10 Best Performing Cybersecurity Stocks in 2024: Full Rankings & Analysis

Nobody talks about Leidos at cybersecurity conferences. Most investors hear "cyber" and think CrowdStrike, Palo Alto, maybe Fortinet. Not a Reston, Virginia defence contractor. But this firm is a comprehensive cybersecurity provider to the US government, and 2024 was its year in a way few predicted. The portfolio spans offensive and defensive cyber operations, zero trust architecture implementation, quantum cryptography, and the proprietary PACKIT framework (Proven, Analytic-Centric Kill Chain Implementation and Transformation). Its work with the Department of Defense and Department of Homeland Security demands the highest security clearances and the most exacting performance standards. That is a moat most Silicon Valley companies cannot replicate.

So what drove an 83.72% return? Execution. Relentless, quarter-after-quarter execution in a government spending environment that kept accelerating. Leidos posted its sixth consecutive quarter of growth in Q3 2024 - quarterly revenue hit $4.19 billion (up 7% year-over-year), adjusted EBITDA margin reached a record 14.2%, and adjusted diluted EPS jumped 44%. The total backlog swelled to $37.7 billion, which gives you extraordinary revenue visibility stretching years out. Full-year 2024 guidance was raised to $16.35-$16.45 billion.

Broadcom on a cybersecurity list? I get the raised eyebrows. Most people think semiconductors, networking chips, and the 2023 VMware acquisition. But Broadcom owns the Symantec Enterprise Cloud platform - one of the most comprehensive enterprise security suites you can buy - plus solutions covering payment security, mainframe security, network security, endpoint protection, and identity management. With 130 hedge fund holders, it is by far the most institutionally owned name here. That reflects its status as a diversified technology conglomerate throwing off enormous free cash flow, not just a security play.

The honest truth about the 69.19% return: it was mostly the AI semiconductor business doing the heavy lifting. Custom AI accelerator chips and ethernet networking solutions for hyperscaler data centers generated $12 billion in AI revenue for fiscal 2024. In Q3, Broadcom posted $13.1 billion in revenue - a 47% year-over-year increase - on strong AI revenue, VMware bookings, and solid non-AI semiconductor performance. Q4 projections had AI revenue climbing another 10% sequentially to $3.5 billion. Bank of America reaffirmed a Buy on November 5, pointing to AI computing and networking leadership alongside strong free cash flow generation.

Over 700,000 organisations trust Fortinet with their security. That's more than any other cybersecurity company on the planet - enterprises, service providers, government agencies, the works. Fortinet holds global market share leadership in network security firewalls by units shipped, and the product breadth goes deep: intrusion prevention systems, unified threat management, and the AI-powered FortiAI suite. FortiAI for FortiNDR Cloud helps threat hunters analyse and correlate complex detections; FortiAI for Lacework FortiCNAPP delivers AI-powered alert context and remediation guidance to security operations teams. It's a sprawling portfolio, and customers keep buying more of it.

The 59.29% return came down to one thing: the firewall replacement cycle finally turned. This had been the sector's most debated concern for over a year. After elevated channel inventory from the post-pandemic buying surge, everyone wanted to know - when does the refresh start? Q3 2024 answered that question definitively. Billings came in well above estimates with accelerating bookings growth. Adjusted Q3 EPS of $0.63 crushed the $0.52 consensus; revenue of $1.51 billion beat forecasts by $30 million on 13% year-over-year growth. Service revenue (the higher-quality recurring piece) grew 19.1% year-over-year to $1.03 billion. Full-year 2024 guidance was bumped up to $5.86-$5.92 billion.

CyberArk is the global leader in identity security - the discipline of controlling which human users, machines, and automated processes can access which systems and data. This is not a peripheral concern: the vast majority of significant data breaches involve compromised credentials or improper access privileges. CyberArk's privileged access management (PAM) platform secures the highest-value access points: administrator accounts, service accounts, cloud infrastructure credentials, and developer pipelines across financial services, energy, retail, healthcare, and government customers.

In early October 2024, CyberArk completed its acquisition of Venafi - the leader in machine identity management - expanding its total addressable market by $10 billion to approximately $60 billion. Machine identity is one of the fastest-growing and least-understood challenges in enterprise security: as organisations deploy more microservices, containers, and AI agents, the number of machine identities requiring management has exploded. Q2 2024 showed 28% revenue growth to $224.7 million and a 50% increase in Annual Recurring Revenue to $868 million. Oppenheimer, Scotiabank (Sector Outperform, $340 target), and Baird (Outperform, $315 target) all maintained positive ratings.

Palo Alto Networks is one of the world's largest cybersecurity companies and the most prominent advocate for vendor consolidation in enterprise security. Its "platformisation" strategy - encouraging customers to standardise on Palo Alto's integrated suite across network security, cloud security, and security operations - is a bold bet that the economics of vendor consolidation will overcome the inertia of existing deployments. In 2024, that strategy gained tangible traction. In September, PANW completed the acquisition of IBM's QRadar SaaS assets, migrating IBM's SIEM customer base to Cortex XSIAM - its AI-powered security operations platform using Precision AI to automate threat detection and response at machine speed.

Oppenheimer raised its price target from $410 to $450 on October 22, maintaining an Outperform rating, citing Palo Alto's steady execution and the success of its platformisation strategy as key factors in its growth prospects. The company was tracking to meet Q1 FY2025 revenue guidance of $2.10–$2.13 billion, with the consensus at $2.121 billion. Palo Alto had already told the market that 2024 was proving to be a landmark year in the utilisation of AI in cybersecurity - and it predicted the best was yet to come.

