Cyber Security – Not Just a Fad
Delwin Graham - Sep 17, 2018
If data is said to be the “new oil”, then we all should be concerned about its secure supply and storage.
If data is said to be the “new oil”, then we all should be concerned about its secure supply and storage. Data and the devices that create it are already an integral part of our lives. There are roughly 20-billion connected devices in the world – just over three for every human being – and that number is projected to grow to at least 50 billion in the next decade (Cf., Leo Almazora, “Why Cyber Security is a Solid Investment Theme,” August 17, 2018, www.wealthprofessional.ca). Globally, information is being generated at a staggering pace. It is said that 90% of the world’s data was created just within the last two years, and the total amount is expected to double every two years (Cf., Almazora, “Cyber Security”).
On the one hand, people are giving out more information about themselves than ever before. A lot of this information is being held on the servers of larger institutions like financial, health-care and pharmaceutical firms. These storage facilities provide a target. Hackers can look to simply steal the information or use ransomware to hold information hostage for millions of dollars. Hackers also mimic these larger institutions by using emails that seem to be coming from trusted sources like Scotiabank and RBC but are actually luring people to phishing sites that collect sensitive and valuable data, such as credit-card numbers.
There are also internal risks to these databases. Firms that randomly test their employees to see if they would click onto an emailed scam typically find that about 10% fall for it (Cf., Almazora, “Cyber Security”). Another internal threat comes from employees actively stealing and selling their organization’s data, which often ends up on the dark web.
Cyber-security attacks are sophisticated and coming from all over the world. Symantec, a company that provides cyber-security products and solutions, reports that over 20% of cyber attacks in 2017 came from China, 11% from the US and 6% from the Russian Federation (Cf., Steven Cress, “Four Stocks to Leverage the Cyber Security Craze,” July 24, 2018, www.cresscap.com). Damages related to cyber crime are projected to hit US$6 trillion annually by 2021.
Corporations are well aware of the risks posed by cyber attacks. Here are a few cautionary tales: Last year, Equifax (EFX:NASDAQ) lost 143-million records that included people’s social insurance numbers, the amount of debt they held, and other key information that made up their financial history. A severe stock-price plunge and reputational fallout was the result. In April of 2018, Mark Zuckerberg of Facebook (FB:NASDAQ) reported that the sensitive information of as many as 87-million users had been leaked and sold to Cambridge Analytica. Once again, the stock took a beating and the company lost trust. In 2016, Uber reported that hackers stole the information of over 57-million riders and drivers. Also in 2016, Yahoo announced that 3‑billion accounts were hacked in one of the biggest breaches of all time.
Cyber security is a substantial worldwide issue that affects individuals, corporations and companies. It is also big business. International Data Corporation projects that organizations are expected to spend US$101.6 billion on cyber-security software, services and hardware by 2020 (Cf., Almazora, “Cyber Security”). This is up from the US$90 billion that was estimated to be spent in 2017.
Of course, we are not the first investors to see opportunity in the cyber-security sector. Launched in September last year, the Evolve Cyber Security ETF (CYBR:TSX) invests in firms that provide hardware, software and consulting services to Fortune 500 companies. It is up approximately 37% over the past 12 months. Perhaps we should expect this as the technology sector has had a tremendous run on the Canadian and US markets over the past ten or so years. However, we might also expect that the cyber‑security sector should be a more robust niche. In an economic or market pullback, people might not buy the latest iPhone or may cancel their Netflix subscription, but corporations probably won’t pull away from their data protection. The possibility of a data breach is much too damaging to the share price and the company’s reputation, and it carries a tremendous amount of liability. Given a bad quarter, the company might lay off workers, defer projects and scale back R&D budgets, but cyber security is a non‑discretionary spend.
Because of the specialized expertise required, most companies will contract out their cyber security to third-party companies rather than take it in-house. While some larger firms might use an internal department to coordinate their efforts, they typically rely on external providers for up-to-date expertise. They often employ two or three cyber‑security providers with separate but overlapping areas of focus, such as hardware solutions, cloud-based systems, and overall consulting.
Cyber security is not a fad but is an integral component of the technology sector. To the extent that we are looking to an investment in technology for portfolio growth, we should then always consider cyber security as a potentially profitable niche. Please contact me (Delwin.Graham@canaccord.com; 780-408-1518) for more details and a few actionable ideas.