Imagine driving on a highway at 75 miles per hour and suddenly your car comes to a screeching halt! You didn’t step on the brakes and you don’t own a technologically advanced vehicle that can drive itself. Furthermore, your car is in excellent condition with no parts on the recall list. The flood of emotions you experience are probably best described as shock, anger and disbelief.
The thought of a cyber attack is least likely to cross your mind. However, with today’s vehicles containing anywhere from 30 to more than 100 microprocessor-controlled devices, this is not inconceivable.
The proliferation of ubiquitous technology with the interconnectedness of mobile devices, desktop computers, and automobiles is a quantum leap in technological advancement. We are now entering an era when everything will be connected to the Internet, a phenomenon appropriately coined the Internet of Things (IoT). That means any physical object, such as smart thermostats, glucose sensors, cardiac monitors, and even your washer and dryer can be either monitored or controlled from anywhere in the world.
Technology research firm Gartner predicts that the Internet of Things will expand to 26 billion devices (excluding PCs, tablets and smartphones) by 2020, representing a 30-fold increase from a mere five years ago. This tremendous expansion, while exciting for consumers and IoT product and service providers, offers hackers a much larger playground. Another attraction has been the expansion of cloud computing and the increasing number of employees accessing corporate data from personal devices. This extraordinary transformation in Internet computing has triggered a new set of security risks.
A decade ago government agencies seemed to be the hackers’ primary target. In recent years, however, the focus has shifted to consumer data. For instance, the data breach last December at the popular retailer Target affected 100 million customers, with breach-related costs reaching $148 million in the second quarter. It is estimated, however, that total expenditure related to this security incident could easily hit the $1 billion mark.
Home Depot, the largest home-improvement retailer in the U.S., also became the victim of a data breach this year, one that compromised 56 million payment cards. Not even financial institutions like JPMorgan are immune to cyber attacks. In July, the company was the target of a sophisticated cyber attack that affected 76 million households. Likewise, healthcare providers, utility and telecommunications companies, and the U.S. government have all been targeted at some point.
The 2014 Internet Security Threat report produced by cybersecurity company Symantec highlighted a 91 percent increase in targeted attack campaigns in 2013. Another interesting yet alarming statistic is that more than 552 million identities were compromised in 2013, and one in 392 emails contain a phishing attack. The surge in prominent security incidents, along with considerable media attention, is forcing both enterprises and governments to reassess their Information Technology (IT) security budgets. Global IT security spending will increase nearly 8 percent to $71.1 billion in 2014 and a further 8.2 percent in 2015, according to Gartner.
When projecting future value of a company, analysts always take into account interest rate risk, geopolitical risk and counterparty risk, among others. Now, the ability to withstand cyber attacks has become just as important. The flip side is the rising demand for cybersecurity software, solutions and services. Evidently, venture capital firms have already invested $894 million in U.S. cybersecurity startups in the first half of this year, and the numbers are expected to markedly surpass 2013 totals.
With IT security spending poised to continue on its growth trajectory, it is worth considering an allocation to this segment of the technology sector. As previously indicated, venture capital funds are the largest players in the space, resulting in fewer entry points for retail investors. One alternative is to gain exposure by investing in sizeable IT companies that have expanded into this area either organically or via acquisitions of cybersecurity companies. Companies like IBM, Cisco and Intel have done exactly that.
Another option is to invest in publicly traded companies that primarily operate in the IT security space, such as Fireeye, Check Point Software, Symantec, and Palo Alto Networks.
The final investment vehicle available is the recently launched cybersecurity exchange traded fund (ETF), ironically named HACK. This ETF consists of 26 companies that service the cybersecurity industry. It is important to keep in mind that any company operating primarily in the cybersecurity industry with no other business lines to rely on will experience dramatic volatility. Any news flow on security breaches or proposed regulation will have a notable impact on the stock price. Therefore, any investor seeking exposure to this specialized sub-segment of the IT industry should do so in a prudent manner as part of a diversified portfolio.