Cybercrime remains one of the most pressing global security issues, and the criminals won’t stop out of goodwill. Cybersecurity companies like Palo Alto Networks, Inc. (NYSE: PANW) and Cognyte Software Ltd. (NASDAQ: CGNT) are constantly trying to outsmart criminals, and their role in this fight will become increasingly important.
There are no tanks rolling into the US, no threats of nuclear annihilation, no last-ditch peace summits... but a war has been raging for the past few years. Cybercriminals, often with tacit support of their host states, have been hard at work disrupting infrastructure, stealing resources, and causing general chaos.
The cost of cybercrime on the global economy was $4.2 billion in 2020 alone, and that was a 20% increase over the prior year.[1] This is both an incredible challenge and an opportunity for cybersecurity companies and their shareholders.
Cybercrime attacks are particularly challenging because a single error by one person can open a backdoor into a company’s security system that attackers can exploit. In 85% of cases, this fault is discovered using human engineering.[2] Hackers impersonate clients or employees of the target company in order to gain access to its computer system.
The most damaging and lucrative variant of these attacks are ransomware attacks. Ransomware first made headlines in 2017 with the WannaCry attacks which targeted organizations in more than 150 companies by exploiting a flaw in the Microsoft Windows operating system.[3] As a result, hundreds of computers were damaged, and this evolved into more sophisticated attacks.
A ransomware attack typically begins with either a compromised individual in the target company, or by a phishing attack. Once this malware is in the system, the virus then begins to infect the target company’s computer network. This process can begin as soon as 3 seconds after a computer is infected, and 73% of these attacks are successful.[4] [5] Companies then lose access to their systems which can shutdown mission critical infrastructure.
Over 51% of businesses were hit by ransomware at some point in 2020.[6] Each successful attack cost businesses an average of $732,000 to recover if they didn’t pay the ransom, and over $1.4 million if they elected not to pay. (Yes, paying the ransom almost doubled the cost because of the additional work involved to restore the data!)
To make matters worse, these attacks have become increasingly targeted. In the past, hackers would take a scattergun approach, casting a wide net in the hopes of catching something. Now they specifically target organizations and servers, particularly those of important private companies who often do not report the attacks and who are more likely to pay up.
Another worrying trend from ransomware is a tendency to target essential infrastructure. This might just be due to the potential money involved, but there could be a more sinister reason: State-backed cybercriminals.
The sustained tide of cybercrime shares certain similarities with the rise of Privateers in the 17th Century. Criminals with the support and approval of their nation have set to the seas in search of plunder. There are concerns that these criminals are either ignored or tacitly supported by state security agencies, shielding them from the consequences of their actions. In return, these states gain a powerful weapon to use against their unsuspecting foes.
There is a growing body of evidence that this tactic has been heavily employed by two of America’s biggest competitors: Russia and China. There have been numerous reports of the Russian security services protecting or even providing material support to cybercriminals.[7] This protection has enabled a number of high-profile cyberattacks on Ukraine and even attacks on the United States itself.[8]
In May of 2021, a ransomware attack hit a major oil pipeline operated by Colonial Pipeline.[9] This hack cut off 45% of the East Coast’s oil supply and caused major shortages. This rapidly spiralled into chaos as people panic bought at gas stations.[10] The group behind the attack, DarkSide, has been the mastermind of a series of ransomware hacks in the past year.
These operations, which have become increasingly sophisticated, tend to operate out of former Soviet Republics, China, or North Korea. They also seem to be sparing Russian speaking companies, implying an at least quasi-patriotic agenda. This all points to a significant challenge for the West.
It is clear that Russia and China have understood the potential benefits of sheltering cybercriminals. It is also becoming obvious that we are in the midst of a series of proxy wars, where these criminals are given tools and resources to cause maximum disruption to Western industry.
The obvious response would be for the US and other nations to set up their own “privateers.” However, Western nations are bound to follow certain standards and rules, which means that it would be difficult to justify supporting our own cybercriminals. Instead, Western powers are forced to react to a rapidly developing situation and build tools that can help to protect governments and businesses.
The NSA and other organizations are already working on strategies to mitigate the effectiveness of cyberattacks, but the problem is so big that the government alone can’t win this fight. The criminals are typically targeting companies operating vital infrastructure. This means rapid scalable solutions are urgently needed in order to give the West a fighting chance — creating a unique opportunity for cybersecurity companies.
The US government appears to have finally woken up to the threat of cyberattacks. The current administration has earmarked $10.2 billion to cybersecurity development and has recently passed an executive order on the topic.[11] [12] This is just the beginning, and cybersecurity spending globally is set to top $60 billion.[13]
This all equates to a massive opportunity for investors with a stake in the right companies. The cybersecurity sector is highly technical and therefore difficult for many investors to navigate — but there are some companies that are very well-positioned to take advantage of this market situation with scalable, flexible technologies.
The big challenge for investors is navigating what is a rapidly changing and highly fragmented market. There are a large number of smaller providers with highly specialized niches. This has created a situation where it is exceedingly difficult for investors to identify which stocks have potential in their chosen niche, and which are likely to be outcompeted.
