A GUIDE TO CYBERSECURITY INVESTING INVESTMENT STRATEGY GROUP April 2019
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
A GUIDE TO CYBERSECURITY
INVESTING
INVESTMENT STRATEGY GROUP
April 2019
A GUIDE TO CYBERSECURITY INVESTING
I N V E S T M E N T S T R AT E G Y G R O U P
WWW.JANNEY.COM • © JANNEY MONTGOMERY SCOTT LLC • MEMBER: NYSE, FINRA, SIPC • A GUIDE TO CYBERSECURITY INVESTING • REF: 190412A • PAGE 2
MIKE HALLORAN, CFAEquity Strategist
Mike Halloran is an Equity Strategist with more than 20 years of experience as a strategist, mutual fund analyst and investment banker. He analyzes all asset classes with particular emphasis on equity research.
Mike received his M.B.A. from Carnegie Mellon University and is a former aerospace research engineer with engineering degrees from the University of Florida and University of Pittsburgh.
BACKGROUND ON CYBERSECURITY
Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. With the continuous advancement of corporate and personal communication systems, and massive data generation, the need for cybersecurity is evolving and growing rapidly.
According to a recent report from the Center for Strategic and International Studies (CSIS), the amount of malicious activity on the internet is staggering. One major internet service provider (ISP) reports that it sees 80 billion malicious scans a day, the result of automated efforts by cybercriminals to identify vulnerable targets. Many researchers track the quantity of new malware released, with estimates ranging from 300,000 to a million viruses and other malicious software products created every day.
The Privacy Rights Clearinghouse estimates there were 4.8 billion records lost because of data breaches in 2016, with hacking responsible for about 60% of these.
The Federal Bureau of Investigation (FBI) estimated there were 4,000 ransomware attacks every day in 2016. The FBI also recently announced its biggest transformation since the 2001 terror attacks to retrain and refocus special agents to combat cybercriminals. This effort is in response to an expanding range of cyber attacks sponsored by foreign adversaries against businesses or national interests, including Russian election interference and Chinese cyber thefts from American companies, among others.
LOSSES FROM CYBERSECURITY
CSIS estimates the global cost of cybercrime may be as high as $600 billion, or 0.8% of annual global economic output, with all regions and countries impacted.
Major elements of cybercrime costs include:
• online fraud and financial crimes (identity theft);
• loss of intellectual property and confidential business information;
• opportunity costs (business disruption);
• cost of securing networks and buying cyber insurance;
• and reputational damage and liability risk for the hacked company and brand.
Banks are the favorite target of skilled cybercriminals from rogue nation-states. There is agreement among global bank regulators that state-sponsored bank robbery and cybercrime pose significant financial system risk. The combination of massive budgets, access to talent, and protection from law enforcement makes nation-states the most dangerous source of cybercrime.
Key Takeaways:
• Cybersecurity has become a top priority for companies and governments worldwide.• Cyber attacks have increased and spending on cybersecurity has risen along with them.• Network security, identity and access management, and automation are among many
areas where spending will remain prevalent in the coming years, creating opportunities for investors.
Table 1: Estimated Daily Cybercrime Activity
(Source: Center for Strategic and International Studies)
Cybercrime Estimated Daily Activity
Malicious scans 80 Billion
New malware 300,000
Phishing 33,000
Ransomware 4,000
Records lost to hacking 780,000
This paper establishes the rationale for cybersecurity investing and includes representative companies and ETFs.
CYBERSECURITY SPENDING GROWING AT SIGNIFICANT PACE
Because of these growing threats, cybersecurity spending continues to grow at a rapid pace. Gartner, a technology research and advisory firm, estimates that worldwide information security and risk management spending will exceed $114 billion in 2018, growing at a rate of 9.4% to $159.7 billion by 2022. Table 2 shows cybersecurity spending by sub-segments.
We expect the following areas of security spending to remain prevalent in the coming years.
