Afraid of being hacked or cyber-compromised in some other way?
If you want to be very afraid, take a look at the online sites that track the daily flows of global cyber attacks in real time (similar to a real-time map of global airline routes in the good old days when planes actually flew).
For example, threatmap.checkpoint.com currently logs around 30 million attempted attacks a day, with the country locations of the offending and receiving parties changing dynamically from minute to minute.
Usually, the good guys thwart the attacks. But when the ‘black hats’ win over the ‘white hats’ in the constant game of cat-and-mouse, chaos abounds.
The attacks highlight the importance of constant vigilance on the part of government and companies, as well as individuals who remarkably are still vulnerable to the entreaties of disenfranchised Nigerian princesses.
With this week being Australian Cyber Week, what better time to enforce the message?
The silver lining to the dark threats is that cyber crime prevention has become a billion-dollar industry – and a thriving ASX sector covering high-level encryption work for sensitive government bodies to blocking children’s access to unsuitable sites.
Cyber security transitions from a tech issue to business risk
According to Tesserent (ASX: TNT) chief executive officer Julian Challingsworth, cyber risk management issues are permeating upwards to be top of the agenda for company boards and government cabinets.
After all, there’s nothing like the deterrent of becoming front page news because of “very public and very value destroying” data breaches.
“Cyber security has transitioned away from being a technology problem – the domain of a chief technology officer or network engineer – to a business risk,” he said.
If boards need any further persuading to take the threats seriously, it’s now mandatory for enterprises with $3 million of revenue or more to report cyber security breaches and – in some cases – inform customers their data has been compromised.
At a national security level, the risks were paraded by Prime Minister Scott Morrison, who warned of a serious cyber threat from a “sophisticated state-based actor” – presumably Chinese.
The government’s cyber security cash splash
In August, the government announced a $1.7 billion spend on cyber security measures over 10 years. In a separate defence announcement in July, the nation’s custodians also earmarked $15 billion for “cyber and information warfare capabilities”, also over a decade.
Canberra is also expected to require companies in sensitive industries to invest in cyber security, which shows the mutual obligation concept is not confined to Jobseeker recipients.
Target industries include the banks, utilities and healthcare.
The cyber spondoolies are music to the ears of Tesserent, which has emerged as the biggest ASX-listed cybersecurity provider in a burgeoning sector. The company is also the undisputed leader in the Canberra market, including to secret squirrel departments such as defence.
Mr Challingsworth said Tesserent’s acquisition-fuelled growth may have caught investors by surprise; three years ago the company turned over a “stagnant” $5 million and employed 19 staff.
The company was also losing $3 million a year.
Now, the company employs 220 cybersecurity experts and chalked up $20 million of revenue in the year to June 2020.
Tesserent derives about half of this revenue from government departments and agencies and this is only likely to increase.
The company also serves about 700 business customers, which account for about 30% of revenue. This sector is not growing as fast but is benefitting from the need for extra security for staff who are working at home and especially vulnerable to the online scofflaws.
Tesserent’s acquisition spree
Growth has also been fuelled by an acquisition binge: seven smaller businesses over the last 15 months.
Mr Challingsworth added that with the 5G-enabled explosion of Internet of Things (IoT) devices, the black hats will have a picnic.
“They massively increase the attack surface, in that relatively basic devices provide a way into the organisation for hackers,” he said.
Could the 5G conspiracy theorists be right after all?
Given the strong demand for its wares, Tesserent aims to increase its annualised revenue from $100 million to $150 million, partly from more acquisitions in the still-fragmented sector.
The company also wants to increase its market cap from $200 million to $300 million-plus and become profitable by next year.
Sensitive document sharing
Similarly, Archtis (ASX: AR9) is Canberra-based and is sharing the love going around since Sco-Mo’s cyber boost, having signed $5 million of new deals with the Department of Defence, defence contractor Northrop Grumman and Curtin University.
Archtis’ key offering is a tool called Kojensi Gov, a cloud-based platform that enables sensitive documents to be shared without fear of leaks or other breaches.
The gist is that rather than creating a multiple of vulnerable checkpoints (such as user passwords), Kojensi creates an electronic fingerprint on the data or documents determining who can access the material and where and when.
Come to think of it, most other cyber security operators go out of their way to ensure the data is not shared.
Archtis listed in September 2018 but the shares were well askew of the $0.20 listing price until mid-June, when they climbed from sub $0.05 to as high as $0.58.
US security expertise
Whitehawk (ASX: WHK), meanwhile, takes the ‘honest broker’ role of an online cyber security exchange. This involves devising a risk scorecard for a small-to-medium enterprise (SME) client and matching the business with the most suitable security provider.
Whitehawk doubled revenue in the June half to $585,835 and also posted a $1.26 million loss.
Based in Washington DC, Whitehawk also consults to government and businesses including the United States Department of Homeland Security.
It no doubt helps that Whitehawk chief executive officer Terry Roberts is the former deputy head of US naval intelligence – and can therefore keep a secret.
What we can tell you without fear of rendition is that Whitehawk has struggled to gain traction with investors since listing in January 2018 at $0.25 apiece, but recent momentum has been more positive.
Old favourite and mixed bag investments
Other ASX-listed cybersecurity exponents include high-level encryption specialist Senetas Corporation (ASX: SEN), which has been listed since 1999.
Back then, government and business leaders were more concerned about the Millennium Bug, which turned out to be a conspiracy theory created by the IT industry.
A former day traders’ favourite, Senetas turned over $5 million last year but still struggles for consistent profitability (reporting a $3.6 million loss). Reassuringly, the company’s $66 million market entity is backed by $15 million of cash and no debt.
As its name implies, Family Zone Cyber Safety (ASX: FZO) provides internet screening tools for impressionable young ones.
The $150 million market cap entity turned over $5 million and lost $17 million the last financial year, but there’s still some way to go in keeping kids free of the online nasties.
For investors unwilling to sort the wheat from the voluminous chaff in a still-maturing sector, there is always the diversified option of exchange traded funds (ETFs).
With the apt ASX ticker of HACK, the $285 million Global Cybersecurity ETF offers a one-stop exposure to 40 offshore cybersecurity providers.