Embed Size (px)
Citation preview
Investing in Cyber SecurityA look at trends in information security spending
Tuhin Ghosh, PhD, CFA®
Chief Investment Officer Peter Andes, CFA®
Director of Investment Strategies
Cyber attacks and high-profile data breaches continue to plague corporations and governments alike, and this is only likely to escalate as the number of connected devices grows.With an acceleration in corporate spending on cyber security and a rise in government attention to this issue, there is significant opportunity to invest in the companies developing technologies that will keep data more secure.
Demand driversData breaches at corporations have become so commonplace they hardly seem like news when they happen. A look back at the activities of recent years reminds us how much exactly is at stake:
The financial services industry is the #1 target.1 The attack on JPMorgan Chase that compromised 76 million households and seven million businesses2 is just one of many, and some regulators fear that a coordinated attack could spark the next financial crisis. 3
Attacks on the U.S. healthcare system are costing $6 billion a year. 4 Stolen medical records, which contain valuable personal details, are hot commodities. They can sell for 20 times more than a stolen credit card number.5 In early 2015, hackers broke into Anthem’s systems and accessed 80 million records that included customer and employee Social Security numbers, addresses, birthdays and other identifying information.6
The scale of cyber attacks is growing larger. Consider the 2014 Home Depot attack: Scammers used point-of-sale RAM (computer memory) scrapers to access as many as 56 million debit and credit cards in an attack that lasted five months—costing the hardware chain an estimated $62 million. 7
It’s not just about hackers anymore. In the early days of cyber attacks, hackers seeking notoriety were the primary players. Now we’re seeing nation-states participating in industrial espionage (think North Korea’s involvement in the Sony hack) and highly funded operations in pursuit of financial gain.
2
Cyber Security by the numbers:
$75.4 billionEstimated worldwide information
security spending in 2015. Source: Gartner
$170 billionEstimated value of the cyber security
market by 2020. The market will grow almost 10 percent annually
between 2015 and 2020.Source: Markets and Markets
$6 billionEstimated annual cost of cyber
attacks against doctors and hospitals. Source: Bloomberg Business
18 percent of all cyber attacks are on the financial services sector—
making it the #1 target. Source: Finextra
18%
Attacks will only become more significant Concerns regarding security and privacy will continue to mount as we enter into the connected era of the Internet of Things. Infrastructure and physical assets—such as oil rigs, power stations, trains, cars and homes—will be wired to the network, bringing additional cause for concern. End-to-end security will be essential, encrypting data held on devices as well as information transmitted over the network.
With rogue governments turning to hacking as a form of espionage and retaliation, and infrastructure becoming more and more connected, security of data is emerging as a matter of national security. Consider the recent attempts at breaking into critical national infrastructure, such as nuclear power operators in South Korea and power plants in the U.S., and an attack on a German steel mill that caused physical damage.8
ImplicationsAccelerated corporate spending Given the sizable threats to corporations’ interests, we’re seeing security rising to the top of IT spending in 2015. A 20 percent increase in investment in next-generation security is expected this year, with an emphasis on cloud and big data solutions.9 Funding for cyber security startups is also on the rise, at just over $1 billion in the first quarter of 2015, up from $540 million a year earlier.10
Mounting government concern For the 2016 fiscal year, the U.S. federal budget has allocated $14 billion to cyber security—10 percent higher than in 2015, and 35 percent higher than what the government spent in 2014. This allocation represents 16 percent of the total federal IT budget.11 And in another indication that government concern is rising, President Obama signed five cyber security bills into law in late 2014—the first of this type of legislation passed in more than a decade.12
Number of Records Lost (Millions)
80 mm
60 mm
40 mm
20 mm
Nov 2013 Aug 2014 Sep 2014 Jul 2015Feb 2015
Target
JP Morgan
Home Depot
Anthem
Ashley Madison
3
Cyber Security Attacks:
Investing in the cyber security industryThe cyber security market is estimated to grow nearly 10 percent a year to $170 billion in 2020.13
Given these projections, we see big potential in this industry.
The tech companies to watch tend to fall into one of two segments:
While companies have historically focused on network solutions, we’re starting to see a shift to a more holistic approach to information security, with corporate IT spending focusing more on end-to-end solutions that protect all of the devices that transmit data on a network.
Network solutions Technologies that keep networks safe and secure, protecting confidentiality, integrity and availability. Companies involved in this space provide services such as authentication, vulnerability monitoring and encryption. Example companies: Checkpoint Software, Fortinet, Palo Alto Networks
Endpoint security Protection for devices that connect to a network or are network-enabled. Consider a mobile phone that an employee uses for both business and leisure: Data sent over this device is not necessarily protected by a corporate network. Endpoint security comes into play by creating solutions for securing all devices that connect to the network. Example companies: AVG Technologies, Symantec
4
Motif Capital: Portfolio ConstructionWe built our Cyber Security portfolio to provide systematic targeted exposure to the firms across network and endpoint security spectrum.
To build our portfolio, we:
Identified U.S.-listed stocks and ADRs of companies involved in providing cyber security software and services.
Segmented companies by their focus within cyber security (i.e. network vs. endpoint security).
