Rosenberg Research: Companies that protect data in the cloud offer a great risk-reward profile

Article content

By Bhawana Chhabra

“Data is the new oil” — Clive Humby, British mathematician and tech entrepreneur.

Article content

This quote couldn’t be truer in today’s context. If data are indeed the new oil, then more wars will be fought in cyberspace than in physical battlegrounds, which is increasingly the case. And as the aerospace and defence industry is to physical confrontation, so is the cybersecurity industry to digital wars.

Advertisement 2

Article content

Cybersecurity is not only an important aspect of national security, but also an important pillar of risk mitigation for companies. As most businesses integrate cloud and generative artificial-intelligence services into business operations, companies are more prone to cyberattacks than they have ever been historically.

Article content

This provides secular tailwinds to companies involved, which offer a great risk-reward profile. Strong earnings fundamentals only increase our confidence in this long-standing special theme of ours, which can be played through both global and U.S.-focused exchange-traded funds.

Per Statista Inc., the actual monetary damage from cybercrimes to U.S. companies grew roughly 2.5 times to US$10.3 billion in 2022, from US$4.2 billion in 2020, exhibiting 57 per cent annualized growth. That compares to 33 per cent between 2001 to 2020, indicating a sharp acceleration in cybercrime-related costs for the companies.

Costly ransom demands

While 2023 numbers are not yet available, the year had some of the most expensive cyberattacks in history (keeping in line with the trend). Two examples were ransomware attacks on MGM Resorts International and Johnson Controls International PLC, where the ransom demands were US$100 million and US$51 million, respectively.

Article content

Advertisement 3

Article content

The evolution of technology, cloud operations and generative AI means that these areas now account for 82 per cent of breaches, according to International Business Machines Corp. It’s not just about managing software and hardware vulnerabilities anymore; it’s about setting up systems that can detect and thwart new kinds of attacks.

This has implications for the performance of different kinds of cybersecurity firms. Consequently, the sector is transforming from old-generation firewall products to securing the cloud from attacks emerging from large language model modification or deepfake phishing attacks, which are hard for traditional products to detect.

As different companies in the cybersecurity space are aligning their offerings to the evolution in technology at a faster pace, this leaves the current cybersecurity market more segmented. A great example would be the divergence between CrowdStrike Holdings Inc. and Palo Alto Networks Inc. in the latest earnings season.

Protecting the cloud

CrowdStrike is a pure-play cloud security provider and posted an all-around beat, while Palo Alto missed its billing forecast and has been transitioning from hardware to software to align their products business with evolving threats.

Advertisement 4

Article content

Consequently, CrowdStrike’s share prices were up 11 per cent while Palo Alto’s fell 28 per cent on the days following their respective earnings releases. This implies there is going to be consolidation in the space going forward, setting the stage for differences in performance between companies.

Overall, however, the fundamentals of this space are strong. We have analyzed two indexes: Bloomberg Intelligence’s Global Cybersecurity Thematic Basket and the Nasdaq’s U.S.-based cybersecurity index. The Global Basket and Nasdaq cybersecurity index have delivered 19 per cent and 27 per cent annualized price returns, respectively, since the end of 2019, versus 17 per cent and eight per cent in the Nasdaq composite and the S&P 500, respectively.

Despite this outperformance, their risk-reward profiles remain much more favourable compared to the headline indexes:

  • Annualized three-year earnings growth expectations for the global basket (29 per cent) and the U.S. cybersecurity index (21 per cent) are considerably higher than the Nasdaq (16 per cent) and the S&P 500 (seven per cent).
  • With limited history available (going back to 2018), the forward P/E of the global basket and the U.S. cybersecurity index relative to the S&P 500 lie in the bottom one per cent and 15 per cent of all values, respectively.
  • This makes the price-to-earnings-growth ratio for the global basket (1x) and the U.S. cybersecurity index (1.3x) very comfortable when compared to both the Nasdaq (1.8x) and S&P 500 (3.1x).
  • The expected profit margin in 2024 for both cybersecurity indexes averages 15 per cent better than both the Nasdaq and the S&P 500 at 13 per cent each all in. As technology evolves, cybersecurity threats are increasing at a comparable or faster pace, providing secular tailwinds to the sector.

Advertisement 5

Article content

That cybersecurity spending is non-discretionary, and the companies involved have strong fundamentals along with great risk-reward profiles, just adds to our conviction.

This theme can be played through the Global X Cybersecurity and First Trust Nasdaq Cybersecurity ETFs.

Recommended from Editorial

Additionally, in light of evolving technology and a fragmented market, you can invest in stocks specializing in cloud-security solutions for even superior returns (over traditional networking and firewall protections).

Bhawana Chhabra, CFA, is a senior market strategist at independent research firm Rosenberg Research & Associates Inc., founded by David Rosenberg. To receive more of David Rosenberg’s insights and analysis, you can sign up for a complimentary, one-month trial on the Rosenberg Research website.

Article content

Source link