The cybersecurity firms profiting from the boom in cyber attacks
The recent data breaches affecting millions of Optus and Medibank customers are just the tip of a large, and growing, iceberg. No surprise then that demand for security software is growing exponentially, as is the list of businesses ready to meet that demand.
The Medibank data breach is reported to have exposed details of four million Australians, both past and present customers, including the passport, driver’s licence, and birth certificate details of individuals Medibank is in the process of contacting directly.
Likewise, almost ten million Australians had their data exposed in the recent Optus hack with 100,000 passport numbers compromised, while personal information including driver’s licence numbers, home addresses and phone numbers has also been stolen – information required for identity theft – from many more.
And amid fines, tighter regulation and the possibility of a future class action, Medibank’s share price has suffered, falling 20 per cent since the cyber-attack was announced. The share price is back to where it was in March 2016.
The wave of hacks is not confined to Australia
Earlier this year, Samsung announced its internal databases were breached by a group of hackers called Lapsus$. According to CNBC, the group stole almost 200 gigabytes of confidential Samsung source code, potentially helping hackers find vulnerabilities that could give criminals access to affected devices.
Large-scale social engineering and extortion campaigns by Lapsus$ have hit some of the world’s biggest tech companies including Microsoft, Nvidia (71,000 employee email accounts hacked), Ubisoft and Okta.
The Lapsus$ group, according to a story on Bloomberg, is believed by some investigators to be the work of a 16-year-old English boy, a Brazilian teenager and at least another five members.
But no matter who is responsible, the hacks will lead companies to reassess their current cyber defenses and make additional enhancements.
Figure 1. IT consulting firm Booz Allen Hamilton, share price, October 27, 2022
The beneficiaries of this work will be cybersecurity companies and their advisers. As Figure 1 illustrates, the share prices of companies like Booz Allen Hamilton can and will buck the current bearish narrative gripping stocks more generally.
An acceleration in the adoption of cloud computing
Tailwinds from the pandemic and remote working it inspired have led to an acceleration in the adoption of cloud computing – something we have written about here at the blog before. At an enterprise level, cloud migrations continue to expand from what some describe as fringe applications to business-critical workflows. Consequently, security needs beefing up so enterprise can capture the advantages of the cloud, while maintaining high levels of security and confidence.
Consider Google’s acquisition this year of cybersecurity firm Mandiant – a business focused on cyber-incident response and cybersecurity testing – for US$5.4 billion. Microsoft and Amazon are also reported to be ramping up their efforts to boost their presence in the accelerating growth industry.
Referring to Google’s acquisition, Forrester Research analyst Jeff Pollard, said in March this year: “This is just the beginning of what we’re going to see in terms of cybersecurity acquisitions for all the big cloud firms.”
Consider also the internet of things
As technology connects devices around the world and industries are forced to digitise everything from home irrigation systems to global freight, the networks present a potentially open door to hackers. In the technology field, they describe this as an expansion of the ‘attack surface’.
Samsung and Medibank’s breaches illustrate the point: the risks are born by individuals, supply chains, and even health and safety infrastructure.
According to various researchers, the market for security software is expected to grow to more than US$350 billion by 2026, from half that amount in 2020.
As globalisation and the digital economy’s expansion accelerates so must the requirement for safe digital collaboration, privacy and security. This will force continuous upgrades to the digital architecture beneath all B2B and B2C processes.
Separately, in the U.S., officials are said to be imploring domestic businesses to increase their cyber defense systems amid a rising threat of Russian and Chinese cyber-attacks.
The theme points to structural revenue and earnings growth for some globally listed cybersecurity-related companies, a list of which is provided below for further investigation, (taken from various Cybersecurity ETF constituent disclosures).
Be sure to seek and take personal professional advice before investing in any of these businesses.
|Infosys Limited (ADR)||INFY|
|Cisco Systems, Inc.||CSCO|
|Palo Alto Networks, Inc.||PANW|
|CrowdStrike Holdings, Inc. (Class A)||CRWD|
|Science Applications International Corp||SAIC|
|Booz Allen Hamilton Holding Corp||BAH|
|Juniper Networks, Inc.||JNPR|
|CyberArk Software Ltd.||CYBR|
|Leidos Holdings, Inc.||LDOS|
|Check Point Software Technologies Ltd.||CHKP|
|Akamai Technologies, Inc.||AKAM|
|Ping Identity Holding Corp.||Recently acquired by Thoma Bravo for $2.8bn|
|Cloudflare, Inc. (Class A)||NET|
|SentinelOne, Inc. (Class A)||S|
|Tenable Holdings, Inc.||TENB|
|Trend Micro Incorporated||4704 JT|
|Varonis Systems, Inc.||VRNS|
|NetScout Systems, Inc.||NTCT|
|KnowBe4, Inc. (Class A)||KNBE|
|A10 Networks, Inc.||ATEN|
|NCC Group Plc||NCC.LN|
|Ribbon Communications Inc.||RBBN|
|Arqit Quantum Inc.||ARQQ|