CrowdStrike's 2024 is a case study in the resilience of deeply embedded enterprise software. In July, a faulty content update to its Falcon sensor caused approximately 8.5 million Windows devices to display the Blue Screen of Death - shutting down airlines, hospitals, banks, and broadcasters in one of the most disruptive IT incidents in history. CRWD's share price fell nearly 44% within two weeks, bottoming in early August. By November, the stock had recovered substantially - delivering 33.67% year-to-date despite the crash. The recovery reflects the extraordinary switching costs of a deeply integrated security platform and the company's transparent, accountable response, including flexible commercial terms for affected customers.

CrowdStrike's AI-native Falcon platform continued driving adoption despite the outage: Falcon ARR growth reached 80% year-over-year in Q2 FY2025, and Q2 results showed 32% year-over-year revenue growth alongside an operating profit compared to a loss the prior year. Net income per share rose to $0.19 from $0.03 a year earlier. Management targets $10 billion in annual recurring revenue by the end of fiscal 2029. By November, 34 Wall Street analysts rated the stock a Buy - with only six neutral ratings - reflecting restored institutional conviction in CrowdStrike's long-term competitive position.

Juniper Networks is a global leader in networking technology whose cybersecurity portfolio includes enterprise firewalls, malware protection, anti-malware software, and data center service gateways. Its Connected Security framework embeds threat intelligence across the entire network fabric - from end-user devices through switches and routers to the cloud - rather than deploying security as a separate overlay. The 32.62% year-to-date gain was supported by its pending acquisition by Hewlett Packard Enterprise - announced in January 2024 at $14 billion - which provided a floor under the share price while the deal navigated regulatory approval.

Operationally, Q3 2024 results were driven by recovering enterprise demand in cloud and AI networking. Adjusted EPS of $0.48 beat the $0.45 estimate; revenue of $1.33 billion exceeded the $1.27 billion forecast. CEO Rami Rahim noted that total product orders grew nearly 60% year-over-year during the quarter - a significant re-acceleration from the inventory digestion cycle that had weighed on networking hardware vendors through much of 2023. A quarterly dividend of $0.22 per share was declared.

General Dynamics' Information Technology (GDIT) division is one of the largest cybersecurity providers to the US government - providing hardware security products including Type 1 encryption devices for classified communications alongside a full range of SaaS security solutions, zero trust implementation services, and AI/ML-enhanced threat analytics. In September 2024, GDIT acquired Iron EagleX - a specialised AI/ML, cybersecurity, and cloud services provider focused on Special Operations Forces and the intelligence community - broadening its advanced technology capabilities for the most sensitive defence missions.

General Dynamics' Q3 2024 results showed 10.4% revenue growth to $11.67 billion, driven by 22% Aerospace growth and 20% Marine Systems growth. Year-to-date revenue reached $34.4 billion with net income of $2.63 billion. The total backlog grew to $92.6 billion alongside a record estimated contract value of $137.6 billion - providing exceptional multi-year revenue visibility that distinguishes defence cyber companies from commercial software peers when investors are assessing earnings durability.

Varonis specialises in a frequently underappreciated corner of enterprise cybersecurity: the governance and security of unstructured data - the emails, documents, spreadsheets, and files that represent most sensitive corporate information but are typically far less well-protected than structured databases. Its platform uses User and Entity Behaviour Analytics (UEBA) to establish baselines of normal data access patterns and flag anomalous activity indicating insider threats, compromised credentials, or ransomware staging. The company is headquartered in New York with R&D operations in Herzliya, Israel.

Varonis delivered a strong Q3 2024 earnings report: Net New Annual Recurring Revenue exceeded estimates by approximately $5 million, and overall ARR grew 18% year-over-year (13% excluding SaaS conversions from perpetual license customers). Growth was driven by customer conversions, new enterprise logo acquisitions, expansion of its Managed Detection and Response (MDDR) service, and early contributions from GenAI and Microsoft Copilot security products. Full-year FY2025 ARR growth was guided at 17–18% year-over-year. DA Davidson raised its price target to $50 (from $47) while maintaining a Neutral rating.

Cloudflare operates one of the world's largest and most interconnected global networks - spanning more than 300 cities and handling a significant share of internet traffic - making it a foundational infrastructure provider for both cybersecurity and AI inference at the edge. Its security portfolio includes Zero Trust Network Access, Secure Web Gateway, Cloud Email Security, API security, DDoS protection, and its Cloudflare One SASE platform. In May 2024, Cloudflare acquired BastionZero to enhance Cloudflare One with secure infrastructure access, providing a VPN replacement covering both applications and infrastructure resources. The company also acquired GPUs to enable customers to deploy AI models - including generative AI - directly at the edge of its network, positioning Cloudflare as a security-plus-inference layer for the AI era.

The 15.00% year-to-date return - the list's lowest but still a meaningful outperformer - reflected strong operational metrics alongside some macro uncertainty. Revenue grew 30% year-over-year in Q2 2024, with customers spending over $100,000 annually growing to 67% of total revenue from 62% in Q1 2023. CEO Matthew Prince's comments about geopolitical uncertainty affecting buying behaviour in certain international markets created near-term caution, but underlying demand metrics remained robust. Citi maintained a Neutral rating with a $90 price target following Cloudflare's October product announcements, citing positive SASE momentum but a current valuation already reflecting considerable optimism.