“If we rewind the tape, our security systems could have been better. Data security
just wasn’t high enough in our mission statement.”
—Former Home Depot CEO Frank Blake
Confidential emails spread all over cyberspace. Stolen customer credit card numbers showing up on shadowy underground websites. Multimillion-dollar projects swiped from corporate servers and released online.
These are the kinds of things that keep corporate CIOs awake at night—and they occurred with alarming frequency in 2014.
Some of the victims: Home Depot (NYSE: HD), which saw 56 million customer credit cards compromised in a breach that lasted from April to September; JPMorgan Chase & Co. (NYSE: JPM), the target of an attack that exposed contact information for 83 million individuals and businesses; and eBay (NasdaqGS: EBAY), which in May reported that hackers had gained access to personal data on 145 million customers.
And that’s before we even get to the massive attack on Sony Corp. (NYSE: SNE), which you’ve no doubt heard about if you’ve attempted to watch TV or read a newspaper in recent weeks.
In that breach—arguably the worst in corporate history—cyber thieves made off with reams of sensitive information from Sony Pictures Entertainment, including confidential emails, social insurance numbers for 47,000 employees and even five films—four of which have yet to be released.
According to Variety, one of the movies, Fury, which is still in theatres, has already been downloaded by 888,000 different IP addresses since it popped up online November 27, three days after an ominous message from a hacker group calling itself the Guardians of Peace started appearing on Sony Pictures’ computer screens.
IT Security Budgets “Way Too Low”: Expert
There’s no doubt that 2014 was a tough year for data security.
According to SafeNet, the first half of 2014 saw 559 breaches worldwide, resulting in 375 million stolen or lost customer records. There were 320 more incidents in the third quarter, up nearly 25% from a year ago, resulting in 183 million missing records.
Numbers like these point to a widening gap between hackers’ rapidly evolving methods and corporate network-security budgets, says Investing Daily tech analyst Rob DeFrancesco.
“It is becoming increasingly apparent with each major breach that enterprise budgets for IT security are way too low,” he wrote in the December issue of our Smart Tech Investor advisory.
“Many organizations these days have such limited security functionality on their networks that they don’t even know when they’ve been breached; it often takes months for companies to figure out that accounts and/or records have been compromised.”
A Growing Market
Even before these high-profile incidents, cybersecurity spending was on the upswing.
According to August numbers from Gartner, businesses and governments around the world will spend $71.1 billion safeguarding their data in 2014, up 7.9% from a year ago. In 2015, the IT research firm sees that rate accelerating to 8.1%, for a total of $76.9 billion.
The rate of growth will only accelerate. Research firm Markets and Markets, for example, sees the IT security market growing from $95.6 billion in 2014 to $155.74 billion by 2019, for a 10.3% compound annual growth rate (CAGR). That’s backed up by a separate report from TechNavio pointing to an 11.8% CAGR from 2013 to 2018.
One factor driving the increase is a shift toward cloud computing, where users access software and data on remote servers instead of their own machines or servers in their building.
“The massive shift to the cloud is creating lots of added security concerns,” writes DeFrancesco. “Cloud services, which often run critical applications and store business-critical data, require security controls not covered by solutions designed for on-premise deployments.”
So which cybersecurity stocks will be the big winners? The ones that can best respond to these rapidly changing needs, he writes:
“For 2015, purchase orders will flow to the security vendors with the best next-generation technology for monitoring and securing data, as well as to those capable of fully cleaning up after a breach.”
Many Ways to Invest
Investors looking to add some cybersecurity exposure to their portfolios have plenty of options.
For one, you could invest in large tech firms with a presence in cybersecurity, like Cisco Systems (NasdaqGS: CSCO).
The company is best known for its networking gear, but it’s been bolstering its security offerings in the past two years, mainly through acquisitions. The latest came two weeks ago, when Cisco announced that it would buy Neohapsis, a privately held provider of cloud and mobile security services.
The move comes after the company’s acquisition of ThreatGRID earlier this year. This company helps businesses combat malware, a blanket term for all sorts of nasty programs, from computer viruses to spyware and Trojan horses (or seemingly harmless applications that wreak havoc when opened).
ThreatGRID builds on the anti-malware products Cisco received when it bought Sourcefire for $2.7 billion in July 2013.
And if you’re looking for one-stop access to the cybersecurity market, not to worry. There’s an ETF for that.
On November 11, PureFunds launched the ISE Cybersecurity ETF (NYSE: HACK), which aims to track the performance of the ISE Cybersecurity Index. The fund currently holds 30 companies that provide hardware, software and services related to the cybersecurity industry.
The two largest holdings are VASCO Data Security International (NasdaqGS: VDSI), which provides authentication and electronic signature solutions to financial institutions, and Imperva (NasdaqGS: IMPV), whose offerings protect datacenters, including cloud services.
As you might expect, the ETF has risen sharply in recent weeks, gaining over 7.7% since inception, compared to a 2.1% gain for the S&P 500.
Guarding the Front Door
As for DeFrancesco, he continues to keep close tabs on a number of niche firms, one of which is Varonis Systems (NasdaqGS: VRNS).
As we’ve seen in many recent cases, data breaches often start with someone who has access to a company’s network—such as an employee, former employee or trusted third party.
That’s where Varonis comes in: the company’s solutions first determine who can access various types of files, then allow organizations to see where data is being accessed at all times. The company’s forte is managing and securing unstructured data—or information that doesn’t neatly fit into rows and columns on a traditional database.
“[Varonis is] pulling from budgets for IT security, storage software, collaborative applications, identity and access management and data integration,” wrote DeFrancesco in our November issue of Smart Tech Investor.
Other ways to bet on rising cybersecurity spending include Palo Alto Networks (NasdaqGS: PANW), whose WildFire subscription service quickly identifies and stops unknown malware and other attacks without the need for human intervention; and Fortinet (NYSE: FTNT), maker of the FortiGate network security platform.