10 Best Performing Cybersecurity Stocks in 2024: Full Rankings & Analysis

Leidos is not typically the first name that comes to mind in a cybersecurity conversation - most investors associate the sector with Silicon Valley pure-plays. But this Reston, Virginia-based firm is a comprehensive cybersecurity provider to the US government, and 2024 proved to be its year. Its portfolio spans offensive and defensive cyber operations, zero trust architecture implementation, quantum cryptography, and the proprietary PACKIT™ (Proven, Analytic-Centric Kill Chain Implementation and Transformation) framework. Its work with the Department of Defense and Department of Homeland Security requires the highest security clearances and the most demanding performance standards.

The fundamental driver of the 83.72% return was exceptional execution in a favourable government spending environment. Leidos delivered its sixth consecutive quarter of growth in Q3 2024, with quarterly revenue of $4.19 billion (up 7% year-over-year), a record adjusted EBITDA margin of 14.2%, and a 44% increase in adjusted diluted EPS. Its total backlog reached $37.7 billion, providing extraordinary revenue visibility. Full-year 2024 guidance was raised to $16.35–$16.45 billion.

Broadcom's presence in a cybersecurity ranking may surprise investors who primarily associate it with semiconductors, networking chips, and the 2023 VMware acquisition. But Broadcom owns the Symantec Enterprise Cloud platform - one of the most comprehensive enterprise security suites available - alongside solutions covering payment security, mainframe security, network security, endpoint protection, and identity management. Its 130 hedge fund holders make it by far the most institutionally owned name on this list, reflecting its status as a diversified technology conglomerate with enormous free cash flow generation.

The 69.19% return in 2024 was primarily driven by Broadcom's AI semiconductor business: its custom AI accelerator chips and ethernet networking solutions for hyperscaler data centers generated $12 billion in AI revenue for fiscal 2024. In Q3 2024, Broadcom reported $13.1 billion in revenue - a 47% year-over-year increase - driven by strong AI revenue, VMware bookings, and solid non-AI semiconductor performance. Looking to Q4 2024, the company projected AI revenue rising 10% sequentially to $3.5 billion. Bank of America reaffirmed a Buy rating on November 5, citing AI computing and networking leadership alongside strong free cash flow generation.

Fortinet protects over 700,000 organisations worldwide - more than any other cybersecurity company - spanning enterprises, service providers, and government agencies. It holds the global market share leadership position in network security firewalls by units shipped, alongside intrusion prevention systems, unified threat management, and the AI-powered FortiAI suite. FortiAI for FortiNDR Cloud assists threat hunters by analysing and correlating complex detections; FortiAI for Lacework FortiCNAPP provides AI-powered alert context and remediation guidance to security operations teams.

Fortinet's 59.29% return reflected the resolution of the sector's most discussed concern: the firewall product replacement cycle. After elevated channel inventory following the post-pandemic buying surge, Q3 2024 results showed a significant billings beat with accelerating bookings growth - confirming the firewall cycle had turned positive. Adjusted Q3 EPS of $0.63 beat the $0.52 consensus; revenue of $1.51 billion exceeded forecasts by $30 million with 13% year-over-year growth. Service revenue - the higher-quality recurring component - grew 19.1% year-over-year to $1.03 billion. Full-year 2024 guidance was raised to $5.86–$5.92 billion.

CyberArk is the global leader in identity security - the discipline of controlling which human users, machines, and automated processes can access which systems and data. This is not a peripheral concern: the vast majority of significant data breaches involve compromised credentials or improper access privileges. CyberArk's privileged access management (PAM) platform secures the highest-value access points: administrator accounts, service accounts, cloud infrastructure credentials, and developer pipelines across financial services, energy, retail, healthcare, and government customers.

In early October 2024, CyberArk completed its acquisition of Venafi - the leader in machine identity management - expanding its total addressable market by $10 billion to approximately $60 billion. Machine identity is one of the fastest-growing and least-understood challenges in enterprise security: as organisations deploy more microservices, containers, and AI agents, the number of machine identities requiring management has exploded. Q2 2024 showed 28% revenue growth to $224.7 million and a 50% increase in Annual Recurring Revenue to $868 million. Oppenheimer, Scotiabank (Sector Outperform, $340 target), and Baird (Outperform, $315 target) all maintained positive ratings.

Palo Alto Networks is one of the world's largest cybersecurity companies and the most prominent advocate for vendor consolidation in enterprise security. Its "platformisation" strategy - encouraging customers to standardise on Palo Alto's integrated suite across network security, cloud security, and security operations - is a bold bet that the economics of vendor consolidation will overcome the inertia of existing deployments. In 2024, that strategy gained tangible traction. In September, PANW completed the acquisition of IBM's QRadar SaaS assets, migrating IBM's SIEM customer base to Cortex XSIAM - its AI-powered security operations platform using Precision AI to automate threat detection and response at machine speed.

Oppenheimer raised its price target from $410 to $450 on October 22, maintaining an Outperform rating, citing Palo Alto's steady execution and the success of its platformisation strategy as key factors in its growth prospects. The company was tracking to meet Q1 FY2025 revenue guidance of $2.10–$2.13 billion, with the consensus at $2.121 billion. Palo Alto had already told the market that 2024 was proving to be a landmark year in the utilisation of AI in cybersecurity - and it predicted the best was yet to come.

