Cyber security is now a non discretionary area of IT spending for any corporate or government entity large or small. It is also the fastest growing sub group of IT spend. The total addressable market has been estimated at more than 30 bn dollars. Recent corporate security breaches that have been made public include eBay, Target, Neiman Marcus, Evernote, RSA (an IT security specialist!), the New York Times, Sony’s play station network, and the “Heartbleed” bug which caused Facebook, Amazon, Yahoo, and Google to urge users to change passwords.Government agencies such as NATO, Canada’s National Research Council, the Montana Department of Health, the Israeli “Iron Dome” contractors, and even the U.S. Federal Reserve have been compromised.
In 2012, two major U.S. banks, Wells Fargo and Bank of America suffered denial of service attacks. Banks, brokers and financial institutions remain under threat on a daily basis. JP Morgan, the largest bank in the U.S., with supposedly one of the most sophisticated security systems in the world, was repeatedly hacked this year, losing data belonging to 76 million households and 8 million small businesses. These are the ones we know about- where customer data, passwords, personal details, and proprietary information were accessed.So who is committing cyber crimes these days? Young Red Bull fuelled computer nerds trying to “one up” each other by getting into sensitive networks? Not anymore.
More likely it is nation states (like China, Russia and Iran to name a few) or extremely well organized, technologically sophisticated groups of cybercriminals wishing to gain financial or strategic advantages and steal intellectual property. In August 2014, the New York Times reported that a Russian crime ring had amassed 1.2 billion user names and passwords as well as 500 million email addresses and was selling them to the highest bidder. Right around the same time giant U.S. retailer Target announced they would take a 148 million dollar hit from the 2013 data breach that I referred to earlier. Serious stuff!
Just as the attackers have changed over time so have the attacks. These “advanced persistent threats” are now delivered over multiple platforms where email, web, and file based attacks may go undetected simply because the in place security systems are defensive in nature and only react to recognizable patterns, signatures and specific paths. Traditional defences such as firewalls, anti- virus software, and email spam filtering are particularly vulnerable. Recent surveys of Chief Information Officers in Fortune 500 companies highlight a high level of spending in this area and “fast tracking” for the procurement of security products.
Investment Opportunities in Cybersecurity
For a growth oriented investor, I believe cybersecurity is fertile ground given the size and scope of the market opportunity (corporates, government, the military) and the immediate necessity of protecting connected networks. There are a number of companies (mostly U.S. based) that are profiting from this trend. I prefer the pure plays- smaller, innovative companies whose entire focus involves protecting networks with state of the art technology. Shares in these high growth companies are volatile but can provide returns far in excess of the market if correctly chosen. Top lines are growing fast, some in excess of 50%.
FireEye (Market cap.US$5 billion)
FireEye’s security solutions involve what are called “advanced persistent threats” or APT. FireEye has developed a solution based on a proprietary virtual machine that can test web, file, and email traffic and protect against these threats even if they have never been seen before (zero day attacks)
Proofpoint (Market cap.US$1.4 billion)
Proofpoint focuses more on the email gateway market and delivers services via cloud based solutions. It also offers advanced threat protection, compliance, and secure communications as add on capabilities. Palo Alto Networks (Market cap. US$8.4 billion) core product is the Next-Gen Firewall platform which addresses the large (13 billion) firewall replacement market for complex networks.
Fortinet (Market cap. US$4.2 billion)
Fortinet operates in the UTM (unified threat management) space. It offers an “all in one” security product called FortiGate which works with web app/ database, messaging and clients security areas. More conservative investors might consider a larger company- Check Point Systems (market cap. US$13.9 billion), one of the pioneers of network security. Founded in 1993, Check Point has 100% of the fortune 100 as its customer base and offers more traditional network security gateways and software “blades” to the installed base.
Palantir Technologies, a company not yet public is one to watch. Founded by legendary serial entrepreneur Peter Thiel (early backer of Paypal and Facebook) and named for the “all seeing” stones in Lord of the Rings, it employs proprietary data analysis techniques to detect fraudulent activity and reportedly has over 1 bn USD in contracts from government agencies such as the CIA, NSA, and FBI. It may IPO in 2017.
Important: This content has been prepared without taking account of the objectives, financial situation or needs of any particular individual. It does not constitute formal advice. Consider the appropriateness of the information in regards to your circumstances.