In January 2021, Microsoft CEO Satya Nadella revealed the size of the software company’s security business for the first time. The number was big.
Nadella told analysts on an earnings call that the operation had reached $10 billion in annual revenue and was “up more than 40%” year over year. In other words, it was outpacing every other major Microsoft product.
The remarks were revelatory. Nadella was known for reviving Microsoft, overseeing a fivefold expansion in market cap by that point in his seven years at the helm. That growth was largely based on turning Microsoft’s cloud business into a more serious threat to Amazon Web Services in a giant market.
By letting investors in on the enormity of Microsoft’s security business, Nadella was casually uncovering a powerful growth engine. Total revenue across the company was up just 14% from the prior year. And by way of comparison, Palo Alto Networks, one of the largest pure-play security software companies, delivered 21% revenue growth over roughly the same period, on a base smaller than $4 billion.
“Nobody had any idea it was a $10 billion business,” said Andrew Rubin, CEO of cybersecurity software start-up Illumio, speaking of Microsoft’s security revenue. Rubin, whose company was valued last year at $2.75 billion, was surprised by the growth and scale of what Microsoft had assembled, spanning several markets and all three reporting segments.
Microsoft is scheduled to report fiscal third-quarter results on Tuesday, and investors might get another glimpse into what’s happening inside the company’s security unit. Ransomware attacks have only increased of late, leading to a surge in spending by enterprises, smaller companies and the public sector. And the U.S. government has warned of greater cybersecurity threats following Russia’s invasion of Ukraine earlier this year.