Zscaler had a strong fourth quarter, but its outlook for fiscal 2025 fell well short of estimates.
The company, known for its Zero Trust Exchange platform, is among the cybersecurity leaders and in the middle of the platformization debate that has been dented by the CrowdStrike outage.
Zscaler reported a fourth quarter net loss of $14.9 million, or 10 cents a share, on revenue of $592.9 million. Non-GAAP earnings in the quarter were 88 cents a share. Wall Street was expecting Zscaler to report non-GAAP earnings of 69 cents a share on revenue of $567.61 million.
For fiscal 2024, Zscaler reported a net loss of $57.7 million, or 39 cents a share, on revenue of $2.17 billion, up 34% from a year ago. Non-GAAP earnings for the year were $3.19 a share.
- CrowdStrike Q2 better-than-expected, sees subscription revenue hit due to outage
- SentinelOne CEO: 'We're seeing distinct rise in customer interest' after CrowdStrike
- Palo Alto Networks reports strong Q4, raises outlook on platformization play
- Cybersecurity platformization: What you need to know
CEO Jay Chaudhry said customer adoption was "stronger than ever" and that fiscal 2025 would feature a "strong go-to-market machine and a high pace of innovation."
Yet the outlook for the fiscal year fell short of expectations. Zscaler projected first quarter revenue of $604 million to $606 million with non-GAAP earnings of 62 cents a share to 63 cents a share. Wall Street was expecting first quarter earnings of 72 cents a share.
For fiscal 2025, Zscaler said it would post non-GAAP earnings of $2.81 a share to $2.87 a share on revenue of $2.6 billion to $2.62 billion. Wall Street was looking for fiscal 2025 non-GAAP earnings of $3.36 a share on revenue of $2.63 billion.
Zscaler CFO Remo Canessa said the first half of fiscal 2025 will see billings growth of about 13% and accelerate to 23% in the second. Canessa said sales productivity will improve over the year and the pipeline supports second-half acceleration.
Canessa added that Zscaler will continue to invest for long-term growth at the expense of profits to some degree.
- CrowdStrike to Delta: Don't blame us for your IT outage response
- From Blue Screen to Blackout: Unpacking the CrowdStrike Catastrophe and Industry Implications
- CrowdStrike outage likely to hit cybersecurity's platformization pitch
- Cybersecurity platformization: What you need to know
Chaudhry remained upbeat about Zscaler's prospects and took a few shots at CrowdStrike. Key quotes from Chaudhury include:
- "When customers rely on a mission critical cyber security service, there is no room for service interruptions. From inception, Zscaler has built a cloud security platform that has been seamlessly scaling with high reliability and resilience. Operating such a service is no trivial task and it requires years of experience. Unproven vendors, including new entrants and legacy firewall companies, do not have this experience. By operating the world’s largest security cloud with superior resilience for over a decade, we have earned the trust of the largest enterprises.
- "The importance of mission criticality has gone up significantly since the outage that was caused by CrowdStrike. While our customers want resilience, they also do want consolidation, but they do not want consolidation such that it makes them dependent on a single vendor."
- "The increasing use of AI is creating new avenues of growth for us. For example, the rising adoption of GenAI is exposing new gaps in organizations’ security posture."
- "The cyber threat environment continues to worsen as the limitations of firewall and VPN based architecture are exploited by threat actors to launch an increasing volume of sophisticated attacks. Over the last year, we saw an 18% increase in ransomware attacks blocked by the Zscaler cloud."
- "In addition to landing new logo platform purchases, we are also upselling our platform. Our land-and-expand motion creates a flywheel of continuous engagement and upsells."
- "Most of the CIO I talk to have been standardizing in-line access to three providers, one for EDR (endpoint detection and response), one for identity, and one for Zero Trust actions. I think that's a good combination because you end up getting a couple of extra layers, but you still have separation. So in this environment, our customers aren't really pushing back on us because we tell them don't buy everything through Zscaler. You've got an EDR provider, you've got an identity provider and we'll do the rest of Zero Trust on activity."