Cybersecurity has been thrust into the forefront of large companies’ priorities over the last 18 months. The rapid shift to remote work in March last year accelerated the transition towards public clouds and cloud-based applications. For those companies that still had their own servers and company networks, the increasing use of virtual private networks (VPNs) has left companies vulnerable to attack.

As the number of employees and devices accessing a company’s network and applications surged, so too did the points of vulnerability. A growing number of career hackers have taken advantage of this proliferation, putting a heavy toll on companies – financially, operationally and reputationally.

Palo Alto found that IT decision-makers reported an increase in non-business devices connecting to corporate networks by remote workers last year. Smart lightbulbs, heart rate monitors, connected gym equipment, coffee machines, game consoles and even pet feeders were among the list of the strangest devices identified on such networks. Hackers only need one employee to have one vulnerable device to gain access to a company’s network.

When a cyber attacker obtains administrative access to a home router, they will have access to every device connected to it. A number of troubling statistics regarding the rise of cyberattacks have been reported over the last year:

  • IBM estimates that 86% of organizations have been compromised by at least one cyberattack in 2021, compared to 77% of organizations in 2018.
  • According to Palo Alto’s Unit 42, the average ransomware payment climbed 82% from 2020 to a record $570 000 in the first half of 2021. In 2020, the average payment surged 177% to $312 000. The highest ransom demand of a single victim seen by Palo Alto’s consultants in the first half of 2021 was $50 million.
  • The US Treasury Department reported that $590 million of ransomware payments were paid during the first 6 months of 2021 compared to $416 million for the whole of 2020.
  • One of the most severe examples of a ransomware attack happened to Colonial Pipeline in May, which resulted in fuel shortages across large sections of the US East Coast. Around 70% of fuel stations in North Carolina were without fuel and 50% of fuel stations in Virginia, South Carolina and Georgia had outages for between one and two days.  
  • Fortinet reported that the number of unique ransomware detections per week increased more than 10x from 2020 to June 2021. The increase was experienced across entities of all sizes, geographies and industries.

Unique Ransomware Detections (weekly)

Attacks are moving away from healthcare facilities and municipalities – which have weak IT controls but also little money – to manufacturing or logistics companies. These companies have deeper pockets and can’t afford an extended system outage so would rather pay the ransom.

There has been a troubling rise of “quadruple extortion” attacks. Ransomware operators now commonly use as many as four techniques for pressuring victims into paying:

  1. Encryption – victims pay to regain access to scrambled data and compromised computer systems that stop working because key files are encrypted.
  2. Data Theft – hackers release sensitive information if a ransom is not paid (a trend which really took off in 2020).
  3. Denial of Service (DoS) – ransomware gangs launch denial of service attacks that shut down a victim’s public websites.
  4. Harassment – cybercriminals contact customers, business partners, employees and media to tell them the organization was hacked.

Hackers have become far more sophisticated in their approach, now actively targeting companies that have cybersecurity insurance cover in place. As a result, insurance companies have been cutting cover and increasing premiums. Premium rates have almost doubled in the US and increased by over 70% in the UK due to the frequency and severity of attacks.

Limiting companies’ options further, global authorities are attempting to clampdown on ransom payments to attackers, which is mostly facilitated through cryptocurrencies.

The proliferation of attacks, reduction in cybersecurity cover by insurers and pressure by authorities are all pushing companies to adopt proactive rather than reactive security solutions to reduce risk. This combination has created an attractive backdrop for companies specializing in cybersecurity solutions.

Investment opportunity:

Companies are expected to spend over $150 billion this year to move their proprietary apps and workloads to the cloud, which is expected to reach over $300 billion in 2024. Related cloud security spending is estimated to reach around $10 billion in 2021 and is predicted to rise to $20 billion by 2024 or ~7% of global cloud spending. 

Despite the strong growth of cloud spending over the last decade and particularly since the onset of the pandemic, companies are still in the early phases of cloud adoption. Gartner estimates that only 10% to 15% of enterprise IT spending has moved to the cloud and 20% to 30% of total workflows. Growth in cloud spending underpins our expectation for a multi-year tailwind for cloud security spending.

We believe Palo Alto is attractively placed to benefit from the ongoing shift to cloud workflows over the next decade. Not only is the company leading in cloud-native security deployments but its legacy firewalls business stands to benefit from the migration of company networks to the cloud.

Companies have increasingly followed a piecemeal approach to securing their networks and applications – adopting multiple vendors’ solutions for each particular problem. A typical large enterprise has between 12 and 55 security solutions. The fragmentation of security solutions and providers means that each is working in isolation and not in conjunction with each other to block an attack.

Following 15 acquisitions made over the last three years, Palo Alto has one of the most extensive portfolio of solutions in the industry. The breadth of its portfolio now gives companies the ability to consolidate the majority of their security solutions with a single vendor.  

From a valuation perspective, Palo Alto is priced closer to a legacy hardware security company rather than the highly valued software only companies that trade on enterprise value (EV) to revenue multiples of between 20 and 40x. Unlike the newer entrants, Palo Alto is strongly free cash flow generative, achieving free cash flow margins (free cash flow/revenue) of 32.5% and trades on a free cash flow yield (free cash flow per share/price) of just over 3%.

By its own estimates, Palo Alto has just a 3% share of the $140 billion (by revenue) cybersecurity market. The security industry is the most fragmented of any global technology market in existence today. Robust growth expected from the overall market together with the potential for market share gains, positions Palo Alto for attractive long-term returns.