This fragmentation along with the potential growth pattern of cybersecurity companies has led to a 40% increase in the transaction volume of M&As over the past 5 months.[15] These M&As are primarily being conducted by two groups: best-of-breed security providers and private equity firms. The recent action from private equity firms is particularly useful in demonstrating the prevailing dynamic of the cybersecurity space.
Private equity firms are primarily targeting larger more established cybersecurity companies. The most interesting example is private equity firm Symphony Technology Group (STG). A consortium led by this firm has been aggressively targeting high-profile enterprise level cybersecurity stocks. In January 2021, the firm acquired the enterprise business of McAfee Corp. (NASDAQ: MCFE) in a transaction worth $4.0 billion.[16]
Most recently, STG acquired FireEye, Inc.'s (NASDAQ: FEYE) products business, including the name, in a transaction worth $1.2 billion.[18] Post-transaction, FireEye will continue trading under the name Mandaint with a to-be-determined ticker symbol.
Both of these transactions are interesting because they show that private equity firms are looking to capture established low-margin legacy businesses in order to grow them and extract as much value as they can.
The Mandaint transaction is particularly interesting in light of what FireEye's CEO said in relation to the transaction: “We will be able to concentrate exclusively on developing our intelligence and frontline expertise.”[19] In other words, FEYE agreed to the transaction in order to off-load their low-margin product portfolio and focus on a high growth market segment.
This is important because it means that investors should be avoiding household security names. These larger companies are failing to innovate in a rapidly growing space, and while there may be a flurry of M&As, they will be targeted by private equity firms and gutted. Instead investors should be looking at start-ups with promising technology, or best-in-breed security providers.
In contrast to private equity firms, security providers have been focusing on acquiring new technologies in order to fill gaps in their offering. As companies become increasingly aware of the many attack vectors, there has been a rising demand for specialized solutions. At the same time, 80% of company leaders want to consolidate the number of security vendors that they are using.[20]
This has led to companies like Palo Alto Networks, Inc. (NYSE: PANW) pursuing a strategy of aggressive acquisition. The company has spent nearly $3 billion on acquisitions including the IoT security company Zingbox, the machine identity firm Aporeto, and the attack surface management company Expanse.[21]
All these transactions are part of a strategy to build a comprehensive product suite surrounding their primary service offering, firewall technology.
Theoretically PANW should be considered a solid buy, and 32 out of 34 analysts say as much.[22] The company has grown by 48.6% in the past year, has a solid acquisition portfolio with no long-term debt, and is perfectly placed to take advantage of the administration’s cybersecurity infrastructure spending through its firewall offering. There’s just one problem — it isn’t making money.
PANW’s GAAP earnings have been consistently negative. The company’s net loss in Q3 grew to $145.1 million, or $1.50 per diluted share.[23] This is mostly down to the company’s aggressive acquisition costs, but it is growing at just over 20% which is not enough to justify the costs.
While PANW may well outperform the market, its weaknesses mean that there are better options for investors looking for a winning pure play cybersecurity stock.
In an amusing turn of events, I had originally intended to recommend VirtualArmour International Inc. (OTCQB: VTLR / CSE: VAI) as a hot stock to watch, and a likely acquisition target. It turns out I was correct as just prior to submitting this article for publication, VirtualArmour was acquired by Evergreen Services Group in a $12.25 million transaction.[24] This is $4.75 million over the company's current market cap, which is good news for any investors currently holding VTLR.
The acquisition is interesting because it helps to provide a realistic guideline for the types of company that investors should be looking for. VTLR was a relatively low-profile stock in possession of a rapidly growing core business as an MSSP for small to medium companies.
Investors looking for solid longterm plays in the cybersecurity sector should be looking for companies with a similar profile to VTLR. This is challenging because of the sheer number of companies out there, but let’s take a look at another example of a high potential company you could target.
Cognyte Software Ltd. (NASDAQ: CGNT) is a young Israeli company that ticks all the right boxes. The company is the result of a spin-off from Verint® Systems Inc. (NASDAQ: VRNT) and represents a switch from a product to a software-based growth strategy.[25]
CGNT has a strong core product offering in the form of the company’s analytics platform which underpins its entire product portfolio. This enables CGNT to simultaneously allow companies to reduce their number of vendors while maintaining best-of-breed solutions that will help to identify threats in real-time.
This technology is useful because it is highly flexible. One use case is in using analytics to deanonymize criminals using cryptocurrency to collect ransomware.[26] Despite popular misconceptions, most cryptocurrencies are not fully private.
It is possible to trace transactions from one point to another, and even if criminals use methods such as “coin-mixing” software to mask transactions, there are always breadcrumbs that can be followed. Advanced analytics software such as that offered by Cognyte can use these breadcrumbs to figure out the source and destination of a crypto transaction making it harder for criminals to hide.
In addition to Cognyte’s strong product offering, it is also making money. In its first quarter results, the company generated $114.7 million in revenue and achieved a gross profit of $81.9 million. Not bad for a company with just a $1.5 billion market cap. Especially when compared to Palo Alto Networks, Inc. (NYSE: PANW), a company that is making a consistent loss, with a market cap of $35 billion.
