It seems like every day there’s yet another report of a big cyber hack. And it feels like it has reached a point where we are all becoming desensitized to these attacks.
It’s not surprising: Over six billion attacks occurred last year, according to an NTT Group report, which qualified that the number could actually be greater, since not all incidents are reported or identified.(1) And 18 percent of these hacks were targeted at the finance sector. Around 500 million financial accounts were hit in 2014.(2)
Cyber attacks are literally driving up the price of health care, to the tune of $6 billion a year spent correcting breaches.(3) The average incident costs a hospital $2.1 million, and almost nine out of ten of these institutions were attacked over the past two years.
Not even Uncle Sam is immune. The worst security breach in U.S. government history just became four times worse than originally reported: 21.5 million, rather than 4 million federal employees’ records compromised on June 4, 2015.(4)
All this bad news actually has had a bullish effect upon the stocks of companies that sell the tools used to combat cyber assailants, as I recently said on CNBC.
The cyber security industry has been rallying, as companies gird themselves with next generation technology. This category of spending could grow 20 percent this year, according to an FBR Capital Markets report, compared to just 3 to 5 percent for the overall corporate technology market.(5)
A lot of this upside is coming from the world’s largest payer, the U.S. government, which puts 16 percent of its technology budget into cyber security, compared to 4 percent among the private sector.(6)
To put this in dollars, global information technology spending connected to cyber security may reach $77 billion this year, according to a Gartner Group report.(7) About $12.5 billion of that may come out of Uncle Sam’s pockets, and next year’s budget.(8)
Key drivers in both the public and private sector include the desire to sidestep the negative publicity and customer hassle associated with post-breach account resets, along with data protection laws that are about to become effective in different parts of the world.
Indeed, certain cyber security vendors have been reeling in big revenue growth this year, particularly for enterprise applications. Cyber Ark Software Ltd. reported revenues in the first three months of the year that were 89 percent higher than those during the same period of 2014. Other big revenue gainers included Vasco Data Security, at 68 percent, and Palo Alto Networks, at 55 percent.
Money is also flowing into cyber security companies’ coffers from investors, private and public alike. Venture capitalists invested over $1 billion in the first quarter of this year, almost twice the amount during the same time in 2014.(9) And several cyber security vendors will be going public, including Rapid7 and Veracode, which should encourage even more investment in the space.
On the public stocks side, the Cyber Security motif has outperformed the Standard & Poor’s 500 fourfold, with a one-year return of 36.6 percent as of July 30, 2015.
The Cyber Security motif is a 16-stock basket made up of network solutions companies like Check Point Software Technologies Ltd., Palo Alto Networks and Fortinet; and endpoint solution companies like Symantec, FireEye and AVG Technologies. The motif is weighted about two thirds toward network solutions and the remainder to endpoint solutions.
While some may wonder whether these numbers suggest it might be too late to invest in the cyber security sector, prior experience may lead industry watchers to believe that the battle between hackers and industry may continue to drive the market up. What’s changing, however, is which security vendors are growing more rapidly: those of relatively newer companies, especially those that cater to cloud computing.
Regardless of whether you think this sector is overvalued, hackers simply aren’t going away. Every time they break something new, the security vendors invent the next defense. You can worry about the next wave of hackers, but at the same time, you can try to find a way to gain from their efforts.
The data contained herein from third party providers is obtained from what are considered reliable sources. However, its accuracy, completeness, or reliability cannot be guaranteed. Investing in securities involves risks you should be aware of prior to making an investment decision, including the possible loss of principal. An investment in individual stocks or a collection of stocks focused on a particular theme or idea, such as a motif, may be subject to increased risk of price fluctuation over more diversified holdings due to adverse developments which can affect a particular industry or sector. Investments in ETFs can include those with a narrow or targeted investment strategy and can be subject to similar sector risks. Motif makes no representation regarding the suitability of a particular investment or investment strategy. You are responsible for all investment decisions you make including understanding the risks involved with your investment strategy.
(1) NTT Group,“2015 Global Threat Intelligence Report,” Solutionary.com.
(2) Homeland Security Market Research, “U.S. Financial Services: Cybersecurity Systems & Services Market–2016-2020,” HomelandSecurityResearch.com, 2015.
(3) Pettypiece, Shannon, “Rising Cyber Attacks Costing Health System $6 Billion Annually,” Bloomberg News, May 7, 2015.
(4) Davis, Julie Hirschfeld, “Hacking of Government Computers Exposed 21.5 Million People,” The New York Times, July 9, 2015.
(5) Norton, Steve, “FBR Predicts 20% Uptick in ‘Next-Gen’ Cybersecurity Spending,” The Wall Street Journal, February 24, 2015.
(6) U.S. Office of Management and Budget, 2015 “Annual Report to Congress on the Federal Information Security Management Act” WhiteHouse.gov, February 27, 2015.
(7) Norton, Steve, “FBR Predicts 20% Uptick in ‘Next-Gen’ Cybersecurity Spending,” The Wall Street Journal, February 24, 2015.
(8) U.S. Office of Management and Budget, 2015 “Annual Report to Congress on the Federal Information Security Management Act,” WhiteHouse.gov, February 27, 2015.