By Liana B. Baker, Olivia Oran and Jim Finkle
NEW YORK/BOSTON (Reuters) - Rapid7, LogRhythm and Mimecast are joining a growing list of cybersecurity firms planning to go public in 2015 to capitalize on investor interest following a spate of hacker attacks, according to people familiar with the matter.
Shares of publicly traded cybersecurity firms have outperformed the market in recent months, as high-profile data breaches at Sony Corp, JPMorgan Chase & Co and Anthem Inc prompt businesses to spend more to secure their computer networks.
"The cybersecurity market is in the early innings of a massive growth opportunity," said FBR Capital Markets analyst Daniel Ives. "There are many innovative private security vendors. Tech investors' eyes are glued to who has the 'magic solution.'"
Boston-based Rapid7 provides software and services that help businesses assess and monitor security risks. It has more than 3,500 customers, including Amazon.com Inc, American Express Co and Bank of America Corp.
Mimecast, also based in Boston, is an email security firm with 10,000 customers. According to its website, revenue rose 30 percent in 2014 to $88.4 million. LogRhythm Inc, based in Boulder, Colorado, provides technology to help companies monitor activity across their networks.
All three companies are planning to sell shares to the public and seeking valuations in excess of $1 billion, according to people familiar with the matter, who declined to be identified because the plans are not yet public.
Rapid7, whose investors include Bain Capital Ventures and Technology Crossover Ventures, has chosen Morgan Stanley and Barclays to assist with an initial public offering, the people said.
LogRhythm, whose investors include Access Venture Partners, Adam Street Partners, Grotech Ventures and Riverwood Capital, has chosen JPMorgan Chase and Morgan Stanley for an IPO in the second half of the year, the sources said.
Mimecast, whose investors include Insight Venture Partners, Dawn Capital and Index Ventures, has spoken to some investment banks about an IPO later this year but has not hired any firms, the sources said.
Representatives from the three companies and the banks working with them all declined to comment.
With global spending on IT security set to increase 8.2 percent in 2015 to $77 billion, according to market research firm Gartner, the shares of publicly traded cybersecurity firms have done well.
FireEye Inc shares have risen 38 percent so far this year, while Qualys Inc is up 24 percent and Palo Alto Networks Inc has climbed 19 percent. The PureFunds ISE Cyber Security ETF has gained 9 percent over the same period, while the S&P 500 Index is up 1.9 percent.
But investing in cybersecurity is not without risk.
FireEye's share price plunged more than 70 percent in less than three months last year, after Chief Executive Dave DeWalt and other insiders sold shares, spurring investors to take a more critical look at the firm's finances and valuation.
The stock had more than quadrupled in the first six months after its September 2013 IPO, even though FireEye later reported losses of $121 million in 2013 and $444 million in 2014. Analysts do not expect FireEye to post a full-year net profit until 2018, though they are forecasting rapid revenue growth, according to Thomson Reuters data.
Amid investor enthusiasm for the cybersecurity industry, FireEye has recovered this year though at around $42 a share, the stock remains far below its March 2014 high of $97.35.
Rapid7, LogRhythm and Mimecast are not the only cybersecurity firms planning to tap public markets this year.
Veracode, which protects Internet applications from hackers, has selected banks to lead a potential IPO that could value the company at between $600 million and $800 million, Reuters reported in December.
Another company widely expected to debut this year is Bit9 + Carbon Black, whose software protects computers from malware. The firm has not yet hired banks, according to people familiar with the matter. It declined to comment.
According to FBR's Ives, emerging cybersecurity companies could earn a combined annual revenue of $15 billion to $20 billion in three years. That excludes the slower growing but larger market for traditional cybersecurity technology, such as anti-virus software.
Venky Ganesan, managing director at Silicon Valley venture capital firm Menlo Ventures, said average corporate spending on cybersecurity will rise from about 0.25 percent of total revenue to as much as 2 percent of revenue in the coming years.
"The window is wide open for cybersecurity companies. We have a perfect storm of opportunity," said Ganesan, who had invested in Palo Alto Networks while at Globespan Capital.
(This story has been corrected to fix typo in LogRhythm in first paragraph)
(Reporting by Liana B. Baker and Olivia Oran in New York and Jim Finkle in Boston; Editing by Tiffany Wu)