Cybersecurity Is Still At The Frontline Of Geopolitics
By Christopher Summer, CFA
We recently hosted one Office hours webinar on Disruptive Growth Megatrends. During the audience survey, “geopolitics” was a big topic focused on. When analyzing global investment flows to different mega-trend investment vehicles, cybersecurity was also a big theme.1
However, despite all the focus people are putting on cybersecurity, the stock price performance of companies has not been excellent.
As we look at the image and the landscape, we observe:
- Much attention was focused on cybersecurity as a result of the Russia / Ukraine crisis. Microsoft (MSFT) recently released a report that summarizes some of the real attack efforts Russia is making against Ukraine and other NATO members.2
- The way cybersecurity is done has evolved, especially with the COVID-19 pandemic and the need for many people to access all kinds of data from anywhere. Many of the companies offering these innovative solutions are newer, possibly only entering public markets recently. As they seek to reach the ladder, they may have income, but they may not yet have positive cash flows or free earnings.
- The macroeconomic backdrop works independently of any specific cybersecurity concerns; to put it simply, inflation is high and central banks are pursuing policies to combat it. A side effect is that newer firms that do not yet have positive earnings have been punished with a negative return on stock prices and lower valuations. The first half of 2022 has been seen with a very broad approach, so we believe that at some point it will be reassessed that a company that offers cybersecurity solutions should be treated differently from one that offers a service. more discretionary.
Here, we can take a look at some of these different factors in turn.
Microsoft’s cybersecurity report on the Ukraine conflict so far
A notable factor, which would not have been the case in any previous conflict, is that Ukraine was able to introduce into the cloud much of its most critical systems and data. Microsoft noted the provision of services valued at $ 107 million (provided to the Ukrainian government at no charge) to help with this transition to the cloud. The result is that there is no “in situ” physical data infrastructure that Russia can target and destroy.3
Russia is conducting cyberattacks on multiple fronts and operational units4:
- GRU (Main Directorate of the General Staff of the Armed Forces of the Russian Federation): The GRU is involved in attempting to steal data with fishing attacks through its operation STRONTIUM. Its IRIDIUM operation shows some of the types of malicious software aimed at data destruction. DEV-0586 is also involved in data destruction and influence operations.
- SVR (Foreign Intelligence Service of the Russian Federation): Operation NOBELIUM has been extended to diplomatic targets of Ukraine and NATO members.
- FSB (Federal Security Service in Russia): The FSB’s ACTINIUM, BROMINE and KRYPTON operations are mainly involved in attempted fishing and theft of additional data.
The report also notes that Russia has been very adaptive in its cyberattacks, combining them with physical attacks against specific targets, for example. Good words to describe efforts so far could be “strategic” and “deliberate”. So far, there has been no attack with “wormable” malware, such as the 2017 NotPetya attack, in which malware could jump from one computer network to another. The attacks appear to have been designed to remain within Ukraine.
The report also details 128 Russian network penetration and cyberespionage operations outside Ukraine. About half of these government agencies were targeted, but most importantly, the success rate was only 29%. It should be remembered that cybersecurity attacks can be a numbers game, but it is interesting that while the world is now fully focused on this, they are able to mount at least one somewhat effective defense, at least so far.
CrowdStrike (CRWD) is a well-positioned company for today’s cybersecurity environment, helping with cloud security and endpoint protection. In its most recent quarterly results, CrowdStrike increased its focus for the full year. Like many other security providers, CrowdStrike indicated that they have not seen any open evidence that customers are reducing their security spending. When articles are written and analyst coverage is conveyed, it is generally very positive and focuses on a solid long-term story for CrowdStrike.5
So where does the disconnect come from, specifically with such a difficult 2022 share price performance? While we probably can’t know for sure why a stock market trades the way it does, we can see that CrowdStrike has tended to have a very high valuation in relation to earnings or revenue. Perhaps the long-term growth history can support this, but in today’s macro environment, having exposure to such a high multiple company can lead to short-term volatility, regardless of the product or service being provided.
