Analysis: Security firms facing shaky financials

No major security company has yet released official financial results for the second quarter of 2001, but thanks to earnings warnings from three of the key players, financials season in the security market has taken on a darker cast.

A pair of major players, however, remain on target according to analysts, and thus offer some hope that the general malaise other markets are experiencing won’t hit security too hard.

The last three weeks have seen Symantec Corp., maker of the Norton line of antivirus and utility products, restate its projected first quarter earnings, dropping them to between US$225 million and $235 million, down from the $255 million to $263 million the company previously expected.

Internet Security Systems Inc. (ISS), which sells intrusion detection systems and security services, changed its expected earnings to between $50 million and $52 million, down sharply from the previous $64 million to $67 million. The company also now says that it will lose between $0.02 and $0.00 per share, instead of a projected profit of $0.15 to $0.16 per share.

Additionally, Check Point Software Technologies Ltd., a leading VPN (virtual private network) company, said its quarterly revenue would be in the $140 million to $142 million range, below analyst estimates of $149.5 million.

Symantec and ISS blamed spending slowdowns, in consumer spending and the deferral of corporate purchases, respectively, for their dips. However, all the news over the next few weeks of financials won’t be bad, according to Israel Hernandez, senior research analyst in Internet security at Lehman Brothers Holdings Inc.

Two major firms, RSA Security Inc. and Corp., a subsidiary of Network Associates Inc., will announce their earnings next week. Neither has issued any earnings warnings and “(the lack of) pre-announcements suggests they are going to make their numbers,” said Hernandez, who covers RSA and Network Associates, as well as Check Point, ISS, Symantec and other companies.

“Warnings season is over,” he said. “I would expect everyone else (who hasn’t issued a warning) to fall into line.”

And that’s well and good for RSA, McAfee and the other vendors that will meet projections, but what of Symantec, Check Point, ISS and the other companies that won’t? Check Point’s first-quarter earnings were up 141 per cent from the same period in 2000, ISS’ were up 56 per cent and Symantec’s fourth quarter 2000 (the most recent quarter for which figures are available. Due to differing schedules, some companies report their earnings on different schedules) was up 15 percent. What happened?

The conventional wisdom says that all current financial problems, layoffs, earnings warnings, poor sales, can be blamed on “the slowing economy.” According to Steve Casey, director of investor relations at RSA, that’s largely true.

“The (economy) is the largest factor,” he said. “It’s a pretty tough selling environment out there.”

Casey was unable to comment on RSA’s upcoming financials due to U.S. Security and Exchange Commission regulations that mandate a “quiet period” before companies announce their results. McAfee officials declined comment for this story citing SEC regulations.

Security firms are hurt by the economic slowdown because “what most people seem to be saying is that security is still a strategic buy,” meaning that it is seen as an expense that doesn’t have to be incurred immediately.

Lehman’s Hernandez disagrees that security firms are peculiarly affected.

“It’s a bad time to be in business, period,” he said. “Security companies are facing the same challenges that other technology product and services vendors are facing: a slowing economy.”

However, “there are some base products that are fundamental to network security infrastructure and you’re not going to defer those,” including firewalls and antivirus software, he said.

Merrill Lynch & Co. Inc. infrastructure software analyst Mark Fernandes shares this view. Out of the 15 or so companies he follows, only three have offered earnings warnings, Fernandes said, while some of his colleagues have seen 65 per cent to 70 per cent of their companies release warnings.

Security companies don’t have it so bad, he said, as it’s “better than being a lot of other companies.”

“Everybody’s going through tough times. It’s a matter of perspective,” he added.

At a higher level, those tough times can be blamed on the economy, but they are also the result of changing market conditions and poor planning, according to both Casey and Hernandez.

In 2000, there were more startups, which led to more companies looking to buy security and networking equipment, according to Hernandez, but as venture capital money dried up, so too did those companies and the sales they represented.

The companies that banked on sales from those startups are feeling the pinch now, Casey said.

“It wouldn’t be all that hard to find examples of companies who built business models on what are now clearly unreasonable expectations,” he said.

Conditions may even worsen in the short-term, Hernandez said, citing an increasingly poor situation in Europe.

“Everyone’s just going to have to fight through it,” which might take a couple quarters, he said, noting that, “September (the third quarter) could be the worst.” He does expect a turnaround by late 2001 or early 2002.

“Things tend to change pretty quickly,” he said.

Despite the pace of change, “if you haven’t lived through this kind of situation before, it can come as a shock,” RSA’s Casey said.

But, for those that have lived through a cycle like this, this earnings season is just a bump on an otherwise profitable road.

“In a difficult environment,” Casey said, “companies tend to look to buy from long-term suppliers.”