2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, governments, and individuals. Despite all the warnings and high-profile breaches including the Irish Department of Health, the state of readiness for most when it comes to cybersecurity is dismal.
What implications does this have for investors and how can you position your portfolio to benefit from this trend?
First off some important definitions:
Cybercrime - criminal activity that either targets or uses a computer, a computer network or a networked device.
Ransomware - software designed to block access to a computer system until a sum of money is paid.
Malware - software that is specifically designed to disrupt, damage, or gain unauthorised access to a computer system.
Phishing - cybercrime in which targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data.
The Statistics
Malicious hackers are now attacking computers and networks at a rate of one attack every 39 seconds.
One out of five Americans has dealt with a ransomware attack. (The Harris Poll)
95% of cybersecurity breaches are caused by human error.
The average time to identify a breach in 2020 was 207 days and the average lifecycle of a breach was 280 days from identification to containment.
Personal data was involved in 58% of breaches in 2020.
Notable examples
In 2020, a Twitter breach targeted 130 accounts, including those of past presidents and Elon Musk, resulted in attackers swindling $121,000 in Bitcoin through nearly 300 transactions. (CNBC)
In 2020, Marriott disclosed a security breach impacted data of more than 5.2 million hotel guests. (Marriott)
The 2019 MGM data breach resulted in hackers leaking records of 142 million hotel guests. (CPO Magazine)
A ransomware attack in early 2020 on the New Orleans city government cost the city upwards of $7 million. (SC Magazine)
In February 2020, a ransomware attack cost Denmark-based company ISS upwards of $50 million. (GlobeNewswire)
Organizations in India, Brazil, Turkey, Belgium, Sweden, and the US are most likely to be hit by ransomware attacks. In India, the prevalence is especially high with 82% of organizations dealing with ransomware. Brazil has the next highest rate at 65%
In this day and age, a cyber attack is more likely to bring down an F-35 fighter jet than a missile.
The Economics
A recent IBM and Ponemon Institute study found that the average cost of a data breach in 2020 stood at $3.86 million. The report found that the United States continued to experience the highest data breach costs, averaging $8.64 million per event. The healthcare industry sustained the highest costs, with each data breach incident costing about $7 million to recover from.
In 80 percent of the cases that the researchers examined, customers’ personally identifiable information (PII) was the most frequently compromised type of record, as well as the costliest. While the average cost per lost or stolen record was $146 across all data breaches, those containing customer PII cost businesses $150 per compromised record.
In 2019-2020, the average global cost to remediate a ransomware attack was $761,106. (Sophos)
50% of large enterprises (with over 10,000 employees) are spending $1 million or more annually on security, with 43% spending $250,000 to $999,999, and just 7% spending under $250,000. (Cisco)
Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015.
According to a report by Brandessence Market Research and Consulting, the global cybersecurity market is forecast to be valued at $403 billion by 2027. The market will experience a compound annual growth rate (CAGR) of 12.5% over the 5-year forecast period.
Thanks to MoneyLemma for help on this graphic. MoneyLemma explores the overlap between our world and our money, and is a great follow for anyone looking to get smarter about money & investing. You can check out his newsletter here.
Forward Looking
1. Remote workers will continue to be a target for cybercriminals
The world was not prepared for the mass remote working during 2020, and consequently there was a sharp uptick in cyberattacks last year. As the pandemic is not over yet, remote work will continue through most of 2021 and beyond. While it prevents the disease from spreading at an even more alarming pace, remote work certainly is a headache for many companies. Some of them might have matured cybersecurity-wise, but cyber criminals also took their time to learn and upgrade. Therefore, home applications and networks might be an easier target going forward.
2. Cloud breaches will increase
A report from IBM claims that 19% of data breaches happen because IT teams fail to properly protect the assets found within their cloud infrastructure. Polling 524 organizations that suffered a data breach between August 2019 and April 2020, IBM also found that the average cost of a data breach increased by half a million dollars during that time.
Many organizations rely on multi-cloud infrastructure, especially with the Covid-19 pandemic forcing everyone to work remotely. Still, for more than half (52%), securing data stored in the public cloud is a challenge.
However, this risk is not discouraging them. Almost all (85%) of IT organizations are either considering, or already using the public cloud. They’re happy to accept these shortcomings, as the positives outweigh the negatives: cloud infrastructure is capable of increasing effectiveness and visibility in complex networks, as well as taking the workload from on-premise networks which are often unable to properly support mobile workforces.
