Oh Look, Another Hack Attack

by: Matthew Senicola CRPC®

Each year another major corporation suffers a costly hack attack.

Spending in the global cybersecurity is shattering records.

As cyber crime levels remain elevated demand for security products and services should remain strong.

We still have not seen the worst of cybercrime and one thing is certain - it's getting dangerously worse. In my opinion, from an investment standpoint the cybersecurity sector is one of the most exciting in terms of potential growth.

On September 28th, Facebook (FB) informed the world that it was the victim of yet another major data breach resulting in the compromise of more than 30 million user accounts - the largest cyber attack on the company to date.

Source: Pixabay

Sadly, they are not alone in this diatribe. It has become common occurrence to learn yet another major corporation has suffered a costly breach - occurring so frequently, in fact, that we have become a bit apathetic about the news of a new hack. Yet the impact on we, the consumer, is daunting. Let's recap the last few years:






Global Payments (Visa/MasterCard)

1.5 million cardholders

$82 million



40 million credit/debit holders

$292 million


Home Depot

56 million credit/debit holders

$161 million



78 million policy holders

$100 million



3 billion customer accounts

$400 million



147 million customer accounts

$439 million



30 million customer accounts

$1.6 billion


As you can see, these constant attacks affect many of the large corporations with whom we conduct business each day - making it critical that companies take immediate and consistent measures to ensure that their cyber risk is mitigated.

By level of account holder impact, Yahoo! currently gets the unfortunate credit for the largest breach in history. Since 2013, the company has fallen prey to repeated attacks which, when aggregated, has impacted over 3 billion customer accounts. The subsequent class action suit concluded recently, closing a chapter on one of the most expensive court actions regarding technology breaches to date. If matters could be made worse, as a result, Verizon (VZ), who was in the process of acquiring Yahoo!, reduced their purchase price by $350 million dollars after they learned of the size and scale of the assault.

Source: Pixabay

Yet they are not alone… Ebay (EBAY), J.P. Morgan (JPM), Under Armour (UAA), LinkedIn, Adobe (ADBE), and TJX Companies (TJX) join these ranks - reporting customer account data breaches as well. And while large corporate attacks and the subsequent damages are typically the most newsworthy, there are plenty of small companies who have suffered the same circumstances, most with limited resources to recover. Clearly, regardless the size of the company, measures need to be implemented to ensure that cybersecurity is a top priority.

Consequently, the expense for such endeavors has grown exponentially over the years. To put it in perspective, according to a recent study done by CSO (the cybersecurity initiative of IDG, a global technology services company), " Global security spending is anticipated to exceed $1 trillion dollars cumulatively from 2017-2021. In 2004, the global cybersecurity market was worth approximately $3.5 billion dollars and reached over $86.7 billion at the end of 2017."

Obviously, corporate expense in defending these attacks is shattering records globally. This year companies are projected to spend more than $114 billion in their efforts - an increase of over 12% from 2017. 2019 projections may exceed $124 billion, making industry analysts who have significantly underestimated these spending trends in previous years begin to take notice. More recently, analysts have been quizzing management teams on quarterly earnings calls to get a better understanding of how these expenses will impact margins.

J.P Morgan is one company that understands the damage that can be caused. After a highly publicized 2014 security breach that exposed 83 million individual and small business customers, management decided to take the issue seriously and doubled their security spending to the tune of $500 million per year. This may still not guarantee that another cyber attack won't occur, but it better prepares the company by beefing up its defense. Many more companies are starting to follow suit. In fact, larger companies, like Facebook, may be looking to acquire cybersecurity companies to bring the efforts in-house.

In light of the global response to enhanced security efforts, NASDAQ in 2010 formed the CTA Cybersecurity Index to track the performance of companies engaged in the cybersecurity segment of technology and industrial companies. As is common in most high growth cutting-edge industries, these companies are highly competitive and usually trade at an elevated level of volatility. Since this industry is ever-evolving, and many the average investor who is interested in gaining exposure to the sector may be better suited to spread the risk and allocate capital into a fund rather than trying to pick individual winners.

Source: Pixabay

One ETF that attempts to track the index performance before fund fees and expenses is the First Trust Nasdaq Cybersecurity ETF (CIBR) which has about $766 million in assets and holds a basket of approximately 38 companies.

Another is the ETFMG Prime Cybersecurity ETF (HACK) which is double the size with $1.6 billion in assets and has 52 holdings. This fund has a broader base of holdings and utilizes a different benchmark known as the Prime Cyber Defense Index. According to the owner- Prime Indexes, they designed it to measure the performance of companies engaged in the fight against cybercrime. To be considered as part of The Prime Cyber Defense Index a company must either: i. Engage in providing Cyber Defense applications or services as a vital component of its overall business, or ii. Provide hardware or software for Cyber Defense activities as a vital component of its overall business."

Both ETF's have exposure to US and international cybersecurity companies and carry an annual expense ratio of approximately .60%.

Cybersecurity company products and services continue to be in high demand and that trend should remain strong based on the elevated risk of cybercrime. Cybersecurity Ventures predicts "Cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015". If they are accurate, that number should be downright frightening for corporations.

In conclusion…

I would advise a note of caution before jumping in with a full investment allocation. The current market trends may be shifting as investors are quickly losing their appetite for risk. The technology sector is under assault after reaching a multi-year high just a month ago and investors have been fleeing expensive growth-oriented stocks for safer names with lower volatility and p/e multiples. In times like these, it is wise to assemble a "wish list" of ideas and pick your spots carefully. This recent exodus could create a fantastic buying opportunity soon for the patient investor.

Disclosure: I am/we are long HACK, FB, JPM, UAA. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.

Additional disclosure: Additional disclosure:Securities and Investment Advisory services offered through NBC Securities, Inc., member FINRA and SIPC. Investment products 1) are not FDIC insured, 2) not guaranteed by any bank and 3) may lose value including a possible loss of principal invested. NBC Securities does not provide legal or tax advice. Recipients should consult with their own legal or tax professional prior to making any decision with a legal or tax consequence. The opinions and ideas expressed in the commentary are those of the individual(s) making them and not necessarily those of NBC Securities, Inc.