Determined each company’s percentage of total revenue derived from cyber security-related activities.
Applied a pure-play factor to give greater relative weight to companies that derive a higher percentage of their revenue from cyber security-related activities.
Weighted each company by its market capitalization adjusted for revenue exposure to cyber security.
Finally, created the portfolio by running the adjusted market cap weighted portfolio through an optimization engine to reduce concentration risk and volatility, and to satisfy investability constraints.
ConclusionWith the volume and sophistication of cyber attacks on the rise, and a shift toward a connected infrastructure of physical assets, the cyber security industry is in a position to experience massive growth—especially as governments and corporations realize how much is really at stake. Motif Capital has applied systematic, objective analysis to construct a targeted portfolio that we believe will capture the winners in the battle for digital protection.
Top Five Holdings:
Check Point Software Technologies Ltd. Segment – Network Solutions Check Point develops and markets network-based firewall and unified threat management security solutions.
Symantec Corporation Segment – Endpoint Security Symantec develops and markets antivirus, storage and systems management software.
Palo Alto Networks Segment – Network Solutions Palo Alto Networks is a network security provider that produces hardware firewall products.
Fortinet Segment – Network Solutions Fortinet develops network-based intrusion prevention, anti-spam and other integrated network security solutions.
FireEye Segment – Endpoint Security FireEye provides virtual machine-based security platforms to corporate and government clients.
5
6
MOTIFC APITAL .COM [email protected]
References
1 Finextra, “Financial services top target for cyber attacks,” June 9, 2015. http://www.finextra.com/news/announcement.aspx?pressreleaseid=60049
2 The New York Times, “JPMorgan Chase hacking affects 76 million households,” Oct. 2, 2014. http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/
3 The New York Times, “Hackers’ Attack Cracked 10 Financial Firms in Major Assault,” Oct. 3, 2014. http://dealbook.nytimes.com/2014/10/03/hackers-attack-cracked-10-banks-in-major-assault/
4 Bloomberg Business, “Rising Cyber Attacks Costing Health System $6 Billion Annually,” May 7, 2015. http://www.bloomberg.com/news/articles/2015-05-07/rising-cyber-attacks-costing-health-system-6-billion-annually
5 Financial Times, “Patient records are target for cyber crooks,” June 17, 2015. http://www.ft.com/intl/cms/s/0/20046010-e1cb-11e4-bb7f-00144feab7de.html#axzz3d58JWgWD
6 The New York Times, “Anthem Hacking Points to Security Vulnerability of Health Care Industry,” Feb. 5, 2015. http://www.nytimes.com/2015/02/06/business/experts-suspect-lax-security-left-anthem-vulnerable-to-hackers.html?ref=topics
7 The Wall Street Journal, “Home Depot’s 56 Million Card Breach Bigger Than Target’s,” Sept. 18, 2014. http://www.wsj.com/articles/home-depot-breach-bigger-than-targets-1411073571
8 Wired, “A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever,” Jan. 8, 2015. http://www.wired.com/2015/01/german-steel-mill-hack-destruction/
9 Wall Street Journal, “FBR Predicts 20% Uptick in ‘Next-Gen’ Cybersecurity Spending,” Feb. 24, 2015. http://blogs.wsj.com/cio/2015/02/24/fbr-predicts-20-uptick-in-next-gen-cybersecurity-spending/
10 Financial Times, “Cyber security funding tops $1bn after high-profile attacks,” April 19, 2015. http://www.ft.com/intl/cms/s/0/5cfcbcbc-e692-11e4-afb7-00144feab7de.html#axzz3cjPN5AfV
11 Christian Science Monitor, “Despite billions spent, US federal agencies struggle with cybersecurity,” June 10, 2015. http://www.csmonitor.com/World/Passcode/2015/0610/Despite-billions-spent-US-federal-agencies-struggle-with-cybersecurity
12 BankInfoSecurity, “Obama Signs 5 Cybersecurity Bills,” Dec. 18, 2014. http://www.bankinfosecurity.com/obama-signs-5-cybersecurity-bills-a-7697/op-1
13 Markets and Markets, Cyber Security Market by Solution (IAM, Encryption, DLP, Risk and Compliance Management, IDS/IPS, UTM, Firewall, Antivirus/Antimalware, SIEM, Disaster Recovery, DDOS Mitigation, Web Filtering, and Security Services) - Global Forecast to 2020.” http://www.marketsandmarkets.com/PressReleases/cyber-security.asp
Disclosures
Investing in securities involves risk to be considered prior to making investment decision. This report is made available for informational purposes only and should not be considered personalized investment advice. Examples provided are for illustrative purposes only and not intended to represent results an investor can expect to achieve. Past performance is no guarantee of future results. Data contained herein from third-party providers is obtained from what are considered reliable sources. However, accuracy, completeness or reliability cannot be guaranteed.
For institutional use only, not for public distribution.
Motif Capital Management, Inc., is an SEC registered investment advisory firm, located in San Mateo, CA., and is a wholly-owned subsidiary of Motif Investing Inc.
©2015 Motif Capital Management, Inc. All rights reserved.
