Cybersecurity Sector Faces Reckoning After Coronavirus HitsWall Street Suffers Worst Loss in 12 Years; White House Floats Stimulus Package
Monday is a day that Wall Street - and cybersecurity firms - are not likely to forget anytime soon.
See Also: Role of Deception in the 'New Normal'
With the twin threats of COVID-19 spreading throughout the world and oil prices plummeting nearly 34 percent due to a dispute between Saudi Arabia and Russia over production, Wall Street suffered its biggest loss in 12 years.
On Monday, the Dow lost more than 2,000 points, dropping 7.8 percent in one day, while the S&P 500 declined by approximately 7.6 percent, CNN reported. Oil prices also dropped to their lowest level since 1991.
On Monday night, the Trump administration began floating ideas for a financial stimulus package that would include a payroll tax cut and other measures, according to Bloomberg reports.
During Monday's sell-off, some of the world's biggest technology and cybersecurity firms saw their values plummet, with IBM's stock price dropping 7.8 percent, the value of Microsoft falling over 6 percent, and CrowdStrike's stock price losing about 6 percent. Other cybersecurity-specific stocks that took a hit on Monday included Fortinet, Palo Alto Networks and Zscaler.
On the upside, stock futures rallied overnight on Monday, with CNBC reporting that "futures on the Dow Jones Industrial Average indicated an opening surge of 1,100 points on Tuesday," while both S&P 500 futures and Nasdaq-100 futures looked set to boost the indexes.
But the bigger question now is: Can the cybersecurity market withstand these market forces, and if so, for how long?
Short-Term and Long-Term Impacts
In recent days, financial and technology experts have been offering different views on the short-term and long-term impacts facing the sector.
Art Coviello, a partner at Rally Ventures who formerly served as CEO of RSA, tells Information Security Media Group that the long-term outlook still is good. "Forecast: short term cloudy and cold, but long term sunny and hot," he says, adding that the long-term enterprise adoption of technologies such as cloud computing, agile development, operation technology, internet of things devices and 5G will continue to serve as catalysts for security companies, boosting their bottom lines (see: Art Coviello on CISOs and the Board).
Some investors, however, believe that the new coronavirus, COVID-19, will have a significant, detrimental effect not just on security firms but also the global economy.
Before the market plummeted on Monday, Sequoia Capital - one of the world's largest venture capital firms and a major investor in security companies such as Armis, FireEye and Okta - released a report on Thursday warning of a likely Black Swan event, which is defined as any unforeseen event that has a major, often catastrophic effect.
In its note to investors, Sequoia warned companies to begin cutting costs and revising their sales forecasts for the year.
But BlackRock Investment Institute has offered a different perspective. In a Monday bulletin, the organization notes that many of the recent losses on Wall Street are likely short-term and reversible if countries begin to take more aggressive public health measures and provide some fiscal stimulus from central banks.
"This is a time for investors to keep a long-term perspective," according to BlackRock's report. "The ultimate depth and duration of the coronavirus' economic impact are highly uncertain, but we still believe the shock should be temporary as the outbreak will eventually dissipate and economic activity will normalize - assuming the needed policy response is delivered."
'Market Will Move With a Herd Mentality'
Coviello likewise appears bullish about long-term prospects for the cybersecurity sector. "Security stocks are obviously not immune to general market conditions," he says. "As always, the market will move with a herd mentality and will continue to gyrate with any new information about the coronavirus. If the virus becomes more severe it could cause a slowdown in the economy but the fundamentals prior to the coronavirus were good, so a near-term bounce back would be probable."
"Forecast: short term cloudy and cold, but long term sunny and hot."
—Art Coviello, partner, Rally Ventures
In the short term, however, Coviello says security firms face a likely reckoning from COVID-19 concerns over their valuations. "All of this may have an ameliorating effect on the already high security valuations, but I believe the cream will rise," he says, as well as recover more quickly.
"Security companies with the best value propositions, traction and technology will recover much faster and I would expect to see unevenness in any bounce back as a result - both public and private," he says. "Overall, continued adoption of cloud, use of agile development, the rise of OT and IoT and ultimately 5G will be tremendous catalysts for security companies given the related risk of adoption."
Cybersecurity in the Long Run
Some firms could benefit even more quickly, especially as more organizations instruct employees to work from home. But they must re-evaluate their cybersecurity posture to ensure that workers aren't exposed to attacks when outside the corporate firewall, says Chris Pierson, CEO of cybersecurity firm BlackCloak.
"Cybercriminals are not taking a break during this global pandemic and neither will the defenders or their suppliers, so I think the outlook is extremely positive," Pierson tells ISMG. "Since the majority of cybersecurity companies are offering SaaS or API-based platforms, it is unlikely we'll see a major decline in utilizing or acquiring cyber controls. Furthermore, the amount of remote work and the ease of video calls should make an in-person requirement moot."
The COVID-19 outbreak also hasn't driven the cybercriminals away. Instead, as with any major crisis, criminals have already added the event to their arsenal, at least from a social engineering standpoint (see: More Phishing Campaigns Tied to Coronavirus Fears).
With more employees going mobile - namely, working from home, even in organizations that previously discouraged remote work - experts also expect to see a short-term boost in the stock price of numerous companies as a result of a surge in demand for collaboration tools. Kayode Omotosho, a self-described ethical hacker and equity researcher, notes that companies such as Microsoft, Slack and Zoom are likely to benefit from organizations' temporary move to make more of their workforce mobile. This, in turn, will help security firms that offer cloud-based tools such as SIEM, log management and distributed denial of service protection, Omotosho writes in a Monday post to the financial website SeekingAlpha.
"This is a win for cloud security stocks as the volume of data in transit assessing cloud platforms increases significantly," he says. "The conclusion is that you shouldn't be worried about the demand for cloud security stocks."
M&A Activity Continues
At least until Monday's market tumble, the cybersecurity sector's merger and acquisition activity had been strong since the beginning of the year. On Jan. 7, for example, private equity firm Insight Partners struck a deal to acquire internet of things security startup Armis. The all-cash deal valued Armis at $1.1 billion (see: Insight Partners' Latest Purchase: IoT Security Firm Armis).
That same week, Accenture announced plans to buy the former Symantec Cyber Security Services business from Broadcom for an undisclosed sum. Accenture, which is best known as a consulting firm, now plans to build out its managed security business and offer new services to customers (see: Accenture to Buy Former Symantec Services Unit From Broadcom).
Even amidst the Monday chaos, as Wall Street markets crashed and trading was briefly halted, cybersecurity M&A activity continued in the form of WatchGuard Technologies, which is known for its network security tools and threat intelligence, announcing a deal to acquire Panda Security, a 30-year-old security firm that specializes in endpoint protection and is based in Spain. While financial deals were not disclosed, El Pais newspaper reported that the deal is valued at about €280 million ($314 million).
With Wall Street in flux over COVID-19, Joseph Krull, an analyst with Aite Group and a former CISO, says that some of this concern could spill over into the venture capital and private equity space, meaning there might be less money for start-ups and mergers and acquisitions in the coming months. Any slowdown, however, is likely to be short lived. In addition, there will be bargains for companies willing to invest, he says.
"Cybersecurity companies without a clear path to profitably may have merge with other companies or simply exit the market," Krull tells ISMG. "On the positive side, this can be a good time to acquire key intellectual property for a nice price or push artificially inflated valuations down to reasonable levels."
Executive Editor Mathew Schwartz contributed to this report.