A high profile cyber-attack on the NHS and a computer system meltdown at British Airways have put cyber security stocks firmly in the spotlight. But experts who have been tracking the trend say the real momentum in the sector started with an attack on US retail group Target (TGT) in 2014.
There are around 180,000 recorded data breaches across the world every day. Given an estimated 70% of cyber breaches go undetected, the true scale of this problem is colossal.
Not only do organisations who suffer security breaches undertake severe reputational damage, new legislation set to come into force next year could impose fines on companies which do not do enough to protect themselves – and their customers. From 2018, listed companies will be forced to reveal any cyber security breach, no matter how big or small, and firms are spending billions to avoid any potential situation.
Nick Evans, co-manager of the Bronze Rated Polar Capital Technology fund, said: “The threat landscape is pretty intense at the moment. That has got to be helpful to cyber security companies because it means more companies are focused on having the latest layers of protection in place.”
The fund has returned 58.6% over the past year.
Morningstar analyst Samuel Meakin said: “This fund benefits from experienced managers backed by a well-resourced team, and is a compelling offering for investors seeking long-term benefit from the growth prospects of the sector.
“We believe the fund is managed by one of the strongest and best-resourced dedicated technology teams in the market.”
Companies Need to Invest to Protect ‘Core’ Systems
One of the main areas Evans is tracking is email security, where companies such as Proofpoint (PFPT) protect mailing systems. The business was involved in identifying and stopping the recent NHS ransomware attack. Other companies involved in this area include Mimecast (MIME), which is focused more on smaller businesses.
Evans said: “Cyber security used to just be about protecting the boundary of your business with firewalls and similar software, but now there is sort of acceptance that bad guys are going to get in, so you have to limit what they can do with some extra layers.”
CyberArk (CYBR) is focused on credential management, which determines who has access to certain areas of a computer network. It can monitor a system and flag up if an employee is doing something out of the ordinary, trying to access files at an unusual time for example.
Evans said: “If you had email protection first off and CyberArk protecting the core of your system then it would have been much harder for the NHS attack to have taken place.”
Is Cloud Computing ‘Safer’?
Another area of increasing importance is cloud computing, which means keeping all of your data in the so-called cloud rather than stored locally on your own computer, phone or tablet device where it could get held to ransom. The leaders in this space are big technology names Microsoft (MSFT), Alphabet (GOOGL) and Amazon (AMZN).
Evans said: “If you look at recent breaches, they likely wouldn’t have happened in the same way if data had been stored in the cloud in the first place. One element of the NHS breach was that Microsoft had issued updates which would have protected against the attack, but they hadn’t been installed.”
The Neptune Global Technology fund has returned 49.5% over the past year. Manager Ali Unwin said: “Spending in this area isn’t a case of having a one-off splurge. The threats change every day and that means organisations have to keep spending.”
He likes firewall firm Palto Alto Networks (PANW), a leader in network security. Some experts expect the firm to double its 10% market share by 2025.
Modernising ‘Legacy’ Computer Systems
But it’s not all breaches and cyber-attacks; legacy computer systems which haven’t been invested in have caused major issues too. The most recent high-profile meltdown was at British Airways when human error was blamed for bringing the firms’ computers to a standstill.
Unwin said: “You should never have a system that can be knocked over so quickly. But avoiding that involves a lot of expenditure for businesses; dinosaur companies need to spend to truly modernise their systems. I would be surprised if we didn’t see something similar happen again elsewhere.”
Alexandre Mouthon is a product specialist of the Pictet Security fund, which has returned 24.6% over the past year. He is interested in the opportunities and challenges presented by the Internet of Things, whereby numerous devices are linked and can communicate with each other. He said: “It is both exciting and terrifying.” But as company valuations have soared in recent months, the fund has reduced its exposure to cyber security stocks to around 17% of assets.
While cyber spending continues to rise, many investors are concerned that the significant returns being generated by technology funds could be the sign of a new dot com bubble.
Unwin said: “We focus on profitable companies, rather than just looking for firms doing exciting things. As the internet becomes a bigger part of life, securing it will become one of the most important things companies can do. Consumers have high expectations.”