Rarely a week goes by without a new media story about data breaches, hacking schemes or cyber attacks impacting individuals, companies and even governments. Four top investment experts who contribute to MoneyShow.com take a look at the companies involved in combating these growing threats.


Jim Powell, Global Changes & Opportunities Report

The internet is being weaponized and cybersecurity companies should be considered part of our defense industry.

Investing in the most promising cyber companies has enormous potential to return long-term profits — but you must expect a bumpy ride as the young industry shakes itself out.

After the WannaCry attack, cybersecurity became a top priority in organizations of every type throughout the world. The young cybersecurity industry also became a hot topic on Wall Street, and many stocks soared in price.

CACI International (CACI) is now up 57.3% for us. Its success should be no surprise. Unlike most companies in the young cybersecurity industry, CACI has been in business since 1962. From its headquarters in Arlington, Virginia (right across the Potomac from Washington, DC), CACI serves the needs of many government agencies and numerous private companies.

It was only natural that many deep-pocket customers turned to CACI when cyber attacks started to become common — and especially when WannaCry showed up. That profitable relationship will undoubtedly increase.

Although CACI is up sharply from our purchase price, the outlook for more cybersecurity business is so great that I continue to recommend the stock.

I am also recommending Symantec (SYMC) once again. The WannaCry cyber attack is making it all the more important to protect your computer and online activities from hackers. The company offers a comprehensive line of products that protect personal computers from malware and viruses.

The company’s 38.1% gain was only about half as large as CACI’s. However, Symantec does a great deal of business serving the needs of smaller companies and individual computer users. It’s a fast-growing market that is demanding better protection from cyber attacks.

Symantec has been growing rapidly in recent years by expanding its product line, and by acquiring other companies in its field. It purchased LifeLock, the leading identity theft protection company. The purchase of Blue Coat Systems gave Symantec more exposure to the fast-growing cloud security market. Symantec should continue to be a winner.

Proofpoint (PFPT) has also been in business longer than most of its rivals. Since 2002, the company has been one of the few to offer cybersecurity protection that meets legal and industry standards.

In the wake of WannaCry, many companies want to buy insurance against cyberattack losses. The standards pioneered by Proofpoint will help the new cyber insurance industry establish competitive rates. Proofpoint is up 55.6% for us and should go much higher.

At first glance, Microsoft (MSFT) may appear to have little potential for cybersecurity profits. The company’s popular Windows operating systems have been prime targets for hackers. 

The company was also in the doghouse for initially holding back a software patch that would have prevented WannaCry from taking over some older versions of windows. Microsoft has since released it at no charge.

Microsoft is a “superstar firm” with products that lock in customers and lock out competitors. The company should see its profits increase as countless individuals and businesses upgrade to the latest Windows software that contains up-to-date cybersecurity protection— and will be supported against new types of malware for several years. 

Please don’t overlook the investment potential of Microsoft because it is tech giant. From my first recommendation in October 2011, Microsoft rose 185.2% gain— not counting dividends. I think more attractive returns are on the way. 

Investors who would prefer a diversified cybersecurity investment should consider the FirstTrust NASDAQ Cybersecurity ETF (CIBR), which holds a number of smaller companies that dominate the young cybersecurity industry. 


Robert DeFrancesco, Tech-Stock Prospector

The spending environment in cybersecurity is changing, and investors need to keep up. Organizations previously spent the bulk of their security budgets trying to protect the perimeter of the network.

But cybercriminals time and again have shown that they’re able to breach network perimeters.

Plus, thanks to increased mobility and the cloud, the perimeter is no longer so well-defined. More money these days is flowing into endpoint protection, security data analytics and securing critical assets inside the firewall.

Palo Alto Networks (PANW) is a favorite large-cap security name. The company’s WildFire service, aimed at protecting organizations from highly evasive zero-day exploits and malware, continues to perform well, adding 2,000 accounts in fiscal Q4 (July), bringing the customer total to more than 19,000, up 50% year over year.

Palo Alto’s newer TRAPS endpoint protection solution (on the market for three years) continues to steadily gain traction with customers and the partner/reseller community. TRAPS, now at 1,400 accounts (up 40% sequentially in the latest quarter), has plenty of upside potential, as the penetration rate across Palo Alto’s entire customer base of 42,500+ is just 3%.