With the current US administration demonstrating the willpower to stand up to Russia and China, it is likely that cybersecurity is going to come under sharp focus in the next few years. This means that the cybersecurity sector is likely to experience a significant injection of government capital. Their customer base is also going to grow as companies continue the transition into working online.
With that in mind it makes sense to target cybersecurity stocks now. The low-risk way to do this is to find a quality cybersecurity ETF. There are a number of these that will work well but my preferred choice is Global X Cybersecurity ETF (NASDAQ: BUG), which is currently outperforming Vanguard S&P 500 ETF (NYSE: VOO) by 6.57% month-to-date.[27]
That being said, ETFs are not the best way to strike gold, and if you just wanted an ETF you wouldn’t be reading this article. If you want real gains you should look to pick a cybersecurity stock that has the potential to grow in the medium-long-term, and preferably is an acquisition target. For me the most important factors are...
A company like Cognyte Software Ltd. (NASDAQ: CGNT) ticks many of these boxes. If you agree this company fits the bill, I strongly recommend doing your due diligence, and deciding whether this opportunity is the best way for you to gain exposure to the huge potential offered by the cybersecurity sector.
Saul Bowden, Contributor
for Investors News Service
P.S. To discover more opportunities in the hottest sectors in North America, sign up now to the Financial News Now newsletter to get the latest updates and investment ideas directly in your inbox!
DISCLAIMER: Investing in any securities or cryptocurrencies is highly speculative. Please be sure to always do your own due diligence before making any investment decisions. Read our full disclaimer here.
[1] https://www.hipaajournal.com/fbi-4-2-billion-lost-to-cybercrime-in-2020/
[2] https://www.verizon.com/business/en-gb/resources/reports/dbir/
[3] https://www.nytimes.com/2017/06/27/technology/global-ransomware-hack-what-we-know-and-dont-know.html
[4] https://enterprise.comodo.com/blog/how-fast-does-ransomware-work/
[5] https://www.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-the-state-of-ransomware-2020-wp.pdf
[6] https://www.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-the-state-of-ransomware-2020-wp.pdf
[7] https://carnegieendowment.org/2018/02/02/why-russian-government-turns-blind-eye-to-cybercriminals-pub-75499
[8] https://www.reuters.com/article/us-ukraine-cyber-idUSKBN2B81D8
[9] https://www.nytimes.com/2021/05/08/us/politics/cyberattack-colonial-pipeline.html
[10] https://edition.cnn.com/2021/05/12/business/gas-shortage-colonial-pipeline/index.html
[11] https://www.forbes.com/sites/gordonbitko/2021/01/27/how-bidens-102b-investment-can-transform-federal-cybersecurity-post-solarwinds/
[12] https://www.forbes.com/sites/gordonbitko/2021/01/27/how-bidens-102b-investment-can-transform-federal-cybersecurity-post-solarwinds/
[13] https://www.infosecurity-magazine.com/news/global-cybersecurity-spending-to/
[14] https://www.optiv.com/sites/default/files/images/Cybersecurity-Technology-Map-Web-min.png
[15] https://www.carbonblack.com/resources/modern-bank-heists-2020/
[16] https://www.mcafee.com/enterprise/en-us/about/newsroom/press-releases/press-release.html?news_id=99600ca9-4df7-41a5-9a0d-63d00b04a625
[17] https://www.mcafee.com/enterprise/en-us/about/newsroom/press-releases/press-release.html?news_id=99600ca9-4df7-41a5-9a0d-63d00b04a625
[18] https://www.channelfutures.com/mergers-and-acquisitions/security-hungry-stg-adds-fireeye-products-acquisition-to-mcafee-rsa
[19] https://www.channelfutures.com/mergers-and-acquisitions/security-hungry-stg-adds-fireeye-products-acquisition-to-mcafee-rsa
[20] https://www.gartner.com/smarterwithgartner/gartner-top-security-and-risk-trends-for-2021/
[21] https://www.fool.com/investing/2021/05/27/reasons-buy-palo-alto-networks-after-q3-earnings/
[22] https://seekingalpha.com/article/4430888-palo-alto-wall-street-princess-cant-make-money
[23] https://investors.paloaltonetworks.com/investor-relations/news-releases/news-release-details/2021/Palo-Alto-Networks-Reports-Fiscal-Third-Quarter-2021-Financial-Results/
[24] https://www.stockwatch.com/News/Item/Z-C!VAI-3103041/C/VAI
[25] https://www.businesswire.com/news/home/20210115005107/en/Verint-Announces-Record-Date-and-Distribution-Date-for-Spin-Off-of-Cognyte-Software-Ltd.-Verint%E2%80%99s-Cyber-Intelligence-Solutions-Business
[26] https://betanews.com/2021/06/15/advanced-analytics-cryptocurrency-challenges/
[27] https://www.etf.com/etfanalytics/etf-comparison/VOO-vs-BUG
