The world has seen a sharp escalation in warfare in the past two years, but war is far from the only threat humanity is facing. Ever since we began using the Internet, a new type of crime has arisen, targeting government offices, organizations, and private citizens. Over the past three decades, global cybercrime has grown exponentially, becoming a lucrative industry where total annual revenue is estimated at $1.5 trillion.
The past decade, with its rapid digitalization of all human activities, spurred further acceleration of cyber threats; now everyone and everything – from your bank to your doctor’s office, to your IoT devices, to your EV car – can become a target. However, we are not left alone in this battle: a myriad of companies are striving to protect us from digital threats – and trying to make a buck out of it. But, while protection from cybercrime can be almost as profitable as the crime itself, not every cybersecurity company out there is up to the task.
The Innocent Hackers
The official history of cybercrime originated in 1981 when the first-ever hacker was convicted for breaking into AT&T’s internal computer systems. However, this case was perceived as an oddity and isn’t widely known. The first time the authorities and the general public grasped that dangers are lurking in the wires was in 1988 when a computer worm crippled a tenth of what was then the Internet and wreaked $15 million worth of damage. Then, in 1995, came the arrest of Kevin Mitnick, the first celebrity hacker of all time, a reformed criminal who became the world’s first computer security expert, laying the foundation for the cybersecurity industry.
These times of innocence, when cybercrime was a cottage industry or even a one-man stunt, are long gone. Today, it is an enormous business, spanning continents and sending its tentacles into every possible digital venue. Of course, it is not the “super-mafia” of sci-fi movies, but still, an ecosystem of a myriad of individuals and organizations, which is now arguably more dangerous for humankind than armed conflicts and pandemics.
The global cost of cybercrime was estimated at $8.5 trillion last year; industry professionals expect these costs to triple by 2027. The losses associated with cyberattacks include damage to or loss of data; loss of productivity; scams, fraud, extortion, and other types of money theft; theft of personal or financial data; disruption to business; vandalism, etc.
In 2021, ransomware hackers hit the systems of the Colonial Pipeline company, forcing it to shut down operations and leaving two-thirds of petrol stations in South Carolina empty, spurring panic. These hackers, who were never found, took in at least $90 million in ransom money – and that is just one occurrence of a specific type of crime.
In the same year, ransomware hackers even had the cheek to attack the Washington DC Metropolitan Police Department, threatening to leak the identities of informants to criminals, if not paid a ransom of $50 million.
Life-Threatening Ones and Zeroes
But the financial costs, however large, aren’t the most pressing issue with regard to cybercrime. In recent years, we have witnessed a swift rise in cyber-attacks bearing grim physical consequences, as well as the convergence of cybercrime with violent and/or organized crime, such as human trafficking, drugs, weapons, terror, and more.
While an attack on a bank’s computer systems can lead to a considerable loss of capital, an attack on a hospital can lead to a considerable loss of lives. In fact, these attacks aren’t a distant threat but a reality: in 2021, dozens of European and U.S. medical facilities were locked out of critical systems due to ransomware attacks. Apart from that, criminals may take over electricity or other essential infrastructure systems, with severe consequences. A hacked autonomous vehicle fleet management system, airport command center, or even a steel mill (a real-life example) could mean a loss of life on a large scale.
Besides the for-profit hackers, there is a very real threat of cyber wars, where foreign state-sponsored cyberattacks target energy infrastructure, disrupt military operations, or influence politics, leading to social unrest.
Surging Demand for “The Good Guys”
Given the worrisome expansion in the scope and reach of cyberattacks, it should come as no surprise that the cybersecurity market, protecting us from these threats, is also rapidly expanding, and projected to grow by a CAGR of 14%-16% through 2030.
However, given the current scope and proliferation of cyber threats, as well as the constantly expanding “business opportunities” for cyber criminals on the back of rapid technological advancement and ever-rising digital dependency for government, business, and private activities, these numbers may well be an understatement. McKinsey suggests that the global addressable cybersecurity market may amount to $1.5 trillion to $2.0 trillion, as the current penetration of cybersecurity products and services is far from the apparent market need for digital defense. Thus, the cybersecurity market offers almost unlimited long-term potential for companies working in this space, as well as for their investors.
Not All Security Stocks are Secure
So, we’ve established that the rapid global digitalization and the associated necessity for cyber protection present an enormous business opportunity for companies specializing in cybersecurity products and solutions. However, investors who wish to capitalize on this secular growth face a market characterized by high volatility in individual stocks, as well as vast differences in the financial and profitability metrics of companies acting in this sphere.
It must be noted that the top positions in the list of cybersecurity companies are occupied by diverse tech giants with large cyber divisions and nearly unlimited funds to develop their products, such as Microsoft (MSFT), IBM (IBM), and Cisco Systems (CSCO).
The most prominent pure-play cybersecurity firms dominating the market are Palo Alto Networks, Inc. (PANW), Fortinet, Inc. (FTNT), CrowdStrike Holdings, Inc. (CRWD), Cloudflare, Inc. (NET), and Check Point Software Technologies Ltd. (CHKP). However, not all of these established market leaders can show as much as a positive net profit: both CrowdStrike and Cloudflare still have “minuses” on their bottom lines, despite having been in the market for over a decade. While CRWD is bordering on breakeven, NET is not expected to reach profitability in the next couple of years, underscoring the tough competition in this fragmented market. PANW, one of the undisputed market leaders, became net profitable just last year.
Other important players in the cybersecurity market are Zscaler, Inc. (ZS), Akamai Technologies, Inc. (AKAM), Leidos Holdings, Inc. (LDOS), Gen Digital Inc. (GEN), Okta, Inc. (OKTA), Qualys, Inc. (QLYS), and SentinelOne, Inc. (S). Out of these runners-up, only AKAM, LDOS, GEN, and QLYS already bring in positive net profits. Besides the differences in their business venues and their bottom lines, these companies differ considerably along quality and valuation metrics, as well as earnings growth potential.
Research to Secure Your Capital
These vast dissimilarities in companies’ fundamentals and prospects for growth underscore the importance of research for aspiring cybersecurity investors. While the cyber defense market provides a lucrative playing field with vast opportunities, not every company in this market is able to capitalize on these opportunities. Thus, it is essential to dig into the data, analyzing companies’ finances, industry competitiveness, growth prospects and risks, and more.
Alternatively, investors can leverage the existing analysis, utilizing research done by Wall Street’s leading analysts. TipRanks has several tools that can help investors employ the vast amounts of data and research stored in its database, to their benefit. See the TipRanks table below for an overview of the performance of several prominent cybersecurity companies.
As another option, investors can buy into one of the cybersecurity ETFs, utilizing one of the many TipRanks ETF tools to pick the winning fund.
To conclude, cybersecurity stocks provide investors with an opportunity to profit from an accelerating global demand for defense from digital threats, as well as allow greater portfolio diversification, as many of these companies display moderate correlation to the broad market movements. That being said, it is important to take into account the companies’ finances and prospects to pick the winners who can create long-term value for their shareholders.