CrowdStrike's 2024 is a case study in the resilience of deeply embedded enterprise software. In July, a faulty content update to its Falcon sensor caused approximately 8.5 million Windows devices to display the Blue Screen of Death - shutting down airlines, hospitals, banks, and broadcasters in one of the most disruptive IT incidents in history. CRWD's share price fell nearly 44% within two weeks, bottoming in early August. By November, the stock had recovered substantially - delivering 33.67% year-to-date despite the crash. The recovery reflects the extraordinary switching costs of a deeply integrated security platform and the company's transparent, accountable response, including flexible commercial terms for affected customers.

CrowdStrike's AI-native Falcon platform continued driving adoption despite the outage: Falcon ARR growth reached 80% year-over-year in Q2 FY2025, and Q2 results showed 32% year-over-year revenue growth alongside an operating profit compared to a loss the prior year. Net income per share rose to $0.19 from $0.03 a year earlier. Management targets $10 billion in annual recurring revenue by the end of fiscal 2029. By November, 34 Wall Street analysts rated the stock a Buy - with only six neutral ratings - reflecting restored institutional conviction in CrowdStrike's long-term competitive position.

Juniper Networks is a global leader in networking technology whose cybersecurity portfolio includes enterprise firewalls, malware protection, anti-malware software, and data center service gateways. Its Connected Security framework embeds threat intelligence across the entire network fabric - from end-user devices through switches and routers to the cloud - rather than deploying security as a separate overlay. The 32.62% year-to-date gain was supported by its pending acquisition by Hewlett Packard Enterprise - announced in January 2024 at $14 billion - which provided a floor under the share price while the deal navigated regulatory approval.

Operationally, Q3 2024 results were driven by recovering enterprise demand in cloud and AI networking. Adjusted EPS of $0.48 beat the $0.45 estimate; revenue of $1.33 billion exceeded the $1.27 billion forecast. CEO Rami Rahim noted that total product orders grew nearly 60% year-over-year during the quarter - a significant re-acceleration from the inventory digestion cycle that had weighed on networking hardware vendors through much of 2023. A quarterly dividend of $0.22 per share was declared.

General Dynamics' Information Technology (GDIT) division is one of the largest cybersecurity providers to the US government - providing hardware security products including Type 1 encryption devices for classified communications alongside a full range of SaaS security solutions, zero trust implementation services, and AI/ML-enhanced threat analytics. In September 2024, GDIT acquired Iron EagleX - a specialised AI/ML, cybersecurity, and cloud services provider focused on Special Operations Forces and the intelligence community - broadening its advanced technology capabilities for the most sensitive defence missions.

General Dynamics' Q3 2024 results showed 10.4% revenue growth to $11.67 billion, driven by 22% Aerospace growth and 20% Marine Systems growth. Year-to-date revenue reached $34.4 billion with net income of $2.63 billion. The total backlog grew to $92.6 billion alongside a record estimated contract value of $137.6 billion - providing exceptional multi-year revenue visibility that distinguishes defence cyber companies from commercial software peers when investors are assessing earnings durability.

Varonis specialises in a frequently underappreciated corner of enterprise cybersecurity: the governance and security of unstructured data - the emails, documents, spreadsheets, and files that represent most sensitive corporate information but are typically far less well-protected than structured databases. Its platform uses User and Entity Behaviour Analytics (UEBA) to establish baselines of normal data access patterns and flag anomalous activity indicating insider threats, compromised credentials, or ransomware staging. The company is headquartered in New York with R&D operations in Herzliya, Israel.

Varonis delivered a strong Q3 2024 earnings report: Net New Annual Recurring Revenue exceeded estimates by approximately $5 million, and overall ARR grew 18% year-over-year (13% excluding SaaS conversions from perpetual license customers). Growth was driven by customer conversions, new enterprise logo acquisitions, expansion of its Managed Detection and Response (MDDR) service, and early contributions from GenAI and Microsoft Copilot security products. Full-year FY2025 ARR growth was guided at 17–18% year-over-year. DA Davidson raised its price target to $50 (from $47) while maintaining a Neutral rating.

Cloudflare operates one of the world's largest and most interconnected global networks - spanning more than 300 cities and handling a significant share of internet traffic - making it a foundational infrastructure provider for both cybersecurity and AI inference at the edge. Its security portfolio includes Zero Trust Network Access, Secure Web Gateway, Cloud Email Security, API security, DDoS protection, and its Cloudflare One SASE platform. In May 2024, Cloudflare acquired BastionZero to enhance Cloudflare One with secure infrastructure access, providing a VPN replacement covering both applications and infrastructure resources. The company also acquired GPUs to enable customers to deploy AI models - including generative AI - directly at the edge of its network, positioning Cloudflare as a security-plus-inference layer for the AI era.

The 15.00% year-to-date return - the list's lowest but still a meaningful outperformer - reflected strong operational metrics alongside some macro uncertainty. Revenue grew 30% year-over-year in Q2 2024, with customers spending over $100,000 annually growing to 67% of total revenue from 62% in Q1 2023. CEO Matthew Prince's comments about geopolitical uncertainty affecting buying behaviour in certain international markets created near-term caution, but underlying demand metrics remained robust. Citi maintained a Neutral rating with a $90 price target following Cloudflare's October product announcements, citing positive SASE momentum but a current valuation already reflecting considerable optimism.