How to Profit from Cyber Pain


One of my key investment themes has been Safety & Security, which touches on personal safety as well as security for companies, schools and other institutions, including the government. Given the confluence of several factors including the near-unquenchable thirst for mobile connectivity, social media and the Cloud along with the bring-your-own-device (BYOD) trend, one of the growing pain points that we all face is cyber attacks.

Odds are you’ve heard about some of the more high profile attacks on the Bank of America (NYSE:BAC), Domino’s Pizza (NYSE:DPZ), P.F. Chang’s (NASDAQ:PFCB), the State of Montana health department, and recently the U.S. Post Office and the State Department. One of the more remarkable attacks this month occurred at the Turkish branch of HSBC, which affected 2.7 million customers, whose credit cards were compromised.

While you could probably guess based on the headlines and news stories that cyber attacks are on the rise, a new survey of executives from more than 154 countries conducted by PwC revealed the number of reported cyber security incidents rose 48% so far this year to 42.8 million. That’s roughly 117,340 attacks per day. These include a sharp rise in mobile malware, particularly on the Android platform, as well as social media platform attacks that leverage the large user bases of Facebook (NASDAQ:FB), Twitter (NYSE:TWTR), LinkedIn (NYSE:LNKD and others.

The outlook is not pretty to say the least. A survey by the Pew Research Center and Elon University’s Imagining the Internet Center of more than 1,600 computer and Internet experts on the future of cyber attacks asked “by 2025, will a major cyber attack have caused widespread harm to a nation’s security and capacity to defend itself and its people?” More than 60% answered “yes.”

The growth in the number and frequency of cyber attacks has forced organizations to make substantial progress over the last few years and that means expanding cyber security budgets and staffing. That’s particularly so in one of the key target markets of cyber attacks -- banks, insurers, money managers and other financial companies. Financial service companies accounted for roughly one-third of all cyber security breaches in 2013.

According to a new PwC survey of 758 of banks, insurers, money managers and other companies, spending on protecting networks and other cyber security efforts will total $4.1 billion this year. Per PwC, those 758 companies are expected to boost their spending between 10%-20% each year over the next few years, which by 2016 could add $1.3-$2.6 billion in spending.

Viewing it from a different angle, earlier this year in his annual letter to shareholders JPMorgan (NYSE:JPM) CEO Jamie Dimon shared expectations to have roughly 1,000 people focused on cyber security by the end of 2014. Between then and now, JPMorgan was breached to the tune of 76 million household contact information and that prompted CEO Dimon to share that cyber security spending could double over the next five years.

Stepping back from the financial industry and taking a broader view, research firm Gartner found that global IT security spending will reach $71.1 billion this year, up 7.9% year over year, before reaching $76.9 billion in 2015 and more than $80 billion by 2016.

The key takeaway from all of this is cyber attacks are not only here to stay, but from the investor’s perspective it is a growth industry that can cause a lot of damage to companies, governments, institutions and individuals. The simple reality is you, the investor, need exposure to cyber security stocks. There are a number of them to choose from such as standalone companies like FireEye (NASDAQ:FEYE) Palo Alto Networks (NYSE:PANW), Imperva (NYSE:IMPV), Proofpoint (NASDAQ:PFPT) and Lifelock to business units inside IBM (NYSE:IBM), Cisco Systems (NASDAQ:CSCO), and Intel (NASDAQ:INTC).

One of the issues is determining which company has the best solutions -- both preventative as well as reactive -- for the coming period. In many respects this reminds me of the video console wars of the past -- which vendors has the product of the moment that is head and shoulders above the rest…for a period of time? Not surprising then that we’ve seen a bevy of M&A deals over the last several months as companies look to fill out a strategic gap or while in its product or technology offering. Recent cybers ecurity deals include Lockheed Martin’s (NYSE:LMT) acquisition of Industrial Defender, Palo Alto Networks’ $200 million acquisition of Cyvera, and FireEye’s acquisition of nPulse Technologies as well as IBM buying CrossIdeas and Lighthouse Security Group.

For the investor looking to profit from this pain point that is growing like a zit on a teenager, one possible solution is to buy a basket of cyber security stocks. Another is also available thanks to the growing proliferation and specialization of exchange traded funds, which at last count span more than 5,463 ETFs listed across 61 exchanges.  A recent addition to the ETF ranks is PureFunds ISE Cyber Security ETF (HACK), which includes Vasco Data Security, Imperva Inc., Palo Alto Networks, Splunk Inc. and Infoblox among its better than 5% positions sizes.

Whether it's owning individual stocks or this ETF, investors should look to profit from the growth industry that is cyber security.