Thousands of cybersecurity professionals and hackers recently descended on the Las Vegas Strip for the Black Hat USA and DEF CON conferences. Attendees Charlie Miller and Chris Valasek, whose infamous Jeep Cherokee–hacking presentation stole the headlines at Black Hat USA 2015, were back to highlight more critical flaws in automobile security. The 2016 event saw politics steal the show, as Black Hat was host to a Hillary Clinton fundraiser on August 3. Still reeling from an online breach that led to the leak of almost 20,000 Democratic National Committee e-mails, including content about strategies for undermining Bernie Sanders, the Clinton presidential campaign joins a long list of cybercrime victims.
For investors who may not know the difference between phishing and a Trojan horse, financial data analytics specialist Kensho Technologies is one of several firms offering indexes that seek to capitalize on the rising demand for cybersecurity. Cambridge, Massachusetts–based Kensho’s Cybersecurity Index (KCYBER) claims to stand apart from the competition by using natural language processing (NLP) to choose companies poised to play key roles in this fast-growing sector.
KCYBER is one of 11 New Economy indexes created by Kensho to track industries, ranging from autonomous vehicles to robotics, that are driving the so-called Fourth Industrial Revolution, a term coined by World Economic Forum founder Klaus Schwab to describe the successor to the digital revolution, which began in the late 1960s. There are currently no listed securities referencing the indexes, but Kensho licenses them to its institutional clients for use in products such as swaps and structured notes.
The cybercrime stakes are high for individuals, corporations and governments. In April 2015 President Barack Obama declared a national emergency in response to the problem, citing “the increasing prevalence and severity of malicious cyber-enabled activities” as dangers to the U.S. economy, national security and foreign policy. Obama followed up by requesting $19 billion for cybersecurity spending in the 2017 federal budget, $5 billion more than the previous year.
The financial sector is a prime target for hackers. JPMorgan Chase & Co. has doubled its annual cybersecurity budget, to $500 million; Bank of America Corp. spends more than $400 million a year and has pledged unlimited funding to combat such risks.
Virginia Rometty, chair, president and CEO of IBM Corp., has called cybercrime the biggest threat to companies everywhere. Although the number of cybersecurity breaches worldwide topped 90 million in 2015 and the average cost of a cybercrime surged to a record $12.7 million for U.S. companies, as many as 70 percent of attacks still go unnoticed, according to Bank of America Merrill Lynch. This blind spot suggests that businesses must spend more to remain secure. The global cybersecurity market will be worth some $202 billion by 2021, research firm MarketsandMarkets forecasts, a 65 percent increase over its roughly $122.5 billion value this year.
Kensho’s algorithm sifts through company filings to zero in on names with cybersecurity at their heart of their business strategy, using the location, frequency and context of key words to determine prominence. John van Moyland, the firm’s co-head of financial products, describes KCYBER and the other New Economy indexes as “dynamic, objective and comprehensive,” citing Kensho’s computing power.
The indexes are reconstituted annually, according to Kensho; once every quarter, it applies a liquidity filter to KCYBER that requires each constituent to meet a minimum market capitalization of $250 million and a three-month average daily trading volume of $2 million. KCYBER, which currently comprises 36 stocks intended to represent the global cybersecurity industry, highlights an area of outsize growth during a time of relatively meager investment returns: Since inception in May 2013, the index has returned more than 65 percent, gaining some 8 percent this July alone.
One KCYBER constituent is Palo Alto Networks, a Santa Clara, California–based enterprise cybersecurity provider that recently announced an agreement to help build a defense platform for professional services giant Accenture. Other U.S. names in the index include cloud services provider Akamai Technologies and aerospace and defense contractor Raytheon Co. Among its overseas stocks: Amsterdam-headquartered security software developer AVG Technologies and Elbit Systems, a defense electronics maker based in Haifa, Israel.
Technological changes should provide plenty more fodder for the Cybersecurity Index. The three pillars of what BofA Merrill Lynch Global Research calls creative disruption — the Internet of Things, the sharing economy and the shift to online services — have spawned a new universe of businesses and objects that can be compromised by a cyberattack.
Sarbjit Nahal, London-based head of thematic investing at BofA Merrill Lynch, notes the danger that cybercrime poses to these burgeoning fields. Of the three, the Internet of Things, which has Web-enabled everything from cars to home thermostats, is projected to become the largest market and drive the most cybersecurity spending. Last month Jeep maker Fiat Chrysler Automobiles announced that it is teaming up with Bugcrowd, a crowdsourced cybersecurity company based in San Francisco, to find gaps in its security software by paying a bounty for identifying potential breaches.
In the sharing economy, a business like Airbnb offers fertile ground for criminal activity, given that hosts and guests can compromise the Wi-Fi provided with accommodations. The rise of online services has given hackers a wealth of opportunities involving card-not-present transactions, those in which merchants don’t have access to a physical credit card for payment.
As the Fourth Industrial Revolution gathers speed, the world is scrambling to adapt to cybercrime’s new reality. Kensho’s Cybersecurity Index gives investors a way to follow the money.