Tech

Shira Ovide is a Bloomberg Gadfly columnist covering technology. She previously was a reporter for the Wall Street Journal.

It’s now clear that cyberattacks are a fact of life for corporations and governments. What’s less clear are the winners and losers among companies focused on stopping the digital break-ins. 

News about the WannaCry digital extortion attack that crippled hundreds of thousands computers worldwide caused predictable stock market euphoria on Monday. As tends to happen when there is a highly public cyberattack, share prices of cybersecurity technology specialists such as Palo Alto Networks, Proofpoint and Fortinet climbed. 

Cyber Winners
Shares of some companies that sell cybersecurity technology climbed Monday in the wake of a high-profile ransomware attack on governments and companies
Source: Bloomberg
Note: Share price gains through 12:40 ET Monday.

Many prominent digital attacks -- such as those on Target, J.P. Morgan Chase and Sony’s movie studio -- lift hopes of ringing cash registers at tech companies that make money from companies’ fear they’ll be the next victim. But even as computer attacks become more prevalent and damaging, they haven’t been a universal triumph for the cybersecurity industry.

It is true that corporate executives, boards of directors and governments are taking digital threats seriously . Research firm IDC expects spending on information-technology security to increase 8.7 percent each year through 2020 to nearly $105 billion, nearly three times the forecasted growth rate of all corporate and government technology spending. In a recent Morgan Stanley survey of big company information technology executives, digital security software was cited as the top 2017 spending priority by the second-highest number of respondents, trailing cloud computing technology. 

But there are no sure bets in the cyber world. Securing companies from computer intrusions is growing more competitive. A glut of options from from old-guard tech companies such as Cisco and from money-rich Silicon Valley startups is making it harder for all cybersecurity technology to stand out to prospective customers. The industry didn't do itself any favors, either. It has grown difficult to tell which companies are selling effective security safeguards and which ones are overpromising.

As a result, valuations of many onetime cybersecurity highfliers have come back from the stratosphere as investors started to rethink their indiscriminate bets. The First Trust Nasdaq cybersecurity ETF, composed of companies such as Cisco, Palo Alto Networks and Check Point Software, has underperformed the S&P 500 stock index. The security ETF has risen 11 percent since its inception two years ago while the S&P 500 has climbed 15 percent over the same period.

Hack Attack
Despite the hype about hacking, an index of cybersecurity companies has underperformed the S&P500
Source: Bloomberg

It's understandable for fretful companies to hunt for technology silver bullets to protect themselves from digital bad guys. But companies' fear of hackers doesn't erase the insecurity for the cybersecurity business.

This column does not necessarily reflect the opinion of Bloomberg LP and its owners.

  1. Fortinet is also likely getting a lift from the disclosure of a new investor, activist firm Starboard.

  2. It's worth noting that some companies didn't take digital security seriously enough to patch known vulnerabilities in Windows software, which opened the door to the WannaCry ransomware. 

To contact the author of this story:
Shira Ovide in New York at sovide@bloomberg.net

To contact the editor responsible for this story:
Daniel Niemi at dniemi1@bloomberg.net