Conclusion: SaaS companies should negotiate based on the problem they solve
It’s amazing how competitive the Software-as-a-Service (SaaS) space can be. Think Shopify (SHOP) – a big deal. Its reward, at least one of them, for being a great e-commerce platform is to get to compete with Amazon (AMZN) Prime. Think Zoom (ZM): a familiar name. Now, they get to compete against Microsoft Teams, a pretty tricky order. It’s great that these beginners can keep up with some of the biggest companies in the world, constantly improving their product offering.
However, cybersecurity, in our view, is a little different from other SaaS companies. While the specific companies that people can work with are different, each company and really each person must have some sort of cybersecurity strategy to protect their data and other digital efforts. In addition, the space is constantly evolving, whether due to the COVID-19 pandemic, the Russia / Ukraine crisis or other factors. We believe that somehow we need to focus on newer companies that offer more advanced solutions. Even if the coming months can be volatile, we love the long-term case of this megatrend.
For those interested in the cybersecurity space, consider the WisdomTree Cybersecurity Fund (WCBR).As of 7/7/22, WCBR had 5.35%, 0%, 0%, 0%, 0% of its weight on CrowdStrike, Shopify, Amazon, Zoom Video Communications and Microsoft, respectively.
1 Sources: WisdomTree, Morningstar and Bloomberg. All data as of 31/03/22 from the WisdomTree quarterly thematic classification study and subsequent quarterly updates.
2 Font: “Defending Ukraine: Early Lessons from the Cyber War”, Microsoft, 6/22/22.
3 Source: Microsoft, 6/22/22.
4 Source: Microsoft, 6/22/22.
5 Source: Eric J. Savitz, “CrowdStrike Publishes Strong Earnings and Boosts Guidance, but the Stock Slips,” Barron’s. 2/6/22.
Important risks related to this article
Christopher Gannatti is an employee of WisdomTree UK Limited, a European subsidiary of the parent company of WisdomTree Asset Management Inc., WisdomTree Investments, Inc.
There are risks associated with the investment, including the possible loss of principal. The Fund invests in cybersecurity companies, which generate a significant portion of their revenue from security protocols that prevent intrusions and attacks on systems, networks, applications, computers, and mobile devices. Cybersecurity companies are especially vulnerable to rapid technological change, the rapid obsolescence of products and services, the loss of patent protections, copyright and trademarks, government regulation and competition, both nationally and internationally. The actions of cybersecurity companies, especially those related to the Internet, have experienced extreme price and volume fluctuations in the past that have often not been related to their operating performance. These companies may also be smaller and less experienced companies, with limited product or service lines, markets or financial resources, and fewer experienced management or marketing staff. The Fund invests in the included or representative securities of its Index regardless of its investment merit and the Fund does not attempt to exceed its index or take defensive positions in declining markets. The composition of the index depends largely on quantitative and qualitative information and data from one or more third parties, and the index may not work as intended. Please read the fund’s prospectus for specific information on the fund’s risk profile.
Christopher Gannatti, CFA, global head of research
Christopher Gannatti started at WisdomTree as a research analyst in December 2010, working directly with Jeremy Schwartz, CFA®, research director. In January 2014, he was promoted to associate director of research where he was responsible for leading different groups of analysts and strategists within WisdomTree’s broader research team. In February 2018, Christopher was promoted to Head of Research, Europe, where he will be based at WisdomTree’s London office and will be responsible for WisdomTree’s full research effort within the European market, in addition to giving support for the UCIT platform worldwide. Christopher came to Lord Abbett’s WisdomTree, where he worked for four and a half years as a regional consultant. He received his MBA in Quantitative Finance, Accounting and Economics from NYU’s Stern School of Business in 2010, and graduated with a degree in Economics from Colgate University in 2006. Christopher holds the position of Analyst. collegiate financier.
Editor’s note: The summary peaks in this article were chosen by the editors of Seeking Alpha.