U.S. Markets closed

Yahoo Security Breach Poses Opportunity

- By Adam Lawrence

This news hit the press over the last few days and to much dismay, there are many questions still left to be addressed.

Yahoo (YHOO) announced last Thursday that it was the victim of a massive hacking attack, not this month or this year but in 2014 and it was likely "state sponsored," i.e., another country could be behind this mega hack. The tipoff came about when some 200 million accounts had related data being sold on the dark web. This has ended up snowballing into what has now become a breach of "at least 500 million user accounts."


And according to sources, proposed buyer of Yahoo, Verizon (VZ), didn't learn of the hack until last Tuesday, just a few days before it announced the hack to the world. This continues to beg the question of how much cyber security protocol is needed to prevent massive breaches like these? It has been all too common that we see large market-leading organizations fall victim to outside hacking or internal crack in the corporate armor.

Earlier this summer we saw major airlines like Southwest (LUV) and Delta (DAL) fall victim to what they called "system outages" where websites, check-in systems and booking capabilities were completely shut down. And who could forget the major financial breaches from Target (TGT) and Home Depot's (HD) payment processing systems in 2014?

Earlier this month Harvard Business Review published an article that explicitly highlighted the troubles that companies are having due to the overall risk of inside interactions. Contributor Marc van Zadelhoff said, "In the 2016 Cyber Security Intelligence Index, IBM (IBM) found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. IBM Security research also found that health care, manufacturing and financial services are the top three industries under attack, due to their personal data, intellectual property and physical inventory and massive financial assets respectively."

Based on simple fear, as the economy grows further into "the digital age," investors look for more exposure to cyber security investment opportunities to take advantage of the growing need. Markets and Market is expecting the cyber security market to grow from $122.45 billion in 2016 to $202.36 billion by 2021, at a compound annual growth rate (CAGR) of 10.6%.

The fact is that it isn't just hacking from outsiders like the ones who breach Yahoo; a good majority has actually been at the hands of insiders. Thought 62% of breaches are from outside, malicious factors, over 30% of loss can be attributed to accidental or malicious insider actions. This has helped to increase the overall number of breaches we've seen and is a big reason why investors should be looking at this industry.

Just look at cyber security ETF First Trust Nasdaq Cybersecurity ETF (CIBR). This has realized a significant increase in value since February of this year and with little reversal since. Mid-February results showed share price float under $14 and since then, the ETF increased to as high as $19.60 on Sept. 23. In addition to that PureFunds ISE Cybersecurity ETF (HACK) has mirrored an almost identical sentiment from February to more recent trading days. The ETF dipped to nearly $19 even and has since recovered on a near eight-month-long bull run to as high as $27.95, a near 50% move.

Both funds have Symantec (SYMC) as their top holding, and the remaining nine our of top 10 holdings fluctuate between multiple sizes of those holdings. For example First Trust has both Cisco Systems (CSCO) and Palo Alto Networks (PANW) as top three holdings while PureFunds has them barely breaking into the top 10.

Recently it was announced that IBM would be digging deeper into the space with the expansion of its Watson system. The tech company announced Watson for Cyber Security earlier this year, a new cloud-based version of the company's cognitive technology trained on the language of security as part of a year-long research project.

Designed on the IBM Cloud, the company says that Watson for Cyber Security will be a technology to offer cognition of security data at scale using its ability to reason and learn from "unstructured data." It's been cited that 80% of all data on the Internet that traditional security tools cannot process, including blogs, articles, videos, reports, alerts and other information, will be accessible to the Watson system. Though there is less exposure to cyber security by going direct to IBM as opposed to something like an actual cyber security ETF, the Watson system opens the door for the company.

Those looking for a more direct exposure to the space could be found in many of the companies in the previously mentioned ETFs. On top of those, a look into Symantec, who recently acquired cyber security and access management company Blue Coat, could be an option. The security company has had its share of tough times in trying to compete and just two weeks ahead of a proposed IPO for Blue Coat, Symantec made a move for a $4.65 billion acquisition. Blue Coat CEO Greg Clark will become CEO of Symantec.

In line with this, IDdriven (IDDR) could also be a topic of discussion. Management previously sold the BHOLD platform to Microsoft (MSFT) for an undisclosed amount. Microsoft is currently a channel partner of IDdriven along with three other firms including Oxford Computers, Tobania (Belgium-based) and Virginia-based Zeva Inc.

On Sept. 26 the company announced that it had brought on Neil Kleinman as the North American sales manager. "Growing frequency and fear of hacking and corporate thefts occurring requires control of employee access within their organizations. IDaaS as a cloud niche is expanding rapidly, and my experience in the SaaS market enables me to make a very quick market entry."

The interesting part of the increase in cyber security exposure is that the higher performing and higher priced ETF, PureFunds ISE Cybersecurity, holds a good majority in micro-cap stocks.

The micro cap stock exposure is almost the same as both the small and medium market cap stocks in the fund. This could suggest that the underlying theme is that of the M&A route where bigger buyouts of smaller companies could further enhance value of these smaller cap companies, while boasting higher percentage returns during the interim.

In opposition to this, First Trust Nasdaq Cybersecurity ETF holds a majority of its makeup in medium and small cap investments with little being focused on micro caps. Pent-up demand could be a big contributor to expanding the global identity and access management market size (estimated at $8.92 billion in 2014). The space as a whole is projected to see a compound annual growth rate of nearly 13% by 2020. The growing need for cloud-based engineering and better network capabilities are anticipated to bolster demand across industry segments.

Recently Identity Access Management companies have been gaining more attention from funds. Synchronoss Technologies Inc. (SNCR) for example, which among other things handles identity/access management and secure mobility management services. Based on its latest second quarter regulatory filing with the SEC, Oak Ridge Investments LLC increased its stake in Synchronoss by roughly 5.5%. Reports show that Oak Ridge's holders were 2.69 million shares of Synchronoss at the end of this year's second quarter, valued at $87.14 million, which was up from 2.55 million at the end of the previous reported quarter. Oak Ridge manages about $4.04 billion and $3.82 billion U.S. long portfolio.

Synchronoss hit lows of $20.33 at the beginning of February during the same period the industry seemed to have seen an identical consolidation. But since hitting these levels, shares have remained in an overall bull trend, climbing as high as $43.65 in recent weeks.

With continuous reports of data breaches, sizable hacks, and everything in between, there's no question that the need for a viable cyber security/access management system is needed at all levels of business. With larger growth projected over the short a midterms and with the direction that technology is pushing industries of all sizes, this is one space to which investors should pay close attention.

Disclosure: The author owns 25,000 shares in IDdriven Inc. and no other companies mentioned within this article and has received no compensation of any kind to write / publish this article, but he is affiliated with MIDAM Ventures LLC, a company that has an existing awareness agreement with IDdriven Inc.

Start a free seven-day trial of Premium Membership to GuruFocus.

This article first appeared on GuruFocus.