Pay for Privacy; Subscribe for Security

Weekly updates in the innovation economy.

Drawing Capital Newsletter

October 9, 2020

If your primary email was compromised, how much of your life would be at risk? How many apps and services use that email for Single Sign-On? Do your bank accounts use the same password? Is it easy to compromise your friends and family?

If your company stored millions of bank accounts and credit card credentials, how would you protect that data from hackers?

Imagine various deep fake videos and fake news articles convinced you that America was being attacked by an enemy. How scared would you be? What decisions would you make that a criminal could exploit?

Security and privacy are becoming increasingly important in this digital age because:

1. Data is collected abundantly

2. Anything is easily shared over the internet

3. Digital assets can be copied or deleted in milliseconds

4. Personal Identifiable Information is often protected by a single vulnerable password

5. Truth can be manipulated easily to social engineer victims

To summarize the growing need for cybersecurity, here’s a few metrics that are worth understanding:

• Cybersecurity grew from a $137 B market in 2017 to $184 B in 2020 with the expectation of reaching $248 B by 2023. 

• More than 93% of healthcare organizations have experienced a data breach over the past three years.

• 500,000 cybersecurity jobs are unfilled in the U.S.

• Share prices fall by 7.27% on average within 14 business days after a breach.

• Total cost for cybercrime globally will reach $6T by 2021, up from $3T in 2015. That’s ~7.4% of the global GDP. As a comparison, in 2019, health expenditures accounted for ~9.8% of the global GDP in 2017. Also, the direct and indirect impact of the global travel and tourism industry is about 10.3% of global GDP .

• Average data breach costs $8.2mm in the US.

Here’s a table of expected growth and declines in various IT-related jobs from 2019-2029:

There is clear demand for Information Security Analysts over the next decade. With Software Developers also expecting to increase, more software means more cybersecurity requirements.

To learn more about this industry, let’s dive into what a few companies are doing in this space.

Palo Alto Networks ($PANW), +6.02% YTD as of 10/4/20

Palo Alto Networks was founded to solve the problem of fragmented security products that were on premise. Companies purchased machines that ran virtual machines protected by the security products offered by various companies. This raised a couple issues:

1. If adversaries knew the limitations of the machine, they can easily plan a Distributed Denial of Service (DDOS) attack, which paralyzes systems by overwhelming them with hordes of requests.

2. On premise machines required daily security updates which prevent employees from being productive during installations. As a result, companies would often wait months between updates.

3. Clients spent time managing and balancing multiple security products which sometimes were incompatible with each other.

Cue Palo Alto Networks, who shifted security to the cloud and offered their “Next Generation Firewall” which was updated and maintained by software in the cloud.

CrowdStrike ($CRWD), +180.47% YTD as of 10/4/20

CrowdStrike offers a product called Falcon which protects users offline and online by monitoring a computer’s processes, events, and files.  With the use of crowd-sourcing, machine learning, and historical context, the Falcon Sensor can prevent users (and adversaries) from opening or executing harmful programs and commands. Admins can also set up a prohibited list of items that users can perform on their computers.

The difference in CrowdStrike versus other companies is that CrowdStrike focuses on the moment that your computer is breached and provides services to immediately remedy the situation to minimize damage to any infrastructure. CrowdStrike also only offers subscription software-as-a-service (“SaaS”) products; there is no on-premise device, which CrowdStrike believes to be ancient technology.

Zscaler ($ZS), +205.48% YTD as of 10/4/20

Security protocols are changing with the shift from headquarters to remote work combined with the shift of applications running inside corporate data centers to the cloud. Zscaler solves this by becoming the default gateway to the internet. All outgoing requests for users go through Zscaler before reaching cloud providers like Amazon Web Services (“AWS”), Microsoft Azure, Google Cloud Platform (“GCP”), etc. 

Zscaler also acts as a proxy between users and internal applications so that migrating those internal applications does not impact the users. The company thinks of themselves as a “digital exchange” that simplifies architecture, saves costs, and reduces latency for private, secure connections to internal applications compared to traditional security stacks. Customers subscribe to Zscaler (i.e. Security as a Service) by paying per user, which allows them to scale in alignment with the size of their company.

Closing Remarks

If you are interested in investing in the cyber security industry, unfortunately there is no good ETF that we see as a viable option. $HACK, returning ~12.7% YTD as of 10/4/2020 calls themselves a “cybersecurity ETF”, but their holdings do not include top performers. Similarly, $CIBR (First Trust NASDAQ Cybersecurity ETF) returned ~17% YTD as of 10/4/2020. As a comparison, the $SPX returned 6.69% YTD as of 10/4/2020 while the NASDAQ 100 Index returned ~27%.

