26 June 2017
Threat of disruption of a business now extends to almost all of the divisions – finance, operations, customer data, sales, R&D, IP. While this should make cybersecurity a mandate of the board and stakeholders, in many of the organizations the threat is still dealt by the IT department solely. Experts shake their heads in disapproval and opine that cybersecurity risk requires an institution-wide approach and better harmony between cybersecurity and business strategy.
The problem with cybersecurity is its complexity and heterogeneity. There are companies that offer or specialise in one particular service and there are companies that offer the entire gamut of services. Cyberattacks too range from easily identifiable phishing mails – “Well know Nigerian prince with a lot of money” to sophisticated ransomware attacks – “Wannacry” and DDOS “Denial of Service Attacks”. Phishing, the most common form of email attacks tries to trick the victims into paying a small transaction fee, in return for a reward. DDOS attacks are used to bring a site down by generating an unusually large number of requests from computers. The most recent and the most damaging of these cyberattacks has been that of ransomwares. Ransomware attacks involve the hackers taking control of a computer system, encrypting it and holding it hostage until a ransom is paid.
Ransomware attacks begin as a harmless attachment that comes in email or other means. Once the ransomware is opened, there is not much that happens in the foreground, instead it activates the encryption software that starts to encrypt these system files one-by-one. Big companies have robust detection mechanisms that isolate encrypted files and prevent any further encryption. Smaller companies unfortunately don’t have such capabilities to detect such attacks at an earlier stage. Instead they end up paying their ransom and recovering data or in worst case scenarios lose their data. The ransomware attacks are so well organised that they even own dedicated customer support with a live person at the other end helping out victims to recover their files and pay-out the ransom as well.
Business – big and small are now putting their minds together to solve the issue of cybersecurity. Investment and M&A activity in this space has gathered pace since 2014 which is a sign of more demand in for such services in the future. Estimates vary widely as to the extent of spending on cybersecurity, some analysts expect the cumulative spending on cyber security to surpass USD 1 Tn by 2021. When the spending is expected to be of that magnitude, investment from the PE and VCs cannot be far behind.
The privately held companies saw a flutter of activities in 2016. In 2016 alone there were close to 400 deals that took place in that space, up from 378 deals that took place in 2015. There were four deals in 2016 that exceeded the USD 100 Mn mark – StackPath (USD 180 Mn private equity), LogicMonitor (USD 130Mn growth equity), Cylance (USD 100Mn Series D), and Mobi Magic (USD 100Mn Series B). 2016’s flurry of deals shows that cybersecurity remains a hot investment opportunity in the wake of persistent security attacks and hacks faced by business and government. Investors are still predominately making bets in early-stage cybersecurity companies (seed & Series A), an indication that in an evolving cyber-threat landscape, new solutions are still needed that can help mitigate, and perhaps even predict, attacks. The amount of investment and the activity in the space seems to suggest that this industry is still in a growth phase which might not be suitable investment option for investors with low risk appetite.
Analysing the cybersecurity stock performance over the past three years we are able to find out that the most of the mid and large cap companies have had positive revenue as well as stock performance. Nine companies have had double digit revenue growth in the past three years. Demand for cyber security awareness about the products have been an important reason behind the revenue blitzkrieg.
The revenue growth notwithstanding the net income performance of most of these companies have not been so spectacular. Out of the 20 companies that featured in our analysis 15 of the companies had faced losses in 2016. 14 of those companies also had negative net income during 2015 as well. This is what makes identifying target using the traditional method a big challenge in this sector. Technology obsolescence is major concern for the technology industry, disruptions are the norm in this business making things more challenging.
Investors ideally should have some idea about the major global trends that is shaping the industry such as the advancement of technology in terms of computing power and how they intertwine with business IT needs, bring your own device trends, redesigning of the entire computer eco-system (quantum computing) etc.,. PE and VC involvement in the sector suggests that there are still quite a huge quantum of early stage risk that is involved in this sector. Lawsuits, in case of failure to protect cyber-attacks or failure to recover the lost data could result in huge losses to the tech firms which could run into millions of dollars.
Never miss a patch or an update with Marmore's Newsletter. Subscribe now!
ESG and Sustainable Investing might seem to be related but both are distinct concepts. The GCC nations transition towards cleaner energy portrays a buoyant outlook for ESG and sustainable investing.Read More
The impact of the recently issued IFRS sustainability standards, once adopted, is likely to be high, as GCC companies scramble to allocate adequate resources for the adoption.Read More
The GCC countries have increasingly focused on privatization of state-owned enterprises to reduce dependency on oil and diversify their economies.Read More