3. Internet of things (IoT) devices will become more vulnerable to cyber attacks
IoT technology enables users, systems, and devices, to connect to a wide range of networks, thus expanding the connectivity between the physical and the digital. With 5G increasing the bandwidth and more organizations and governments making digital transformation a priority, the adoption of IoT technology increases. The number of Internet connected devices is expected to increase from 31 billion in 2020 to 35 billion in 2021 and 75 billion in 2025. By 2021 the industrial IoT market size should reach $124 billion and by 2026, experts estimate that the IoT device market will reach $1.1 trillion.
Just this week, Software security company McAfee said Peloton bikes are vulnerable to malware. Hackers could potentially spy on Peloton bikers by tricking them into installing malicious apps disguised as Netflix and Spotify. It is conceivable that in the not too distant future, your autonomous self-driving vehicle will be more likely to be the subject of a cyber attack than a physical theft.
According to The McKinsey Global Institute, 127 new devices connect to the internet every second. This is a lot of IoT devices and protecting such an enormous pool of devices is no easy task, especially when there are so many varying types and security standards on the devices. The prevailing perspective from a security operations perspective is that anything connected can be hacked.
Stocks to Benefit
The cybersecurity market is extremely fragmented and as a result, it was really difficult to narrow down the list of stocks to just 5. Over the long term, I would expect significant consolidation in this space through mergers and acquisitions. It is not yet obvious who the clear winner in this space is going as we are very much at the early innings. The below graphic from Momentum Cyber demonstrates this fragmentation better than words ever could.
CrowdStrike (Ticker: $CRWD)
CrowdStrike was founded in 2011 to reinvent security for the cloud era. Realizing that the nature of cybersecurity problems had changed but the solutions had not, the company built CrowdStrike Falcon platform to detect threats and stop breaches. With the Falcon platform, they created the first multi-tenant, cloud native, intelligent security solution capable of protecting workloads across on-premise, virtualized, and cloud-based environments running on a variety of endpoints such as laptops, desktops, servers, virtual machines, and Internet of Things, or IoT, devices.
For the full fiscal year 2021, CrowdStrike reported revenue of $874.4 million, an increase of 82% year-over-year.
Zscaler (Ticker: $ZS)
Zscaler provides enterprises with the technology and expertise to guide them on their digital transformation journeys. With cloud security services that replace the traditional inbound and outbound gateways, they help organizations transform their network and security infrastructures from an appliance-based model to a modern, cloud approach, which allows them to take advantage of cloud agility, intelligence, and scalability—securely.
For the third quarter fiscal year 2021, Zscaler reported revenue of $176.4 million, an increase of 60% year-over-year.
Data Dog (Ticker: $DDOG)
Datadog is a monitoring and analytics tool for information technology (IT) and DevOps teams that can be used to determine performance metrics as well as event monitoring for infrastructure and cloud services. The software can monitor services such as servers, databases and tools.
For the first quarter of 2021, Data Dog reported revenue of $199 million, an increase of 51% year-over-year.
Cloudflare (Ticker: $NET)
Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable. Businesses, non-profits, bloggers, and anyone with an Internet presence boast faster, more secure websites and apps thanks to Cloudflare. Cloudflare was created to ease the difficulties associated with many requests to a server at once and empower users with the resources to make their sites, apps, and blogs safe and performant. This is done through the use of a powerful edge network that provides content and other services as close to you as possible, so you get the information as fast as possible.
For the first quarter of 2021, Cloudflare reported revenue of $138.1 million, an increase of 51% year-over-year.
Palo Alto Networks (Ticker: $PANW)
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets.
For the third quarter fiscal year 2021, Palo Alto Networks reported revenue of $1.07 billion, an increase of 24% year-over-year.
Hit the subscribe button below if you have not already done so in order to receive the latest content straight to your inbox each week. By hitting the archive button you can view all of my previous newsletters on the website.
Happy investing
Wolf of Harcourt Street
Disclaimer: I am not a financial adviser and I am not here to give specific financial advice. The opinions expressed are for general informational purposes only and are not intended to provide specific advice or recommendations for any individual or on any specific security or investment product. The information is based on personal opinion and experience, it should not be considered professional financial investment advice. There is no substitute for doing your own due diligence and building your own conviction when it comes to investing.