Trader Talk

Cybersecurity stocks rally as global hackings start to impact corporate bottom lines

Key Points
  • Cybersecurity stocks are soaring in the wake of Mondelez's big ransomware attack.
  • Mondelez estimates the attack will shave off 3 percent of second-quarter revenues.
  • KeyBanc notes the cybersecurity business is still relatively small but growing fast.
Cyber attacks cost companies more than $15M per year
Cyber attacks cost companies more than $15M per year

Cybersecurity stocks like FireEye, Barracuda, Symantec and Palo Alto Networks rallied Friday, as snack food and beverage giant Mondelez International became the latest victim of a cyber attack. The company said it was hit with an attack on June 27 that compromised its ability to ship and send invoices during the last four days of its second quarter.

What made this call unusual is that the company quantified exactly how much the attack hurt them: Its preliminary estimate of the impact indicates a 3 percent slice off its revenue growth rate for the quarter.

Unlike the recent WannaCry ransomware attack, this hacking, as well as similar ones reported by Reckitt Benckiser and others, appear to be designed to simply cause as much destruction as possible.

And analysts say it's only going to get worse. In a report yesterday to clients, KeyBanc noted that security concerns will increase in importance as companies shift to the cloud and that 2016 was already a record year for data breaches:

Cyber crime in 2016

35 percent rise in business ransomware
58 percent increase in distributed denial of service (DDoS) attacks
78 percent increase in phishing sites

Source: KeyBanc

There is plenty of room for growth. The cybersecurity business is still relatively small: KeyBanc notes it is only $35 billion but growing fast. It's remarkably fragmented: Symantec's enterprise business is the largest player, with only 7 percent market share. In part, that's because there are many different parts to the security business that are not served by all the players: firewall, identity & access management, data loss prevention, messaging security, etc.

Widely reported events like the WannaCry ransomware attack and the "Petya" malware attack get a lot of attention, but more knowable events on the horizon are generating interest for cybersecurity companies. KeyBanc notes that a "firewall refresh cycle" will likely start in six to nine months, and that new European regulatory standards for all companies handling data in the European Union will come into effect in May 2018 that will create opportunities for vendors specializing in data loss prevention and database activity monitoring. That means more business for companies like Box and Okta.

Maersk hit by Petya cyber attack: APAC CEO
Maersk hit by Petya cyber attack: APAC CEO

Most importantly, business appear to be shifting priorities. In the past, prevention was the priority, with detection and correction less important. In 2014, 80 percent of enterprise security budgets were devoted to prevention, with only 10 percent devoted to rapid detection & response. That is now reversing: KeyBanc estimates the 60 percent of enterprise security budgets will be devoted to rapid detection & response by 2020.

The big question, according to Ilya Kundozerov at Morningstar, who covers cybersecurity stocks, is this: How much of this negative news will get translated into top-line growth for cybersecurity companies?

"This industry is driven by negative news," Kunderozerov said. In the past, similar events have led to an increase in revenues. FireEye, for example, is extra sensitive to these kind of events because they are often the company that gets the first call. Kunderozerov says it's still too early to tell if Wannacry and Petya will generate significant revenue growth.

What is remarkable to Kunderozerov is that many of these recent attacks were not due to amazing, sophisticated cyber hacks: They were due to the failure of companies to simply keep their software updated.

"There certainly are very sophisticated cyber attacks, but a lot of companies have very old software that no one wants to touch, and the companies have decided to let it be and leave it unpatched and unprotected," he said. "These were old vulnerabilities that should have been patched. Nothing has happened to these systems, but now it's payback time. These legacy systems need to be completely isolated, or patched, or migrated to new software."

Watch: Mondelez on what the recent cyber attack cost

Modelez: Recent cyber attack to cut Q2 revenue growth
Modelez: Recent cyber attack to cut Q2 revenue growth