NETWORK SECURITY
A traditional computing network typically has a clearly defined network perimeter with firewalls that work to defend the perimeter (or walls) of the data center (think on-premises computer systems). Investing to protect the perimeter of networks will remain a key piece of cybersecurity with firewall vendors maintaining their importance. Palo Alto Networks (PANW), Fortinet (FTNT) and Check Point (CHKP) are three key firewall vendors. Cisco (CSCO) is also a major provider of network security equipment.
CLOUD SECURITY
Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. The term generally describes data centers available to many users over the internet. Because it offers flexibility, efficiency, and strategic value, cloud computing is quickly becoming a major resource for users. Currently, enterprises have less than 25% of their
workloads in public clouds but that is expected to grow to more than 50% by 2022. Cloud computing significantly alters the concept of a network perimeter and firewalls and has major implications for cybersecurity.
Significant opportunities exist for cybersecurity cloud vendors. In addition, Amazon (AMZN), Microsoft (MSFT), and Alphabet (Google’s parent company – GOOGL) are major cloud computing service providers and cybersecurity is a major priority for them. They have the financial and intellectual capital required to make the necessary investments in cybersecurity to ensure the sustainability of their products and services.
Scalability, managing user access, and dynamically protecting workloads are all major security priorities as enterprises shift from physical (traditional) to virtual (cloud) networks. Regardless of network configuration, several security categories will remain significant.
ENDPOINT SECURITY
An endpoint is a remote computing device (desktop, laptop, phone, or tablet) that connects to a network. This remains the top priority for security investment, according to a recent Goldman Sach’s Chief Information Officer (CIO) survey. With the proliferation of mobile computing devices and the movement to cloud computing (think corporate data on devices connected to unprotected networks), endpoint security becomes more critical. While there are other promising upstart companies in the space, Symantec (SYMC) and McAfee (a joint venture between TPG Capital (51%) and Intel (49%)) are the traditional providers.
EMAIL SECURITY
Email remains a critical security element with threats evolving at a rapid pace (92% of malware delivered via email). Industry estimates have consistently underestimated
WWW.JANNEY.COM • © JANNEY MONTGOMERY SCOTT LLC • MEMBER: NYSE, FINRA, SIPC • A GUIDE TO CYBERSECURITY INVESTING • REF: 190412A • PAGE 3
Table 2: Security Spending by Segment — $ Billions
(Source: Gartner)
Market Segment 2017 2018E 2019E 2020E 2021E 2022E CAGR ’17-’22E
Application Security 2,434 2,742 3,003 3,230 3,519 3,818 9.4%
Cloud Security 185 304 459 656 922 1,260 46.7%
Data Security 2,563 3,063 3,524 3,960 4,511 5,077 14.6%
Identity Access Management 8,823 9,768 10,578 11,305 12,299 13,228 8.4%
Infrastructure Protection 12,583 14,106 15,337 16,390 17,789 19,342 9.0%
Integrated Risk Management 3,949 4,347 4,712 5,062 5,505 5,966 8.6%
Network Security Equipment 10,911 12,427 13,321 14,157 14,740 15,347 7.1%
Other Information Security Software 1,832 2,079 2,285 2,467 2,694 2,926 9.8%
Security Services 52,315 58,920 64,237 71,956 78,525 85,405 10.1%
Consumer Security Software 5,948 6,395 6,661 6,774 7,014 7,316 4.2%
Total 101,544 114,152 124,116 135,955 147,517 159,685 9.4%
market growth and tools that are ever more sophisticated are needed to cover new threats. While Proofpoint (PFPT) is a major provider of email security, Google (GOOGL) also benefits from being a best-in-class provider of email service.
IDENTITY AND ACCESS MANAGEMENT
Identity and access management (IAM) systems authorize individuals who will be utilizing network resources, and verify the hardware and applications they need to access. IAM solutions have become more critical as regulatory compliance requirements have become increasingly rigorous and complex.
