Okta is in big reputational trouble that could impact its top line growth

It's quite shocking how fast some former high-flying tech names have given up almost all of their gains since interest rates started to go up. One of these names is Okta ($OKTA), a high-growth cybersecurity company. Okta went public in 2017, and in just four years, its stock soared by over 1,000%. For some time, it was one of the best-performing stocks on the market. But as you can see below, Okta's stock stalled in late 2021 when monetary tightening began and plunged by over 70% in 2022.

Okta's selloff was driven by the sharp slowdown in revenue and the lack of profitability. Even today, the company is not profitable, while growth continues to slow. Even worse, OKTA has been the victim of numerous cybersecurity incidents in the past couple of months, which may harm the company's reputation as a reliable cybersecurity provider. In fact, the stock plunged as much as 20% over the past five days after the company experienced another cybersecurity breach. Let's see what's going on with this former high-flyer.

Can It Keep Its Leading Market Position?

Okta is a leading name in the identity and access management (IAM) space. Founded in 2009, it provides a range of cloud-based services and solutions designed to help organizations manage and secure user identities, access to applications, and data. Its primary mission is to enable seamless and secure access for employees, partners, and customers to various software applications and services, regardless of the device they use or their physical location.

Okta's IAM platform provides a single sign-on (SSO) solution that allows users to log in to multiple applications with a single set of credentials. It also offers a variety of other security features, such as multi-factor authentication (MFA), adaptive risk assessment, and user behavior analytics.

Okta has been the most popular choice for IAM solutions in recent years. With over 18,400 customers as of Q2 FY24, Okta is the leader in the space. According to estimates, it boasts a market share of nearly 45%, which is very high considering that it competes with approximately 30 other cybersecurity companies, including CyberArk ($CYBR), Ping Identity, and even tech giants like Microsoft ($MSFT) that offer their own cybersecurity solutions.

Okta has gained a strong foothold in the market due to its user-friendly approach, robust security features, and a wide range of integrations with various third-party applications and services. However, the tech landscape is dynamic, and the competition among IAM providers continues to increase. Okta is at risk of losing market share not only because of the stiff competition but also because of the numerous cybersecurity incidents that may harm its reputation.

The company has experienced several security breaches in the past 18 months or so, which may be concerning for a cybersecurity company. Okta was even involved in the high-profile hack of MGM and Caesars Resorts earlier this year when the attackers compromised MGM's Okta super administrator accounts.

Last week, Okta failed again to protect its own systems as the Chief Security Officer said in a blog post that they identified "adversarial activity that leveraged access to a stolen credential to access Okta's support case management system." The hacker was able to view files uploaded by certain customers as part of support cases.

Okta experienced at least two more security breaches in the past twelve months, one in March of this year when Lapsus$ threat actors compromised the account of a customer support engineer who worked for a third-party provider and then used that account to steal customer data. And in December 2022, Okta was hit by a phishing attack, a breach, and had its GitHub source code stolen.

This string of cyberattacks is very concerning, as it shows that the cybersecurity company struggles to protect its own systems. The potential for reputational risk may affect the company's growth, at least in the near term, and force it to increase its marketing spending more than previously expected. As a result, it will probably take longer for the company to become profitable than previously expected, which can lead to lower valuation multiples.

Slowing Growth, Lack of Profits, and Security Incidents — a Toxic Combination

OKTA used to be one of the fastest-growing software names on the market in the past decade. This is why the stock soared in the first few years. But, as you can see below, revenue growth has slowed down dramatically, and the rapid slowdown is expected to continue.

In Q2, revenue grew 23% year-over-year to $556 million, which is a solid growth rate. However, the Q3 guidance implies revenue growth of just 16%. This will be the slowest growth rate in the company's history. In fact, Okta no longer qualifies as a high-growth company, as its full-year revenue growth is expected to be under 20%, for the first time ever.

The impact of the recent cyberattacks hasn't been factored into the company's guidance, meaning that Okta risks missing growth estimates or revising its outlook downwards. In order to meet its growth targets, it could spend more aggressively on sales and marketing, resulting in higher losses than expected. In any case, the recent string of cyberattacks might negatively impact the company's top and bottom lines.

Okta is already spending significant amounts of money on sales and marketing, and it may be forced to increase that more than expected to offset the potential negative impact of security incidents. In Q2, it spent nearly half of its revenue on S&M, which is a very high marketing spend. While it was actually flat year-over-year, the company is still far from profitable. Its Q2 net income margin came in at -20%, but significantly improved compared to the -47% net margin in the year-ago quarter.

Okta is one of these tech companies that issues a lot of new stock each year to make its cash flow statement look healthier than it actually is and to motivate employees to work hard. While stock-based compensation given to employees to align their interests with the interests of shareholders is fundamental to the success of a company over the long run, it becomes toxic when it is overused.

Okta is issuing too much stock, massively diluting shareholders and making its cash flow look artificially positive. For example, in the first half of this year, Okta reported a positive cash flow from operations of $182 million, a significant improvement from the $0 cash flow in the same period a year ago. Yet, in the first half of 2023, Okta issued $351 million worth of shares. If we convert this stock-based expense to cash-based expense, we find that Okta's cash flow for the first half of the year is actually -$169 million, instead of $182 million. This is a sign that the company over-issues stock to artificially boost its cash flow metrics while diluting shareholders.

What Else

There's no doubt that Okta has a leading market position in the IAM space, and the digitization of our economy will lead to increasing demand for such services for the foreseeable future. Despite the strong growth prospects of the cybersecurity industry, Okta may lose market share as the string of cybersecurity incidents could alienate potential customers or make it costlier for the company to acquire new clients. Growth has already slowed down significantly in the post-pandemic world and will likely slow further. There are other safer cybersecurity stocks out there.

Personal Portfolio Update

Subscribe to Premium Membership to read the rest.