Cybersecurity stocks: one to buy and one to avoid

Updated: 
Laptop computer

As more and more of our critical data moves online, cyber security is becoming an increasingly important preoccupation for individuals, companies and governments alike. As investors, this trend should pique our interest for obvious reasons. And while most large cyber security firms are listed in the US, there are a handful operating here in the UK.

One for the long term

And the one I'd buy would be the relatively small £400m market cap GB Group (LSE: GBG). The company specialises in identity verification, fraud detection and criminal records checks for multinationals and governments. This is unsurprisingly a booming market and the company's financial statements attest to this. In the half to October, sales rose a full 16% year-on-year to £37.5m due to 9% organic growth and a bolt-on acquisition.

Looking ahead, there's good reason to believe this level of growth is sustainable. The company is rolling-out its products into new regions and now offers anti-money laundering assistance in 53 countries and other products in at least 70. Considering these international markets only account for 31% of group sales I expect considerable top line growth in the medium term as the company increases its penetration in overseas markets.

Acquisitions will also increasingly factor-into the equation in the future as the company only has £4m in net debt and its skyrocketing share price opens the possibility of equity being used to purchase companies. With steady recurring revenue, a constant stream of new products being introduced, and incredible market demand, I believe the future is bright for GB Group. While shares are priced for growth at 30 times forward earnings, investors should remember this isn't a ridiculous valuation for a fast-growing tech stock that is highly profitable.

And one to steer clear of

While a rising tide lifts all boats, one cyber security firm I would take a pass on is Sophos (LSE: SOPH). My reticence is largely due to the company still firmly being in start-up mode, despite already having a market cap of £1.2bn. Companies that are still lossmaking and have oodles of debt make me nervous, even if they're growing sales by a solid clip.

In the first nine months of 2016 Sophos recorded a $22.9m operating loss which, while an improvement on the $26.7m loss in the year prior, is not an insignificant sum. And at the end of H1 the group had $209m in net debt, not including the $100m in cash it has just paid to acquire American security firm Invincea, which ran a post-tax loss of $11.8m itself last year.

On one hand, the company's investments in its products and salesforce are paying off as revenue rose 10.2% year-on-year in the first three quarters of 2016 to $391m. But as long as the company is still bleeding cash, it is hard to be certain that its business model will work in the long term. With losses still high and net debt rising I'll be avoiding Sophos until management can prove itself.

Although cyber security stocks are hot right now, long-time investors will know that it's often the less-flashy, under-appreciated businesses that often provide shareholders with the biggest returns in the long run. And the Motley Fool's Head of Investing, Mark Rogers, has found one such business that has quietly increased sales every single year since going public back in 1997.

This stellar record has led the company's share price to increase over 250% in the past five years alone. And Mark believes that international expansion means the stock could triple again in the coming decade. To read his report for yourself, simply follow this link for your free, no obligation copy of the report.

Ian Pierce has no position in any shares mentioned. The Motley Fool UK has no position in any of the shares mentioned. We Fools don't all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors.