Over the last year, we’ve seen more and more major headlines about cybersecurity, with data breaches at major U.S. companies that have put millions of people’s data – and their money – at risk. Only recently made public were massive breaches at Target Stores and Yahoo! in 2013. Yahoo! revealed that every one of their 3 billion accounts were hacked in 2013, but wasn’t discovered until 2016. In December of 2013, Target confirmed that credit and debit card information for about 40 million customers had been stolen, then added a few weeks later that information including email and mailing addresses was stolen for another 70 million people.
As alarming as those numbers sound, the truth is they’re really just the tip of the iceberg. 2017 saw one of the biggest and potentially most damaging breaches when hackers penetrated one credit bureau Equifax. The result – the theft of sensitive personal data, including Social Security numbers – may not be known for years, but most certainly leaves anybody who was affected by the breach vulnerable to identify theft for the foreseeable future. Add to that the exposure of voting records for 200 million American voters resulting from a misconfigured security setting on an Amazon cloud server for a GOP data firm, the theft of 57 million Uber customer’s data, and ransomware and virus attacks on government, school districts, and businesses all over the world, and the fact is that cybersecurity is an issue that concerns everybody.
The damage is massive, not only in terms of the number of people effected by hacks and data breaches, but also in real dollar terms. It is estimated that cyber-crime damages cost the world about $3 trillion in 2015. The entire cybersecurity community, as well as major media generally agree that number will climb to more than $6 trillion by 2021. That immediately makes cybersecurity a costly element of doing business; technology research company Gartner estimates that businesses spent more than $86 billion in 2017 just on cybersecurity. Looking forward, by 2021 that number is expected to grow even more exponentially than the cyber crime damages number, to more than $1 trillion.
Finding opportunity amidst the chaos
The numbers I’ve just presented paint a pretty grim picture; but if you’re an attentive investor, you should also be able to see an interesting silver lining in the gloom and doom. The simple fact is that we aren’t going to stop using the Internet, to connect with others, to communicate, and to business. That is part of the reason the costs of cybersecurity are going to keep going up, and because of that fact, you can bet that cybersecurity is likely to represent one of the most compelling, and important emerging technologies in the financial markets right now and for the foreseeable future. Many of the companies that are already in the thick of the ongoing battle to protect sensitive and personal data may not be well-known to the average investor today, but could be among the best growth opportunities available in the technology sector for years to come.
If you’re looking for growth, and real wealth creation over time in your investing capital, one of the most important things you have to be able to do is to recognize not only where the market is now, but also to try to identify where new opportunities lie. That’s really more art than science, because it isn’t just about picking the latest cool gadget (think Betamax tape players in the ’80’s) or trendy social media platform (hello, MySpace) and then hopping on for the ride. In the world of cybersecurity, I think the real question is twofold: 1) What is cybersecurity going to look like five years from now, and 2) Who are the biggest and best players in the industry right now?
What will cybersecurity look like in five years?
The thing about any emerging technology is that the way it looks today will almost certainly not be the same just a few years down the road. For an investor, that means that many of the companies that we’d think of as real players in that technology initially simply won’t be around. They may sound like a great opportunity today, but there is a very good chance they could fail – whether that means being rendered obsolete or irrelevant by a competitor, that their target audience doesn’t respond to what they offer as they expect, or that they fail to manage effectively and ultimately collapse under the weight of their own growth.
The early stages of the Internet and the World Wide Web provide a great example of what I mean. As more and more people jumped online in the late 1990’s, web sites proliferated at an amazing rate. Keeping track of what information could found and where, seemed like an impossible task. Then along came web search programs like Altavista, Web Crawler, and Lycos, to name just a few. Don’t recognize those names? That’s because they don’t exist anymore – by the beginning of the 21st century, search engines like Yahoo!, Google, and MSN Search had taken over the Web. Some of those early programs simply disappeared into obscurity, but others, like Altavista were purchased by their larger competitors, who then folded the algorithms behind them into their own products.
If you look at the search engine segment today, the number of players is a mere fraction of what it was in its early stages. Google isn’t just a brand name any more, it’s a verb, and any other players that remain such as Yahoo! and even Microsoft’s Bing have seemingly learned to live with their significantly diminished roles in cyberspace. That is what tends to happen to any new, emerging technology as it matures; the smaller players either grow to become the new Big Bad on the Block, get acquired by the current Big Bad, or simply evaporate and fade into history. That’s also called consolidation, and I think that is where the best opportunities to make money in the long-term from the cybersecurity industry will be found.
While cybersecurity isn’t a totally new technological concept, and many of the biggest players in this space, like Palo Alto Networks (PANW), Symantec (SYMC), and Cisco Networks (CSCO) are already mid to large cap stocks with market caps ranging between $15 and $200 billion, in many ways it is still a nascent, developing industry, with several of the most profitable companies possessing small to micro-cap level capitalizations of any from $3 billion on the high end to less than $100 million or possibly even less. As the dozens of smaller, up-and-coming companies in this segment begin to differentiate and separate from each other, we’ll see some grow, while others will fall by the wayside. The most profitable ones will start to look more and more attractive for acquisition by larger companies who seek opportunities to diversify, expand, and grow their businesses and products in this arena, and so my prediction is that we’ll several of those stocks become takeover targets.
Consolidation is good for shareholders – if you’re there early
The fact is that growth can come in any number of ways. For larger, more established companies with mature product lines, it can actually be harder to keep growing by focusing solely on their existing product lines. Think of Microsoft, who has been a dominant player in the software industry for decades. It’s hard to think that they’ll be able to expand the level of penetration they’ve already achieved with Windows, or with their Office suite, because the fact is that if you own a PC, you probably already have them. That means that if they want to keep growing, they have to find other ways to do it. For a lot of larger companies in any given industry, the best way to achieve the growth they need is through acquisition.
What does that mean for cybersecurity? There are only a few really big players in this particular segment of the technology sector, and the truth is that for most of those companies, cybersecurity is more of a natural outgrowth of their existing business, rather than a primary focus of it. Here’s a few of the biggest, most recognizable names:
- Symantec Corp (SYMC), market cap $16.7 billion: SYMC has always made enterprise data security and information management a major part of their business. In 2016, the company sold Veritas Technologies, the information management arm of their business so it could put its entire focus into cyber security.
- Cisco Systems (CSCO), market cap $212.3 billion: CSCO has been on the cutting edge of networking technology for decades, with its routers and switches making up the backbone of the Internet since the beginning. Cyber security is a natural, hand-in-hand fit with their natural focus.
- Salesforce.com Inc (CRM), market cap $88.1 billion: the largest provider of cloud-based enterprise software focused on customer relationship management, cyber security is naturally an ongoing concern. Like CSCO, CRM has the size and resources to bundle cyber security products with their existing products in a seamless fashion for its customer.
Any of these companies, who are already betting big on the future cyber security anyway, could target a smaller, cutting-edge firm showing great promise to help expand their product portfolio more quickly than they might be able to do on their own. That means that the number of companies in the industry is likely to shrink over the coming years, as the best and brightest are purchased and integrated by their larger competitors and counterparts.
Consolidation is good for shareholders, because if you are there before it happens, you can stand to make a lot of money. Let’s go back for a moment in history to the early days of search engines for an example. Lycos Inc. was an early player in the industry, and established a healthy user base that put them among the most popular search tools in the 1990’s with Yahoo!, Excite, and several others. They first went public in April of 1996, with their initial stock price settling quickly at around $17 per share. They also had the distinction of being one of the first Internet companies to actually post a profit in 1997. In October of 2000, just a little before the Internet bubble burst, Lycos Inc. was acquired by Spanish telecommunications giant Telefónica for $12.5 billion, or about $77 per share – which meant that the folks who were smart enough to get in early on that stock stood to reap a gain of more than 350% on their initial investment. That is a great example of the kind of opportunity that is available to investors in an emerging technology if the stock you’re working with becomes the target of a takeover.
Who should you pay attention to?
So who are the cybersecurity companies that could be the next Lycos, and why would somebody want to pay a premium for them? Here are a few that I think could be very attractive takeover targets:
- CyberArk Software Ltd. (CYBR), market cap $1.7 billion: CyberArk is an Israel-based cybersecurity that stands out from its small-cap stock counterparts due to the simple fact that it is actually profitable. Like many more established tech companies (including a large number of their larger cybersecurity competitors), CYBR operates with zero debt and maintains a strong cash position. Relative to its market cap, its cash and liquid assets as of the end of 2017 translate to a cash yield of almost 18%. Over the past year, earnings grew only modestly, however the company’s Book Value has increased steadily from the date of the company’s initial public offering in the last quarter of 2014, from about $5 to its current $10.19 per share.
- Check Point Software Technologies (CHKP), market cap $16.9 billion: like CYBR, Check Point Software is based in Israel. Its market cap puts the company in the category of a large-cap stock, which means that this is a company that is likely to acquire one or more of its much smaller competitors in the future, but could still be attractive as a takeover candidate for other, larger companies like CSCO, or to a strategic merger with an ambitious, similar-sized company like SYMC. It also operates with no debt, with a high level of cash and liquid assets that provides a cash yield of about 10%. Since going public in early 2008, the stock’s Book Value has increased from $8.34 to its current value of $22.03.
- Palo Alto Networks (PANW), market cap $16.2 billion: PANW’s overall fundamental profile is very similar to that of CHKP, with cash and liquid assets providing a cash yield of exactly 10%, with no debt since July of 2017. However, unlike CYBR and CHKP, PANW is currently not profitable, and in fact has not posted a profitable quarter since late 2014. The company’s Book Value has also decreased in each quarter of the past year. However, PANW is one of the most entrenched companies in the cybersecurity space, and should experience robust growth in 2018. They also currently serve 85 of the companies listed in the Fortune 100, and 63% of the Global 2000; both of these numbers are forecast to increase this year, which should translate to strong improvements in both revenues and earnings.
The high level of penetration already achieved by CyberArk and Palo Alto in the enterprise market makes those two companies especially attractive as takeover candidates, since companies like CSCO, SYMC, or as I’m about to outline, even AMZN wouldn’t have to try to forge their way into this incredibly competitive arena with a brand new, unproven product. The question you may be asking is, why would Amazon, which seems to focus first, foremost and always on retail sales, want to play in the cybersecurity space?
Think about Amazon’s acquisition of Whole Foods Market that closed last year. Amazon announced the acquisition on June 16, 2017, and it closed on August 28 at $42 per share. The day before the acquisition was announced, the stock was trading at around $33 per share, and had been for some time. If you purchased shares in Whole Foods at any point in the weeks preceding June 16, you would have seen an overnight bump in price of about 27%, when the deal was announced, as the stock drove straight up to the $42 level it had been announced at and stayed there until the deal was finalized. When the rumors of this acquisition first began to float around the market, some wondered what logic Amazon was following. That became apparent almost right away, as Amazon wanted to expand and diversify its business even more than it already had, and in the process make it more and more likely that every day, you’d have a reason to interact with some facet of their business.
If you think about it in terms of Amazon’s clear willingness to think outside of the box about ways it can continually broaden and expand its product line, and you think about the cloud-based services they already offer to businesses all over the world, an acquisition in the cybersecurity space starts to make more sense. The theft of GOP voter data in 2016, while attributable to a mistake in the server’s security configuration by the end user, is nonetheless one more testament to the reality that any system is vulnerable, at any time. Acquiring one of the smaller companies I’ve already mentioned – PANW or CYBR would seem at first blush to make the most sense, with the small-cap status of CYBR possibly providing a low-cost way for Amazon to bolster its internal systems and provide its cloud computing customer base with an extra layer of security and peace of mind.
Bear in mind, I have no inside information on any of the companies that I’ve mentioned here, and there is no actual public indication that any discussions between Amazon or any other player are even being considered at this time. Consider, however, that Amazon’s purchase of Whole Foods was kept quite firmly under wraps until just a little before the actual announcement was made. We do know that Amazon is serious about branching its business in the near future into a number of other economic sectors that it currently has zero presence in, including pharmacies and healthcare. Why shouldn’t it consider adding a business that can puts its feet firmly into cybersecurity?
Even if Amazon doesn’t make a play in this space, the fact is that the cybersecurity industry is likely to undergo a significant level of consolidation – not just in 2018, but in the years ahead. Trying to identify the smaller companies that are profitable and growing, today, could put you ahead of the consolidation game later. That can translate to big profits and wealth creation that any smart investor would happy to see.