NEW YORK (MainStreet) — The rampant data breachesthroughout the past year have spelled nothing but bad news for major corporations and millions of American consumers. Sony, Home Depot, Target, eBay and Apple are among the victims, with their customers and users suffering compromised sensitive personal and financial information. But as anxiety has swelled especially over the busy shopping period, there’s a silver lining for investors: the opportunity to capitalize on the prevalent hacks by investing in cybersecurity.
According to a PwC report from September, cyber hacks are increasing at 66% year-over-year, and cybersecurity investments are responding in kind: IDC is expecting the cybersecurity sector to have a 7% compound annual growth rate through 2017.
“It’s a growth industry, so to speak,” said Christian Magoon, consultant to the PureFunds ISE Cyber Security ETF (HACK), which launched on November 12 and is comprised of 30 holdings that are plays on cyber protection.
Magoon, who rang the New York Stock Exchange opening bell this morning on behalf of HACK, said the three main advantages of investing in cybersecurity are long-term growth potential, event-driven appreciation and diversification.
WATCH: More personal finance videos on MainStreet | More videos from Ross Kenneth Urken
Traditional index investing has not allowed for an isolated play at cybersecurity, but the HACK ETF allows for exposure to three main categories across companies in the U.S., Israel, and South Korea: cybersecurity hardware, software, and consulting. Though the individual companies in the ETF may have different utilities or products -- 89% of companies are focused on hardware and software (infrastructure), with 11% focused on consulting (services) -- the ultimate goal they share is enhanced cybersecurity.
The largest holding in the ETF is VASCO Data Security International (VDSI), a U.S.-based company involved in infrastructure for software security that manages information assets in a safe system environment. The second largest holding in the HACK ETF is Imperva (IMPV), a software and services company that protects databases, primarily in the financial services and health care sectors.
The ETF has more obscure names like Splunk (SPLK), an operational intelligence platform, along with the bread-and-butter of the sector like FireEye Inc. (FEYE) and Palo Alto Networks, Inc. (PANW), which Magoon dubs “the poster child for cybersecurity.”
The spate of breaches for major corporations has raised the profile of cybersecurity for corporate America, according to David P. Fidler, a professor at Indiana’s Mauer School of Law and an expert on the relationship between international law and cyber space. That’s created pent-up demand.
“Even though experts have been warning about the relative lack of cyber preparedness in many U.S. companies, the response from leaders in C-suites has been less than optimal, despite the evident risks and potential downsides with customers and investors,” he said. “So, with a cybersecurity gap to fill in many corporate settings, companies that provide cybersecurity services will have a growing market.”
That growth in cybersecurity amid the rising threat of data breaches is making the market move.
“To prevent and counter persisting and evolving spectra of security threats, we must continue to leverage our scientific know-how and technological advantage in very deliberate and conscious ways at every level,” said Massoud Amin, director of the University of Minnesota’s Technological Leadership Institute. “These cyber threats will continue to become more sophisticated, and even lethal, to bully, steal IP, and target personal, corporate, governmental, national and international assets.”
The field is expected to grow in demand, Amin says, as exemplified by the robust employment expectations: more than 60,000 positions in cybersecurity are expected to be filled in the next three years.
“This trend will persist in the coming years, and is combined with a heightened need for more innovative and improved ways to enable and protect economic growth as well as to secure our nation and the world while preserving individual privacy, our values and way of life,” Amin said.
Protective Investments: Cyber Armor
The HACK ETF allows investors diversified exposure to the sector, but greater trends within cybersecurity can also point investors in the right direction to profit off of our collective misfortune.
PANW, which is part of the HACK ETF, has performed well given its focus on providing cyber firewalls; it was the market leader, up 118% year-to-date. To boot, there is still significant upside to the current share price heading into 2015, according to Andrew Nowinski, a senior research analyst at Piper Jaffray. As PANW looks poised to gain market share, he says, shares will be driven higher.
One of the key areas of growth for PANW and the rest of the industry is in the enterprise endpoint market. This segment accounted for $4 billion in revenue in 2014, captured mostly by the traditional anti-virus vendors.
“I believe the vendors that integrate advanced malware protection, such as Palo Alto’s Traps solution, will capture an increasing amount of revenue from this segment at the expense of the AV vendors,” Nowinski said.
Other trends to look out for: the Advanced Packaging Tool (APT) market, focused on a free software user interface that works with core libraries for installation and removal of software, will also grow with IDC estimating this market will reach $1.5 billion in 2015. Palo Alto’s Wildfire subscription provides APT protection, for example, though only 4,000 out of their total 21,000 customers have subscribed to it. But that leaves ample slack for growth, Nowinski said.
The core firewall market still has a lot of room to grow. Gartner estimates that only 20% of enterprises are running a next-generation firewall.
“The remaining 80% are still leveraging legacy or ‘stateful’ firewalls, which lack many of the performance and security attributes of a next-generation firewall,” Nowinski said.
The Look Ahead
Indiana University's Fidler believes a lot of the market returns will be dependent upon whether or not breaches continue to dominate the headlines.
Of course, corporations will have to determine whether the expense of hiring outside cybersecurity assistance is worth the cost of preventing a potential hack with all the attendant negative externalities.
Fidler also believes investments would depend on whether the Sony hack and other high profiled breaches catalyze action in Congress with regard to cybersecurity legislation that requires companies to improve cyber defenses and thus spend on security.
Fidler expects “healthy demand” from cyber forensics companies that focus on managing and analyzing the fallout from a hack and also cybersecurity services that help companies prevent attacks.
Device reputation and identity proofing will be keen areas of growth, according to Robert Siciliano, security expert with BestIDTheftCompanys.com.
As long as hackers keep up their current shenanigans, the bad news out there is great news for cybersecurity stocks ahead.
“Cyber hacks are increasing in frequency and sophistication,” said Nowinski, of Piper Jaffray. “Moreover, if incompetent entities such as North Korea are capable of engaging in sophisticated attacks such as the one on Sony, it should be assumed that many more breaches just like it will occur in 2015. As such, we believe the IT security sector will offer the most compelling returns to investors in 2015, focusing on the vendors like PANW that are capable of defending against advanced breaches.”
--Written by Ross Kenneth Urken for MainStreet