- The cybersecurity market is estimated to be worth $101-$170 billion by 2020 vs. $88 billion currently.
- The majority of executives and IT staff are not confident in their current infrastructure.
- By 2030, there will be over 49 billion connected devices, or about 6.5 devices per person.
The internet has been growing at an incredible clip…but so has cybersecurity threats. The internet of things, mobile applications and other connected mediums have woven their way into our daily work lives and at-home routines. Criminals view this as an opportunity to subtly connect to your smart device in order to steal your personal or professional data; however, billions of dollars are getting put to work to prevent such an occurrence.
Specifically, the security market is estimated to be an $88.8 billion dollar market by the end of 2016, according to Gartner – a public firm that specializes in IT research and advisory services. Executives are clearly demanding that their IT departments batten down the hatches and prepare for a more sophisticated battle. Other sources have the security market growing at a compounded annual growth rate of 9.8%.
Despite the investments to thwart these criminals, C-Suite executives are still concerned. A recent survey from the NYSE indicated that 66% of surveyed board members are not confident that their companies are properly secured from cyber-attacks. In a separate report, conducted by Barkly Cybersecurity, 50% of information technology and security professionals surveyed were not confident in their respective efforts to protect their firms’ data.
With all this concern, the future holds even greater capital flows into cybersecurity. Conservative estimates foresee the cybersecurity market being worth $101.6 billion by 2020. More aggressive estimates put the figure at $170 billion (roughly double current levels), according to International Data Corporation (IDC) and MarketsandMarkets respectively. In either scenario, budgets are set to grow as IT departments invest in software, services, and hardware to protect their business and client data.
Considering all this capital flowing into cybersecurity services, investors should take note of the different sectors and how to play them. Security tactics and investment opportunities can be broken down into macro categories, like the Internet of Things (IoT) and mobile applications.
Internet of Things
The Internet of Things (IoT) is a young but growing sector. The Kansas City Fed estimates that the IoT was born between 2008 and 2009, when the number of connected devices in the world eclipsed the number of humans. By 2020, the KC Fed expects about 6.5 connected devices per person; currently the ratio stands at roughly 3.4. With a world population of 7.6 billion people by 2030, the IoT market will have over 49 billion devices, all of which will need to be protected in some capacity.
IoT devices will be a major part of connected life in the future, but with connectivity comes security risk. This is where companies like Cisco (CSCO) come in. While the IoT is normally associated with consumer applications, a growing reality is automated technology operations in sectors like infrastructure management, energy management, building and home automation, and transportation systems. All of these sectors can realize efficiency synergies, supply chain visibility, and worker safety by opening up their systems to the IoT, but security will remain a top concern, according to Cisco.
Upon connection, organizations commonly purchase different security solutions from different vendors. Firewall, VPN gateways, web filters, and other applications can have gaps in their systems and don’t always work well with each other. These gaps are where hackers operate. As a remedy, Cisco for example, offers their “ASA with FirePOWER” services as a complete platform that protects multiple layers of infrastructure from attacks.
Evidence of this strength can be extracted from Cisco’s most recent quarter, where security was a top growth sector for the firm. Specifically, Q4 2016 highlighted product revenue “growth led by security, growing at 16%.”
Business today requires a fleet of mobile applications for employees. While there are certainly benefits to on-the-go work, there are also risks. Irrespective of operating system and hardware, threats exist from the obvious to the more sophisticated repackaged application. According to Check Point Software Technologies (CHKP), a provider of security solutions for enterprises and small businesses alike, “90% of employees have disabled locks on their tablets and 75% of employees have disabled locks on their smartphones.” Clearly filing this under the obvious category, their solutions range from CPU-level inspection to mobile app emulation scanning.
For example, their Mobile Threat Prevention includes “Dynamic Sandbox Emulation” and “Advanced Code Flow Analysis”, which have the goal of finding and isolating both known and zero-day malware – malware that has not been previously discovered or known of. Sandbox emulations capture application downloads and run their functionality in a cloud based environment across user inputs, devices and operating systems to find exploits. Also in the cloud, code analysis scans for suspicious patterns and ensures applications are not authorized to use other apps (excluding other secure apps and their syncing functionality).
Check Point’s Mobile Threat Prevention is just one example of how mobile solutions are being protected from an enterprise management level.
Mobile devices and the IoT are some of the market. Other connected utilities, technologies and services are prone to malicious threats too. Servers, email and enterprise hardware round out other areas that need protection.
On the topic of email, new companies and solutions are being born out of the need to be connected securely. The healthcare industry, notorious for being stuck with legacy systems, is now adopting a custom solution for doctors and patients alike. Startups like Virtru and Paubox are focused on email encryption that meets HIPAA requirements. Current regulations prevent doctors from using traditional sources of email, but encrypted services like those mentioned above facilitate quick and secure communication patients are accustomed to.
All this security is for good measure. Target (TGT), Sony (SNE), Weebly, Yahoo (YHOO), and Vera Bradley (VRA) are just some of the most recent examples of firms that have had their data compromised. This growing list is a nightmare for PR departments.
Cyber-attacks come in many forms; another threat to businesses are DDoS attacks. A DDoS (Defeat Denial of Service) attack is a superfluous request sent to a site with the intention of flooding the site’s infrastructure with artificial traffic intended to only overwhelm their system. On October 21, 2016, massively popular sites across internet, from Amazon (AMZN) to Zillow (Z), were taken down due to a massive DDoS attack. This was one of the most widespread attacks on the U.S.’s internet connectivity.
DownDetector.com offers a visual representation of the internet outages experienced on October 21, 2016.
There are remedies, however. Firms like Akamai (AKAM) have a cloud-based web security solution for such attacks. Their service drops non-application traffic. For example, a specific type of DDoS attack is SYN floods, where the attacker does not respond to synchronize – acknowledge (SYN-ACK) requests, leaving the victim website waiting for acknowledgement. Akamai would block or redirect requests like this based on criteria like source IP address and geographic location. They also have the ability to simply absorb requests via a “massive network scale”. NetScout Systems (NTCT) and F5 Networks (FFIV), to name a couple, also offer highly rated solutions for DDoS attacks.
Cybersecurity is a growing market as we become more dependent on technology and accustomed to valuable data at our fingertips on-demand. Whether the data or application is for personal or for professional use, criminals are interested in it. Accordingly, higher ups have noticed, but not only C-Suite executives.
The Federal Government has also upped their cybersecurity permission level. As of this month, the FBI no longer needs a warrant from the district in which a computer is located to execute a search. The new rule gives authorities the ability to obtain a warrant that grants them the ability to access a device located anywhere. In an age of complex networks and botnets, the rule change was highly controversial. Proponents argue that the change gives law enforcement a more efficient avenue for obtaining a warrant in a time when locations are hard to come by. The other side argues that this is an overreach of power.
From an investor’s point of view, the security market has many growth scenarios up and down the stack. From storage to applications, criminals search for gaps in protection to exploit vulnerabilities. As the stakes get higher, budgets are inflating to dash these illicit acts. Security companies are positioned to benefit from capital inflows and social trends of becoming more connected in and out of the office.
CEO, Elite Wealth Management
Full Disclosures: http://elitewm.com/disclosures/
This article is not intended as investment advice. Elite Wealth Management or its subsidiaries may hold long or short positions in the companies mentioned through stocks, options or other securities. For a complete list of recommendations made within at least the past year, please contact us at (425) 828-4300 or firstname.lastname@example.org. Please Note: it should not be assumed that recommendations made in the future will be profitable or will equal the performance of the securities in this list.