The Billion-Dollar Bet That Better Software Can Stop Hackers

Updated on

About the only thing rising as fast as online mischief is the stock of firms trying to thwart it.

Companies from FireEye Inc. to Palo Alto Networks Inc. have taken off in 2015, extending the gain in a four-year-old index tracking network security firms past 200 percent. An exchange-traded fund tied to the shares just surpassed $1 billion in market value, having doubled in size since the start of April.

Online intrusions such as last week’s breach of confidential government employee records have fanned cyber paranoia, boosting spending on network security and making darlings out of companies with a hand in safeguarding digital data. The theme is starting to feed on itself among investors afraid of being left out.

“This is an industry where the higher the price goes, the more attractive it becomes to people,” said John Manley, who helps oversee about $233 billion as chief equity strategist for Wells Fargo Funds Management in New York. “It’s been a herd mentality in these stocks as these companies offer a level of security that wasn’t offered before.”

A 26 percent gain in 2015 and a frenzy of investor inflows swelled the market value of the PureFunds ISE Cyber Security ETF past the $1 billion threshold on Tuesday. That’s up from $107 million at the start of the year and $494 million at the end of the first quarter. The fund climbed 1.1 percent at 4 p.m. in New York.

Sales Growth

While the median stock in the ISE Cyber index trades at 24.6 times analyst earnings estimates, only 18 of the 30 companies are profitable -- although the number is projected to climb to 25 in the next 12 months, data compiled by Bloomberg show. The multiple compares with 17.6 times forecast income in the S&P 500.

“Most money managers are at least conscious of valuations, but 24 times doesn’t seem excessively high for the sector’s growth potential,” said Terry Morris, a senior equity manager who helps oversee about $2.8 billion at Wyomissing, Pennsylvania-based National Penn Investors Trust Co. “It’s not particularly vulnerable at current levels.”

Just over 3,000 data breach incidents happened worldwide last year, exposing 1.1 billion records, with 97 percent related to either hacking or fraud, Goldman Sachs Group Inc. chief U.S. equity strategist David Kostin wrote in a June 12 note. Last week, a government worker union said hackers stole data and Social Security numbers for every federal employee.

‘Arms Race’

“It’s almost an arms race between the hackers and the companies trying to stop being hacked,” Michael Ball, president and lead portfolio manager of Colorado-based Weatherstone Capital Management, which oversees $725 million, said in an interview. “Companies are willing to step up budgets to make sure the data stay secure.”

The median company in the ISE Cyber Security Index is expected to boost sales by 14 percent in 2015, according to data compiled by Goldman Sachs and Bloomberg. That’s more than three times the forecast revenue expansion for a broader group of U.S. technology companies, the data show.

A May survey by Goldman Sachs showed cash will continue to flow to the group, with almost 60 percent of respondents expecting a minimum 5 percent boost in security spending.

The fervor exceeded investor enthusiasm for drug developers, a group of companies so hot that Federal Reserve Chair Janet Yellen has twice called them out on valuation in the last year. The Nasdaq Biotechnology Index has risen 21 percent in 2015, trailing cybersecurity by 5 percentage points.

Broad Buying

It’s not just a few companies carrying the ISE Cyber Security Index higher. Twenty-seven out of the gauge’s 30 stocks have gained this year, as FireEye and CyberArk Software Ltd. led the way with gains of more than 68 percent.

The broad-based strength isn’t surprising to Manley, who says it’s common for investors to ride momentum by buying swaths of shares across multiple companies.

The group of companies will be evaluated as time passes, and the ones “doing something truly innovative and unique and differentiated” will retain their valuations, according to Mike Gregoire, chief executive officer of CA Inc., a maker of software for managing information technology.

For the time being, however, the entire group will continue to benefit, said Gregoire, speaking Tuesday at the Bloomberg Technology Conference in San Francisco.

Shiny, Unique

“We’re pendulum swingers,” Gregoire said. “When something is new and shiny and unique, it gets a high valuation.”

As the data breaches mount, large technology companies are looking at smaller data security firms as potential acquisition targets, FireEye Chief Executive Officer Dave DeWalt said in a May interview. Companies from Cisco Systems Inc. to Google Inc. are interested in one of the “fastest-growing, hottest” information-technology markets, he said.

Stock investor interest in the space has extended to the options market. Contracts protecting against a 10 percent decline in the exchange-traded fund tracking the ISE Cyber Security Index cost 27 points less than those wagering on a gain of the same magnitude on June 4, according to three-month data compiled by Bloomberg. That was the lowest level for the relationship known as skew since the ETF started trading in November, the data show.

“Investors are looking for a vehicle” into the stocks, Manley said. “This space is appealing right now.”

Before it's here, it's on the Bloomberg Terminal. LEARN MORE