Analysis
With the cloud blocking its horizon, Check Point is facing its moment of truth
Under Gil Shwed's conservative leadership, the Israeli cybersecurity giant didn't capitalize fast enough on the cloud, leaving it to face some hard decisions
Unlike Teva, the big threat on Check Point isn't that its patents will expire, or the fact that a firewall has become a basic commodity. The big threat on Check Point’s horizon is the cloud.
On the face of it, Check Point is in a dream position, registering revenue of $2 billion in 2020 with a profit of $846 million. However, those results are very similar to what the company registered in 2019, and more worryingly, the results in 2021 are also expected to be the same. And this while the global cybersecurity market is exploding, with demand rising and small and big companies reporting accelerated growth and seeing their valuations surge dramatically.
It is enough to look at two press releases published yesterday by Israeli tech companies to understand Teva's predicament. Snyk, which announced that it had raised $300 million at a $4.7 valuation, quadrupling its valuation since the start of 2020, and Aqua Security, which completed a $135 million raise to cross the $1 billion valuation mark. Both of these companies were founded just five years ago. Check Point, on the other hand, seems stuck, seeing its shares rise by 23% over the past year while many of its publicly traded rivals saw their value double and even triple. Check Point is at a market cap of around $16 billion, half of that of Palo Alto, for example.
But this isn't another article about how former Check Point employee and Palo Alto founder Nir Zuk has succeeded in lapping his former employer. If the success of Palo Alto was the entire story, Check Point's situation wouldn't be all that worrying. Unfortunately, Check Point finds itself in a very similar situation to that of Teva in 2014.
It is no secret that the management didn't recognize the tectonic shift that was approaching with the advance of the cloud when it comes to security needs, a shift that was dramatically accelerated during the Covid-19 pandemic and with the move to remote work.
Just like Teva when it saw the expiry of Copaxone's patent approaching, Check Point also identified the threat. The two companies reacted differently though, only to ironocally end up registering similar results. Teva used the vast cash reserves it had accumulated in order to make numerous acquisitions, the biggest of which was buying the generics arm of rival Allergan for $40 billion. Check Point, courtesy of the super conservative Shwed, has used a different approach, making small acquisitions, too small in many experts’ opinion. The bottom line has been the same though, with the company still in search of a new growth engine.
Check Point has made four acquisitions of cloud companies to date, all of them of Israeli startups. It purchased Odo Security in September 2020, following up on the acquisitions of DOME 9 at the end of 2018 and Protego and ForceNock. In all these cases, the deals were relatively small, especially when considering that Check Point had $4 billion in cash as of the end of 2020.
Check Point prides itself in that 700 of its 5,400 employees are focused on cloud development and its 2020 results revealed a 54% increase in the company's income from cloud related products. However, Check Point refused to reveal how high the actual income was, with estimations placing it well below $100 million per year, which is less than 5% of the company's revenue.
"Check Point realized too late that the future is in the cloud and even after they understood this they weren't aggressive enough in making the move," a senior cybersecurity executive told Calcalist. "They should have thrown everything into the cloud. A classic firewall has become redundant for any new company or any company that has made the shift to the cloud."
Check Point's VPN product used to log in remotely is also already considered to be outdated, with companies moving to SASE (Secure Access Service Edge). According to leading research and advisory company Gertner, 40% of companies will be using this system to help their employees log in remotely by 2024.
"It is true that Check Point still has a lot of clients, high revenue, rare profitability and tons of money in the bank, but it doesn't have any market-leading product. A new company being founded today wouldn't be buying anything from Check Point. It is sad to see a company that basically invented cybersecurity in a situation like this," said another senior cybersecurity executive.
Beyond its almost obsessive hoarding of cash and abstinence from making significant acquisitions, Check Point's lack of investment in R&D over recent years is another glaring issue. The company doesn't spend more than 10% of its income on research and development, while even veteran giants like Google and Amazon allocate sums closer to 15% of their revenue.
But Check Point's biggest problem isn't the absolute numbers, but rather the percentages. Check Point is currently being traded at a humble multiplier of times eight of its expected revenue in 2021 and times 19 on its expected profit. In comparison, unprofitable growth companies like Zscaler and CrowdStrike are being traded at a multiplier over 30 times their income, while companies like Facebook and Amazon are traded at multipliers of over 20 times their profit.
The investors may have been inclined to change their view of Check Point had it admitted that it is no longer a growth company and started handing out dividends. But in the meantime, Check Point continues to insist that it is a growth company that will continue to make acquisitions and is simply at a stage in which it is moving from the old license model to receiving income for services and maintenance in the SaaS model. Subscriptions already make up a third of Check Point's revenue, but the market has still not priced in that change.
Finally, it is time to address the elephant in the room - Gil Shwed. Very few tech companies have managed to reach a significant size while still being headed by the entrepreneur who launched them. In most cases, once a startup reaches significant sales, the shareholders place pressure to bring in a professional manager.
Shwed has proven that he is not only an entrepreneur who invented an entire market, but that he is also a talented manager. Nevertheless, when discussing Check Point being over-conservative, which is what may have led to its late adoption of the cloud, Shwed's name comes up as the main culprit. It is very understandable that he is having a hard time accepting that his baby is no longer the most innovative company in the sector and that investors prefer adventurousness over conservativeness.
Check Point faces three main alternatives: making a bold a dangerous move with a significant acquisition that will make it a bigger player in the cloud sector; admitting that is it no longer a growth company and beginning to hand out dividends that will enable it to be priced on that premise; and the toughest alternative - bringing in a new CEO who has no lingering sentiment in regards to the firewall and a fresh view of the company's assets to take it back on the road to growth.