News of data breaches at Target (TGT), Nieman Marcus and Michael's has increased public awareness of the deplorable state of data security in American companies. Eddie Schwartz, a vice president at Verizon Enterprise Solutions, said of the Target breach, "Retailers have to assume that they are constantly being targeted and actually constantly being penetrated." IDC Retail Insights, a research firm for the IT industry, estimates that spending on e-security in the U.S. will rise to $720.3 million in 2014, an increase of 5.7%.
A quick scan of the headlines shows the problem isn't limited to retail. The BBC has recently reported on a customer data security breach at thousands of U.S. hotels, Adobe Systems Inc. (ADBE) reported in October that 38 million accounts had been compromised, and Bell Canada announced last week that one of its third-party suppliers was hacked, compromising account information for more than 22,000 small business customers. Cynthia James, author of "Stop Cybercrime from Ruining Your Life" is even more insistent. "There are only two kinds of companies," she says, "those who have been breached and those who will be breached."
Is now the right time to invest in stocks that provide cyber-security solutions? The field is broad with some well-known and some not-so-well known names. The biggest player by far is Cisco Systems (CSCO) whose primary business focuses on internet hardware, but who tout themselves as the top revenue earner in enterprise security with more than $2 billion per year. Its position as the eight-hundred pound gorilla in the room gives it advantages of scale in contracts with other large corporations and government, and its deep pockets give it an advantage in R&D relative to competitors. What's more, Cisco sports a forward P/E of 10.46 and a dividend yield of 3.1%, which promises a decent ROI for value investors, and at $21 per share Cisco is trading closer to its 52-week low than its 52-week high.
But being Goliath has some obvious disadvantages, not the least of which is being too big to adapt. The next tier of companies in this sector, FireEye (FEYE) (market cap $2.11B) and Check Point (CHKP) ($12.14B) are smaller (by a factor of 10), though they are by no means small. Check Point is the industry leader in its cohort with a cash balance of $3.6 billion and free cash flow generation of $780 million for 2013. Though FireEye and other Check Point competitors like Palo Alto Networks (PANW) have brought products to market to challenge Check Point's dominance, its improving performance in higher-end data center products along with continuing solid sales of server message block (NYSEARCA:SMB) products have preserved its pride of place. As an investment, Check Point is safer for the value investor. FireEye, for example, has yet to turn a profit, though its stock is trading in the top 20% of its 52-week range.
The rest of the players in this field are small enough to be targets for possible acquisition if a sector consolidation is in the offing, which seems likely given the growing urgency across public and private domains for security solutions. Taking Cisco's acquisition of Sourcefire for $2.7B last year as a rule of thumb, Guidance Software (GUID), Barracuda Networks (CUDA), Imperva Inc. (IMPV), all have market caps below the threshold that make them attractive targets, though in love and cyber-war, nothing is guaranteed.
Disclosure: I have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.
Business relationship disclosure: Kapitall is a team of analysts. This article was written by Will Kenton, one of our writers. We did not receive compensation for this article (other than from Seeking Alpha), and we have no business relationship with any company whose stock is mentioned in this article.