We got an interesting glimpse into cyber warfare earlier this month, when it emerged that Russian hackers had launched a cyberattack on the Ukrainian power grid, along with parallel attempts to sabotage computer systems that would be needed to restore it.
If anything, the move by Russia, which was revealed by Ukrainian government officials and the Slovakian cybersecurity firm ESET, was probably overdue given that these types of attacks on critical infrastructure can produce an optimal level of damage in relation to the resources employed – more bang for your bucks, as it were. (Ukraine’s power grid has been knocked offline twice before, in 2015 and 2016.)
If Ukraine was to reverse the tactic, it would be a classic example of asymmetrical warfare, essentially tactics employed by a weaker adversary to nullify, or undermine, the advantages held by a stronger adversary.
This type of warfare, which isn’t confined to national threats, has gained prominence in the digital age and extends into the corporate sphere. Inexpensively produced malware can render targeted systems useless simply by erasing key data. It’s a lot cheaper to disable a power plant by compromising its digital systems than it is to destroy it with a missile.
None of this is news to investors, at least those familiar with cybersecurity, a global industry that Astute Analytica estimates will grow at a compound annual growth rate of 13.4 per cent during the forecast period of 2021 to 2027, reaching an aggregate value of $346bn (£266bn), equivalent to 45 per cent of the current US defence budget.
The scale of the problem is apparent in figures published by international law firm, RPC, stating that “financial data belonging to as many as 42.2m people in the UK was compromised in data breaches last year, up 1,777 per cent from 2.2m in 2019-20".
Central to the cyber defence mechanism is the SOC, or Security Operation Centre, best described as the combination of technology, people and processes used to detect, analyse and prevent cybersecurity incidents. It can take several forms beyond the conventional firewall mechanisms aimed at preventing hackers from breaching a network. One of last year’s most keenly anticipated, or overhyped, initial public offerings was for Darktrace (DARK), a cybersecurity company which employs artificial intelligence and machine learning to evolve in the face of multiplying threats.
It could be argued that the inherent need for adaptability in this space lends itself to a software-as-a-service model. Sector analysis from US-based technological research and consulting firm Gartner Inc makes it clear that a bespoke offering is the preferable option in most cases, concluding that “the permutation of security operation needs is extensive, which means that what works for one entity is unlikely to be the best answer for another”. This suggests that cybersecurity operations are more likely to become embedded within a given organisation, with positive implications for the rate of recurring revenues.
Is now the time to make a foray into the sector? The investment case is clear enough, although it’s an increasingly crowded and somewhat fragmented marketplace. Certain companies will outperform the sector, generating substantial alpha returns in the process. It’s an alluring space for stock pickers, but given the general growth rates on offer, investors may opt for pooled vehicles and/or exchange traded funds, a point recently highlighted by the IC’s Dave Baxter. Consider that the L&G Cyber Security ETF has delivered an annualised rate of return of 16.6 per cent over the past five years – a none too shabby return with inflation running at a multi-decade high.
Another point worth considering is that companies within the sector have drifted lower on the sporadic sell-offs in tech stocks over the past seven months or so. Although appetite for high-growth tech stocks was waning well before Russian’s invasion of Ukraine, it’s worth remembering that the structural drivers in the cybersecurity market remain intact.
This hasn’t been lost on analysts from Goldman Sachs (US:GS). The investment giant has just upgraded its recommendation on CrowdStrike Holdings (US:CRWD) to 'buy', opining that the cybersecurity company’s “valuation is compelling at current levels”. While the full-year (FY) 2023 enterprise/sales multiple of 17.4 “appears high”, the stock trades at a lowly 0.4 times on a growth adjusted basis. Cash profits of $252mn are forecast to rise to $392mn for FY 2023, with a free cash flow yield of 1.3 per cent, against 0.8 per cent last time around. The view is that CrowdStrike sits “in the sweet spot of demand ahead of accelerating deterioration of the threat environment”.
