Palo Alto Networks said its revenue grew 20% during the first quarter of the company’s 2024 fiscal year as businesses grapple with escalating cyberthreats, coupled with related regulatory and legal risks.
The Santa Clara, California-based cybersecurity company’s total revenues increased to $1.9 billion during the quarter, compared with $1.6 billion in the year-earlier period, according to results released Wednesday.
"An unprecedented level of attacks is fueling strong demand in the cybersecurity market," Palo Alto CEO Nikesh Arora said in a press release.
Despite Palo Alto’s strong quarter, concerns about its outlook weighed on the company’s shares in after-hours trading on Wednesday, the Wall Street Journal reported. The company lowered its full-year guidance for total billings to between $10.7 billion and $10.8 billion, from a prior range of $10.9 billion and $11 billion, the publication noted.
In a Wednesday interview with CNBC’s Jim Cramer, Arora downplayed the billings guidance, while acknowledging that it “marginally spooked” the market. He doubled down on his press release comments, saying cybersecurity attacks are driving “tremendous” customer demand.
The global average cost of a data breach between March 2022 and March 2023 was $4.45 million, a 15% increase over three years and an all-time high, according to a report published by IBM in July. Detection and escalation costs jumped 42% during the same period, representing the highest portion of breach costs, and indicating a shift towards more complex breach probes, the research found.
Destructive attacks that left systems inoperable accounted for one out of every four attacks, and another 24% involved ransomware, which involves a criminal’s use of malicious software to prevent companies from accessing their own computer files, systems or networks until a ransom is paid. Such attacks can also involve a threat to leak sensitive data to the public internet.
In one incident observed by Palo Alto Networks, bad actors extracted 2.4 terabytes of data in just 14 hours, Arora said during an earnings call on Wednesday.
“Ransomware attacks are increasing in frequency and severity,” he said, adding that adversaries may be leveraging generative artificial intelligence as a tool to make attacks more sophisticated in some cases.
This year is shaping up to be one of the most lucrative years on record for ransomware organizations as they focus on bigger targets amid shifting cybercrime market forces, according to cyber risk management company Resilience, as previously reported by CFO Dive.
Ransomware purveyors extorted a record $939.9 million in 2021, according to blockchain analysis firm Chainalysis. After a lull in 2022, big game hunting — the targeting of large, deep-pocketed organizations — seems to have bounced back, the firm reported in July.
Raising the stakes for C-suite executives, federal agencies such as the Securities and Exchange Commission have ramped up cybersecurity enforcement actions against companies.
Last month, the SEC sued Austin, Texas-based SolarWinds and its chief information security officer, accusing them of defrauding investors by mischaracterizing cybersecurity practices that were in place at the company leading up to a major breach discovered in December 2020. The company’s CFO was previously put on notice that he could face charges but was not named in the suit as a defendant.
Meanwhile, over the summer, the SEC adopted new rules requiring public companies to disclose “material cybersecurity incidents” to the agency within four days of determining that such a breach has occurred.
While the new rules went into effect in September, the SEC has set compliance dates that are scheduled to come later. All covered entities other than smaller reporting businesses are required to comply with the new breach disclosure requirements starting on Dec. 18. Smaller reporting companies will be subject to these mandates as of June 5 of next year.
The current trends have resulted in “a continued focus across organizations on understanding security posture, cybersecurity risk and how to mitigate this risk effectively,” Arora said during the Wednesday earnings call. “This increasingly involves not only the CISO but the entire IT organization, legal, finance and the CEO and the full board of directors.”
Still, the cybersecurity industry hasn’t been immune from macroeconominc pressures.
Cybersecurity spending grew at a slower pace this year amid inflation and recessionary fears, according to a September report from IANS Research and Artico Search, as previously reported by CFO Dive. Companies increased their cybersecurity spending by 6% on average this year, a significant drop from the previous budget cycle’s 17% rise.
“CFOs are scrutinizing deals, which means you have to be better prepared to answer their question and show the business value that you bring to them with your cybersecurity products,” Arora said during an August earnings call.