- Yahoo’s huge data breach pushed security stocks higher.
- Costs of attacks are rising, and M&A could be the answer for larger tech firms.
- Motifs mentioned: Cyber Security
- Stocks mentioned: Yahoo (NASDAQ:YHOO), Verizon (NYSE:VZ), Target (NYSE:TGT), Symantec (NASDAQ:SYMC), Palo Alto Networks (NASDAQ:PANW), Cisco Systems (NASDAQ:CSCO), IBM (NYSE:IBM), Imperva (NASDAQ:IMPV), Microsoft (NASDAQ:MSFT), LinkedIn (NYSE:LNKD).
We appear to have a new winner in the biggest corporate data breach sweepstakes.
Yahoo (NASDAQ:YHOO) revealed late last week Thursday that hackers penetrated its network in late 2014 and stole personal data on more than 500 million users. The stolen data included names, email addresses, dates of birth, telephone numbers and encrypted passwords.
The good news is that Yahoo believes the hackers are no longer in its corporate network, and that it didn’t think unprotected passwords, payment-card data or bank-account information had been affected.
The most interesting wrinkle in all of this is that Yahoo said the attack was “state-sponsored,” an increasing aspect of recent corporate data hacks. While China-based attacks have declined in recent months following a 2015 agreement between the U.S. and China, Russia has now taken China’s place as the primary suspect of attacks on American systems.
As the Wall Street Journal recently pointed out, two hacking groups —linked by security researchers and U.S. government officials to Russia—have published email messages belonging to public figures, including private Gmail messages belonging to former Secretary of State Colin Powell.1
The second most interesting wrinkle is that the attack doesn’t come at a particularly opportune time for Yahoo, which has flailed at turning around its core Internet business for years, only to ultimately agree earlier this year to be bought out by Verizon (NYSE:VZ).
However, it’s expected that the breach will have no effect on the merger. B. Riley analyst Samheet Sinha pointed out to the Journal that Microsoft (NASDAQ:MSFT) agreed to buy LinkedIn (NYSE:LNKD) just one month after LinkedIn disclosed that a breach in 2012 affected many more customer accounts – over 100 million – than it originally thought.
As Sinha put it: “Data breaches have become part of doing business now.”
True enough, based on the recent slew of hacks. Just last month, Dropbox said 68 million usernames and passwords were stolen in a 2012 attack. In July, the emails of the Democratic National Committee were hacked, followed days later by an attack on both Hillary Clinton’s presidential campaign and the Democratic Congressional Campaign Committee. Those followed earlier well-publicized breaches over the past few years by Target (NYSE:TGT) Sony Pictures Entertainment, and infidelity website Ashley Madison.
According to a 2015 report from the Ponemon Institute, which tracks cybercrime, the cost of hacks has risen 82% over the past six years.2
The ramped-up frequency doesn’t seem to be lost on investors, who tend to bid cyber security stocks higher after news of big-time data breaches. This happened again last Friday after Yahoo’s news – names like Symantec (NASDAQ:SYMC) and Palo Alto Networks (NASDAQ:PANW) shot higher.
Other cyber security investments have outperformed recently. The Cyber Security motif has gained 3.5 percent in the past month. In that same period, the S&P 500 has slipped 0.5 percent. Over the last 12 months, the motif has gained 1.8 percent; the S&P 500 is up 10.6 percent.
As large technology and defense companies look for a larger footprint in the sector, these stocks also have benefited from real and perceived takeover activity. In June, Cisco Systems (NASDAQ:CSCO) agreed to buy cloud-security firm CloudLock for $293 million. That deal followed one by Carbon Black to purchase Confer Technologies in July.3
And just last week, amid news of the Yahoo breach, Cisco and IBM (NYSE:IBM) were reported to both have possible interest in buying security-sofware firm Imperva (NASDAQ:IMPV), sending the latter’s stock up 20 percent.4
Future breaking headlines of big data breach are likely to cause anxiety for customers, but not necessarily for investors in cyber security stocks.
1Robert McMillan, “Yahoo Says Information on at Least 500 Million User Accounts Was Stolen,” wsj.com, Sept. 22, 2016.
2,3Ryan Vlastelica, “Yahoo, Dropbox hacks put cybersecurity ETFs squarely in focus,” marketwatch.com, Sept. 23, 2016, http://www.marketwatch.com/story/the-dropbox-hack-puts-cybersecurity-etfs-squarely-in-focus-2016-09-01, (accessed Sept. 25, 2016).
4Shoshanna Delventhal, “Investors Rally to Cybersecurity (HACK, SYMC),” investopedia.com, Sept. 23, 2016, http://www.investopedia.com/news/investors-rally-cybersecurity-hack-symc/, (accessed Sept. 25, 2016).