Stories of hacking and distributed denial of service (DDoS) attacks on websites are becoming increasingly common.’s experience shows just how bad things can be and how much worse they could have been. And in the aftermath of the Paris atrocities, chancellor George Osborne has promised to double funding to fight cybercrime over five years.
AIM has a number of companies that are involved in cyber security and in some cases it is a major part of their business. However, many of them are still finding it difficult to build up revenues in spite of the obvious need to protect online data.
The increasing use of the cloud and smartphones provide additional problems when trying to secure information and data. In 2013, it was estimated that 552 million people around the world were affected by data breaches. The Ponemon Institute reported that 43% of US companies had suffered a data breach in 2014.
Two years ago, the UK government commissioned a study into the UK cyber security sector. The market was defined as cyber security software, services, equipment and related-infrastructure. Cyber security that is already embedded in other software is not included. The report says that old style IT security is like a coconut, hard on the outside but soft on the inside, but cyber security is like a mango, soft on the outside and hard inside.
This report estimated that the cyber security market would grow from £2.8 billion in 2012 to £3.5 billion in 2017. Software and services make up more than half of this figure. Consultancy is around 5% of the total but it was expected to grow at the fastest rate: 9% compound annual growth rate (CAGR) between 2013 and 2017.
Another study in 2013 estimated that the average annualised cost of cybercrime to the large UK companies analysed was £3 million.
has a long track record in security and intelligence operations, but it started its cyber division in April 2014, so it is barely much more than 18 months old. The cyber security operations centre was opened in the UK earlier this year and the managed service offering has been up and running for nine months.
Falanx also designs and builds these centres for clients. The centres use software developed by UK technology firm Assuria to defend clients against cyber attacks. Falanx offers a platform-as-a-service, with monthly charges based on varying levels of service.
Last year, Falanx secured a two year contract with CERT-UK, the government’s computer emergency response team. This government endorsement should help to reassure other potential customers about the services on offer. Government departments and corporate clients have contracts - but it has been a slow process.
Latest interim revenues were £792,000 and the cyber contribution was £26,000. It should be noted that, because of the monthly income model, revenues are spread through the contract life.
Falanx boss John Blamire admits that the sales process has been different and much longer than envisaged. There is a greater element of initial consultancy in order to assess the vulnerabilities and problems that an individual organisation has and advise on how to make systems more secure, before a decision is made on whether to sign up the managed service. Given that cyber security is so important, it is probably not surprising that clients are careful when making their decision.
focuses on keeping websites up and running by preventing DDoS attacks. Its SmartWall product provides real-time protection against these attacks by inspecting traffic and blocking it before it reaches the website. The global DDoS market is expected to be worth $1.5 billion (£983 million) in 2018.
There was a sharp rise in DDoS attacks in the second quarter of 2015, according to a survey by Corero. Sometimes DDoS attacks are done to distract, so that data can be hacked. Most attacks last for less than five minutes. Three-quarters of the companies surveyed by Corero said that their internet service providers (ISPs) should provide additional security and the majority of them were willing to pay extra for the service.
Corero is loss-making because it has built up its sales team and management ahead of growth in revenues. There has also been a reduction in revenues from older products, with growth in the newer core products not fast enough to make up for this. There was a $4.9 million cash outflow at the interim stage. The absence of any forecasts from house broker finnCap indicates how difficult it is to assess how fast the business can grow.
has a number of technology sector investments, but the core one is Cryptosoft, which has an encryption product that uses the Java standard and can work with any hardware and systems.
The Cryptosoft platform uses installed technology - the sender of the data and the receiver can be using different technology. The data itself is secured, rather than the hardware that transmits it, so it remains secure at every stage. The focus is the Internet of Things and machine-to-machine devices. The Tern share price has been particularly volatile andtook advantage of a sharp rise in order to reduce its stake during the summer.
Secure payments services are important andhas developed a range of services that are compliant with the Payment Card Industry Data Security Standards (PCI DSS), collectively named "Haloh". Eckoh was originally known for its speech recognition technology, but it has been PCI DSS Level One accredited since 2010.
