Why The Cyber Defense Megatrend Is A Huge Opportunity For Profits
What do Adobe, eBay, and Microsoft all have in common?
Wait, before you answer, let me add a few more names to that list, like Yahoo, Capital One, Uber, Marriott, and Home Depot.
All of these companies have been the target of criminal cyber-attacks. Like cancer, malicious hacking doesn’t discriminate… it infects organizations large and small, young and old. Attackers have become ever more brazen – and sophisticated – in their digital assaults on corporate and government entities.
This is (already) leading to a huge opportunity for companies combatting this threat — and for the investors who deploy their money in them.
The Birth (And Growth) Of Cybercrime
This is nothing new, of course. Some of the earliest cyber heists date back to the 1980s when the internet was still in its infancy. But the first major attack in the online era occurred in 2005 when DSW Shoes discovered that the names and credit card numbers of more than a million customers had been pilfered. As things go, that was a small-scale theft.
A few years later, attackers found a backdoor entrance into the files of merchant credit card processor Heartland and walked away with 100 million Visa and Mastercard account numbers. Heartland had to cough up nearly $150 million to cover subsequent fraudulent transactions.
Then there was the high-profile security breach at Target back in 2013. As you may recall, hackers gained entry by first breaking into a third-party vendor (a regional air conditioning and heating company) whose technicians still had Target’s private network credentials stored on their systems.
The attackers were then able to download malware software on Target’s cash registers and card terminals to capture sensitive information (including email addresses and card numbers) on more than 40 million shoppers. It didn’t help that this breach occurred during the busy holiday season. It was an embarrassing gaffe for the retailer – and an expensive one, costing over $200 million in civil fines, lawsuits, and lost sales. The damaging software was ultimately traced back to a Latvian computer programmer.
More recently, a software engineer in Seattle recently exploited a weakness at Capital One. The thief didn’t steal currency from the vault but did abscond with the next best thing… 80,000 bank account numbers and 140,000 Social Security numbers. A subsequent investigation found lax security procedures, and the bank was hit with an $80 million fine.
The Threat Is Growing
I could go on all day, but I think we all understand how pervasive this threat has become. From banks to retailers to healthcare providers, nobody is safe. Cybercriminals are employing all kinds of devious tactics to steal sensitive information – which is then posted for sale or auctioned off at various dark websites.
Source: FBI Internet Crime Report
The cat-and-mouse game between attackers and defenders is constantly evolving. Security protocols that would have seemed airtight a few years ago might look porous by today’s standards. Still, even with stronger defenses, infiltrations occur daily.
Organizations can’t let their guard down and must remain hyper-vigilant to threats. A leak isn’t just damaging to a company’s pocketbook, but also its reputation. And all it takes is one remote employee falling prey to a simple phishing email to jeopardize an entire network.
The stakes are high.
Just ask Colonial Pipeline. The privately-held energy infrastructure company was crippled by a cyber-attack in 2021. Hackers needed only a single password (there was no multi-factor authentication) to take control of the company’s operations.
Colonial’s pipelines carry over 100 million gallons of gasoline, diesel fuel, and other products per day across a network stretching from Texas to New York. The ransomware attack triggered the first shut-down in company history, leading to fuel shortages up and down the east coast. The FBI has since determined the perpetrators were linked to a Russian cyber-crime group known as Darkside. Colonial complied with their demands and forked over more than $4 million to regain control.
It’s certainly not alone. Ransomware attacks have disrupted the Louisiana Department of Revenue, the California Department of Motor Vehicles (DMV), and countless other corporate and government targets.
Source: FBI Internet Crime Report
Keep in mind, financial gain isn’t always the goal. Some groups are out to cause mayhem and destruction – imagine the chaos if they took control of a hospital, or an airport, or a power utility…
Needless to say, businesses and governments around the world are spending heavily to defend their territories from encroachment on this 21st-century battlefield. Back in 2004, global spending to thwart cyber-attacks totaled approximately $3.5 billion. By 2017, the market had already expanded to $120 billion – a powerful 35-fold increase.
And with the ongoing data migration to the cloud, the industry has continued to grow at a dizzying pace. Studies by accounting firm Deloitte have concluded that businesses in some industries (such as financial services) are now allocating 10% of their IT budgets to cyber-security. Microsoft plans to invest $1 billion annually to shore up its defenses. That’s peanuts compared to Uncle Sam… The Treasury Department alone had a $688 million cyber-security budget in 2021, while the Department of Homeland Security spent $2.6 billion.
How We Can Profit
Put it all together, and research firm Gartner is projecting global cyber-defense spending to reach $150 billion. Some of those dollars will be geared towards network security equipment; others will be spent on application security or identity access management.
It’s a large revenue pie. Yet, it’s still cheaper to proactively discourage or fend off an attack than to clean up the mess after one strikes. To be sure, investors have noticed the massive sums of cash being thrown around. One of the leaders in this space, Palo Alto Networks (Nasdaq: PANW), has quadrupled in value since March 2020.
Palo Alto has a great story to tell, and it could still go higher from these levels. CrowdStrike (Nasdaq: CRWD) is another leader in this space worth considering.
You could also choose the exchange-traded fund route for instant diversification. The First Trust Nasdaq Cybersecurity ETF (CIBR) or ETFMG Prime Cyber Security ETF (HACK) are both worth a look.
Either way, this is a trend investors shouldn’t forget about. Cybersecurity will be one of the hottest grounds for growth investors over the coming decade. How you decide to proceed in this space is up to you.
Meanwhile, over at High-Yield Investing, my team and I have built a solid portfolio full of market-beating yields that can be used by investors of all portfolio sizes and stages of life. With a little patience, you could be on your way to earning tens of thousands in dividends a year. Go here to learn more.