We believe cybersecurity will only become more necessary as companies shift their workloads to the cloud, monetary capital is further digitized, and people spend more time online. Unfortunately, there is only going to be more reason and opportunity for adversaries to steal information and assets from individuals and corporations going forward. That is why everyone needs to understand and invest in some form of security for themselves.

---

References:

1.  "• Global cybersecurity market forecast 2017-2023 | Statista." 2 Mar. 2020, https://www.statista.com/statistics/595182/worldwide-security-as-a-service-market-size/. Accessed 3 Oct. 2020.

2.  "15 Alarming Cyber Security Facts and Stats | Cybint." 20 Jun. 2020, https://www.cybintsolutions.com/cyber-security-facts-stats/. Accessed 3 Oct. 2020.

3. "How data breaches affect stock market share prices ...." 20 Apr. 2020, https://www.comparitech.com/blog/information-security/data-breach-share-price-analysis/. Accessed 3 Oct. 2020.

4. "Historical | CMS." 17 Dec. 2019, https://www.cms.gov/Research-Statistics-Data-and-Systems/Statistics-Trends-and-Reports/NationalHealthExpendData/NationalHealthAccountsHistorical. Accessed 9 Oct. 2020.

5. "Economic Impact | World Travel & Tourism ...." https://wttc.org/Research/Economic-Impact. Accessed 9 Oct. 2020.

6. "Cost of a Data Breach Study | IBM." https://www.ibm.com/security/data-breach. Accessed 4 Oct. 2020.

7. "Information Security Analysts - Bureau of ...." 1 Sep. 2020, https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm. Accessed 4 Oct. 2020.

8. "Software Developers - Bureau of Labor ...." 1 Sep. 2020, https://www.bls.gov/ooh/computer-and-information-technology/software-developers.htm. Accessed 4 Oct. 2020.

9. "Computer Network Architects - Bureau of Labor Statistics." 1 Sep. 2020, https://www.bls.gov/ooh/computer-and-information-technology/computer-network-architects.htm. Accessed 4 Oct. 2020.

10. "Network and Computer Systems ...." 1 Sep. 2020, https://www.bls.gov/ooh/computer-and-information-technology/network-and-computer-systems-administrators.htm. Accessed 4 Oct. 2020.

11. "Computer Programmers - Bureau of Labor Statistics." 1 Sep. 2020, https://www.bls.gov/ooh/computer-and-information-technology/computer-programmers.htm. Accessed 3 Oct. 2020.

12. "Palo Alto Networks Vision and Strategic Direction - YouTube." 20 Jun. 2019,

    Accessed 3 Oct. 2020.

13. "Introduction to CrowdStrike Falcon Endpoint ... - YouTube." 13 Oct. 2015, Accessed 4 Oct. 2020.

14. "Tales of CrowdStrike / Saul's Investing Discussions - TMF." 24 Mar. 2020, https://boards.fool.com/tales-of-crowdstrike-34449490.aspx. Accessed 4 Oct. 2020.

15. "Two Zscalar video presentations / Saul's Investing Discussions - TMF." https://boards.fool.com/Message.aspx?mid=34306684&sort=postdate. Accessed 4 Oct. 2020.

16. "Your Cloud Transformation Journey with Zscaler - YouTube." 4 Aug. 2020,

    Accessed 4 Oct. 2020.

---

This letter may not be reproduced in whole or in part without the express consent of Drawing Capital Group, LLC (the “Drawing Capital”). 

This letter is not an offer to sell securities of any investment fund or a solicitation of offers to buy any such securities. An investment in any strategy, including the strategy described herein, involves a high degree of risk.  Past performance of these strategies is not necessarily indicative of future results.  There is the possibility of loss and all investment involves risk including the loss of principal.  

The information in this letter was prepared by Drawing Capital and is believed by the Drawing Capital to be reliable and has been obtained from sources believed to be reliable. Drawing Capital makes no representation as to the accuracy or completeness of such information. Opinions, estimates and projections in this letter constitute the current judgment of Drawing Capital and are subject to change without notice.  

Any projections, forecasts and estimates contained in this document are necessarily speculative in nature and are based upon certain assumptions. In addition, matters they describe are subject to known (and unknown) risks, uncertainties and other unpredictable factors, many of which are beyond Drawing Capital’s control.  No representations or warranties are made as to the accuracy of such forward-looking statements. It can be expected that some or all of such forward-looking assumptions will not materialize or will vary significantly from actual results.  Drawing Capital has no obligation to update, modify or amend this letter or to otherwise notify a reader thereof in the event that any matter stated herein, or any opinion, projection, forecast or estimate set forth herein, changes or subsequently becomes inaccurate.