The Haloh technology can be customised and shields a call centre from receiving card data. Instead, it goes from the customer to the payment service provider, without entering the systems of the contact centre.
The CallGuard product uses a Dual Tone Multi-Frequency (DTMF) masking method. This means that there is no concern about anyone hacking into the call centre system and finding card data. The US is a key market for Eckoh. Earlier this month, a US patent was granted for the CallGuard product, which has already been selling well.
As people become increasingly aware of the importance of digital security, demand will grow for the erasure of payment and other details from computers and electronic devices in order to prevent ID theft when a device is lost or thrown away.
Data erasure services provider Blancco was acquired byin April 2014 and the recent acquisition of US rival Tabernus makes the Blancco business number one in the US, as well as further enhancing its global number one status. On top of this, a product for mobiles has been launched which significantly expands the potential market.
Regenersis plans to sell its other businesses and concentrate on Blancco, which could make a 2015-16 operating profit of £7 million, although there will be central costs to subtract from that, on revenues of £21.5 million.
Tabernus is being acquired for $12 million - four times its annual revenues. On that basis, the whole division could be worth £80 million-plus and, given that it is seven times the size of its nearest competitor, probably more than that.
Equity Development argues that Blancco is worth 166p a share - based on six times 2015-16 revenues. That is nearly all of the Regenersis valuation and the sale of the other operations could lead to a 60p-a-share dividend, plus cash to invest in the core business.
There has been acquisition activity in the sector. Online data security services providerhad a buy and build strategy and in the spring it accepted a £50 million bid from software assurance business , which started on AIM before moving to the Main Market.
Accumuli provides a range of managed services, professional services and technology. The two companies had worked together and the business fits well with NCC’s consulting activities in IT security. Accumuli had estimated annualised revenues of £27 million and was expected to make a 2015-16 profit of £4.3 million and earnings per share of 2.1p.
Regenersis/Blancco and Eckoh are both profitable and have a strong foothold in their markets. They also pay dividends. These two companies offer strong growth, but it does not come cheap, although the true valuation of the Blancco business will be easier to assess once Regenersis sells its other activities. Eckoh is currently trading on 28 times 2016-17 prospective earnings, which reflects the growth prospects for the secure payments business.
This contrasts with Falanx, Corero and Tern/Cryptosoft, which are still trying to build a solid and profitable base. They may offer the potential of greater upside, but they are still cash hungry businesses, with enough cash for the time being. Without significant growth in revenues, however, more cash will be required.
This article is for information and discussion purposes only and does not form a recommendation to invest or otherwise. The value of an investment may fall. The investments referred to in this article may not be suitable for all investors, and if in doubt, an investor should seek advice from a qualified investment adviser.
These articles are provided for information purposes only. Occasionally, an opinion about whether to buy or sell a specific investment may be provided by third parties. The content is not intended to be a personal recommendation to buy or sell any financial instrument or product, or to adopt any investment strategy as it is not provided based on an assessment of your investing knowledge and experience, your financial situation or your investment objectives. The value of your investments, and the income derived from them, may go down as well as up. You may not get back all the money that you invest. The investments referred to in this article may not be suitable for all investors, and if in doubt, an investor should seek advice from a qualified investment adviser.
Full performance can be found on the company or index summary page on the interactive investor website. Simply click on the company's or index name highlighted in the article.
We use a combination of fundamental and technical analysis in forming our view as to the valuation and prospects of an investment. Where relevant we have set out those particular matters we think are important in the above article, but further detail can be found here.
Please note that our article on this investment should not be considered to be a regular publication.
Details of all recommendations issued by ii during the previous 12-month period can be found here.
ii adheres to a strict code of conduct. Contributors may hold shares or have other interests in companies included in these portfolios, which could create a conflict of interests. Contributors intending to write about any financial instruments in which they have an interest are required to disclose such interest to ii and in the article itself. ii will at all times consider whether such interest impairs the objectivity of the recommendation.
In addition, individuals involved in the production of investment articles are subject to a personal account dealing restriction, which prevents them from placing a transaction in the specified instrument(s) for a period before and for five working days after such publication. This is to avoid personal interests conflicting with the interests of the recipients of those investment articles.