection like Rapid7’s.