SECURITY AUTOMATION AND ANALYTICS
Cybersecurity is manually intensive with a growing skills gap and labor shortage. This poses a significant challenge for security programs globally. Operationally, there are a high volume of alerts (which often require manual responses), many false positives (with third party estimates quantifying up to 40% of alerts as false positives), and a lack of integration across dozens of discrete tools.
Automation, analytics, and machine learning (artificial intelligence) is making security analysts more efficient
and reducing the frequency and cost of security breaches. This branch of cybersecurity will remain important regardless of the network model (traditional or cloud). Splunk (SPLK) is a leading provider of security analytics that has integrated artificial intelligence into their platform. Major cloud service providers (Amazon, Microsoft, Google) are also investing heavily in data analytics and artificial intelligence and have significant resources (intellectual and financial) to address cybersecurity problems.
PLATFORM PROMISE
There is a strong desire from customers for an integrated security platform (securing a platform was the number two priority in a recent Goldman Sach’s CIO survey). A platform has several benefits – billing one vendor, removal of system integration burden, reducing security gaps, and removal of silo problem inherent with multiple vendors. The security industry is also very fragmented and ripe for consolidation. This provides a fertile environment for platform development.
While a complete platform solution is difficult to achieve, Palo Alto Networks, Symantec, and Check Point Software have all had success with bundling services.
WWW.JANNEY.COM • © JANNEY MONTGOMERY SCOTT LLC • MEMBER: NYSE, FINRA, SIPC • A GUIDE TO CYBERSECURITY INVESTING • REF: 190412A • PAGE 4
Table 3: Representative Cybersecurity Companies and ETFs
Stock or Fund Ticker Forward P/E
Earnings Growth %
DIV YIELD % COMMENTS
First Trust Nasdaq Cybersecurity ETF CIBR - - 0.2 Tracks the Nasdaq CTA Cybersecurity Index.
ETFMG Prime Cyber Security ETF HACK - - 0.1 Tracks the Prime Cyber Defense Index, which utilizes a rules-based approach to select cybersecurity companies.
Alphabet GOOGL 26.0 17 - Major internet and cloud service provider with security a top priority. Leader in artificial intelligence and data analytics, which are growing in importance.
Amazon.com AMZN 65.9 45 - Major cloud service provider with security a top priority. Leader in artificial intelligence and data analytics, which are growing in importance.
Check Point Software Technologies CHKP 21.1 8 - Leading cybersecurity pure-play. Provides protection for networks, cloud environments, endpoints, and mobile users.
Cisco Systems CSCO 18.1 12 2.5 Major network equipment provider with security a top priority.
Fortinet FTNT 42.0 12 - Leading integrated security solution provider to small- and medium-size businesses with fast growing cloud security business.
Microsoft MSFT 27.1 12 1.5 Major software and cloud service provider with security a top priority. Leader in artificial intelligence and data analytics, which are growing in importance.
Palo Alto Networks PANW 44.2 25 - Leading firewall provider and successfully developing integrated platform solutions.
Proofpoint Inc. PFPT 74.5 26 - Leader in email security that remains critical to cybersecurity.
Splunk SPLK 76.7 - Leader in security data analytics and applying artificial intelligence to the security problem – an area of growing importance to cybersecurity.
Symantec SYMC 14.6 5 1.3 Major provider of consumer and enterprise security solutions and developing integrated platform solutions.
Disclaimer: Past performance is no guarantee of future performance and future returns are not guaranteed. There are risks associated with investing in stocks such as a loss of original capital or a decrease in the value of your investment. For additional information or questions, please consult with your Financial Advisor. This report is provided for informational purposes only and shall in no event be construed as an offer to sell or a solicitation of an offer to buy any securities. The information described herein is taken from sources which we believe to be reliable, but the accuracy and completeness of such information is not guaranteed by us. The opinions expressed herein may be given only such weight as opinions warrant. This Firm, its officers, directors, employees, or members of their families may have positions in the securities mentioned and may make purchases or sales of such securities from time to time in the open market or otherwise and may sell to or buy from customers such securities on a principal basis.
Related Documents
