Valuation metrics often reveal uncomfortable truths hidden beneath popular narratives. In the case of cybersecurity stocks, few tools are as sobering as the Shiller P/E ratio—also known as the cyclically adjusted price-to-earnings ratio (CAPE). Designed to smooth out corporate earnings over a ten-year period and adjust for inflation, this metric is less sensitive to short-term earnings swings, giving a more grounded sense of long-term value. And right now, it’s flashing a warning for many high-flying cybersecurity names.
Take the broader context first. The S&P 500’s current Shiller P/E is hovering around 38, a figure well above its historical average of 17. That already suggests a richly priced market, one that bakes in unusually optimistic expectations about future earnings growth. Against this backdrop, many technology stocks look expensive. Cybersecurity stocks, however, take it a step further—trading at even more aggressive multiples, driven by the sector’s promise of relentless demand in a world defined by digital risk.
Let’s begin with CrowdStrike Holdings (CRWD), a market darling and one of the most widely held cybersecurity equities. Known for its cloud-native Falcon platform, which uses artificial intelligence to detect threats in real-time, CrowdStrike has ridden the wave of zero-trust architecture and remote work acceleration. Yet from a valuation standpoint, it stands on fragile ground. CrowdStrike’s trailing twelve-month P/E ratio has soared past 400 in recent quarters, and while forward estimates bring it closer to the 50–60 range, the Shiller P/E—which accounts for inflation-adjusted earnings over the last decade—remains astronomical. That’s not surprising given the company’s relative youth, but it does mean investors are anchoring their expectations not to historical performance but to a future that must materialize with surgical precision.
On the other end of the spectrum lies Check Point Software Technologies (CHKP), a stalwart of the cybersecurity world. Based in Israel and established well before the AI-driven boom, Check Point offers a more mature portfolio of firewall, threat prevention, and cloud security services. It operates with impressive margins, a conservative balance sheet, and a subdued media profile. Its Shiller P/E, though less extreme, is still elevated by historical standards—yet not in the same stratosphere as CrowdStrike’s. This contrast hints at a valuation bifurcation in the cybersecurity sector, where newer, fast-growing firms are rewarded with soaring multiples, while established players trade closer to value territory.
Using the Shiller P/E to assess these companies is not without caveats. The metric is more suited to mature businesses with long earnings histories. It can understate the value of rapidly growing firms like CrowdStrike or SentinelOne, which are building scale and investing heavily in growth. Still, it remains useful as a counterweight to the hype. When a company’s CAPE is more than triple that of the market, it implies a level of earnings expansion that few firms in history have sustained.
This brings us to a crucial consideration: is the high valuation justified by the cybersecurity industry’s prospects? Demand is indeed robust. Global cybersecurity spending is projected to exceed $500 billion by 2032, fueled by rising ransomware attacks, state-sponsored intrusions, and enterprise digital transformation. AI is becoming both a threat vector and a defense mechanism, accelerating the arms race in this domain. CrowdStrike, Palo Alto Networks, and Zscaler are seen as pioneers in this transition. But such narratives, while compelling, often mask the harsh reality that even strong businesses can disappoint when expectations are priced for perfection.
The CAPE ratio reminds us that valuation matters—even for industries that appear bulletproof. When the cost of a dollar’s worth of long-term earnings becomes untethered from history, investors must ask what margin of safety remains. In a world where interest rates, inflation, and political risk are anything but stable, betting on overvalued stocks with the assumption of infinite growth is not just optimistic—it’s precarious.
For investors hunting opportunities in cybersecurity, the lesson is clear: scrutinize the price you’re paying for growth. CrowdStrike may deliver on its promise, but the bar is set dizzyingly high. Check Point, though less flashy, may offer steadier returns with less downside risk. And in between those extremes lie a handful of companies whose CAPE ratios and fundamentals merit closer inspection.
The Shiller P/E doesn’t predict crashes or pinpoint turning points. But it does whisper a truth that markets often ignore at their peril: trees don’t grow to the sky. Not even in the cloud.
Leave a Reply