Splunk (SPLK), a provider of machine data analytics solutions, generates about 40% of its total revenue from security use cases.

Security gear provides a constant stream of machine data that can be analyzed by Splunk software. Insights gleaned from all of that data (combined with machine learning technology and predictive analytics tools) can be used by customers to help deal with (and even minimize) any future cyber attacks.

Compromised insider accounts and too much third-party access to sensitive information are two main reasons why data is lost or stolen. Insider negligence is more than twice as likely to cause the compromise of insider accounts as any other offender (including external attackers).

Varonis Systems (VRNS) is an emerging player when it comes to protecting unstructured data from insider threats.

Large amounts of unstructured data can be analyzed, secured, managed and migrated using the company’s portfolio of six software offerings. Varonis specializes in securing file and email systems that store messages, audio/video clips, spreadsheets, word processing documents and presentations.


Nancy Zambell, Wall Street's Best Daily

Cybersecurity companies are popping up with the speed of light and some of them will most likely pay off handsomely. But it is tough to ferret out which of the speculative companies will be those that not only survive but flourish.

But there are also many more established companies that have added cybersecurity to their roster of services and products —companies that have already proven their excellence with years of profits.

Cisco Systems (CSCO) is one of the giants with $160 billion in market cap. The company provides networking products related to the communications and information technology industry worldwide, both mobile and wired. Cisco’s cybersecurity business accounts for only some $500 million in revenues, just a smidgen of its total sales, but it is responsible for pushing the company’s revenues into double-digit territory.

Palo Alto (PANW) has a market cap of almost $14 billion. PANW provides firewall protection to corporations and governments worldwide. The company beat analysts’ estimates by 13 cents in its latest quarter, and 22 Wall Street analysts are forecasting earnings increases for the next year.

CyberArk Software (CYBR) is an Israeli company that provides privileged account security systems to the U.S. and other countries. It has a market cap of $1.5 billion and is expected to grow at double-digit rates for the next five years.

FireEye (FEYE) was recently upgraded by Stephens & Co. and Morgan Stanley to “overweight.” This $3 billion market cap company provides vector-specific appliance and cloud-based solutions detect and block known and unknown cyber attacks.

Gigamon (GIMO) provides visibility and control of data-in-motion traversing enterprise, federal, and service provider networks (network test equipment) in the United States, the Americas, Europe, the Middle East, Africa, and the Asia Pacific. Also one of the smaller ideas, GIMO has a market cap of $1.7 billion, and rumors abound that it is a takeover target. The shares were just upgraded by Dougherty to Buy.

While it’s very unfortunate — and costly — that cybercrime has escalated to this level, the bright side is that from adversity comes opportunity. And the opportunity is here for investors.


Michael Murphy, New World Investor

Like you, I get a lot of spam emails. Most of them are phishing attacks, offering me untold riches if I’ll just send my bank details to some Honorable Righteous General in Nigeria.

But phishing attacks are just one small part of the explosion in cybercrime. Everything from ransomware to hacking the SWIFT interbank money transfer system to stealing product plans to getting credit card numbers from the big chain stores adds up to a huge amount of money every year. In 2016, businesses alone lost $1 trillion to cybercrime. That is forecast to hit $3 trillion by 2020. The main reason is companies are woefully unprepared to defend themselves.

With that much money at stake, there will be an explosion of spending on cybersecurity over the next five to ten years. The global market should be over $200 billion by 2022.

Kroll, the risk management specialists, reported that 82% of the companies it polled were fraud victims in 2016. Some 60% of all illegal access and data theft came from inside the companies, from employees, contract workers, and freelancers.

So how to invest? There are numerous companies in this industry, but we want to participate in the whole industry’s growth, and there are two good ways to do that. Both are exchange-traded funds.

The ETFMG Prime Cyber Security ETF (HACK) began on November 11, 2011 to track the ISE Cyber Security Index. This index tracks the performance of the equity securities of companies across the globe that are either CyberSecurity Architecture Providers or CyberSecurity Application Providers. It has $3.4 billion in assets, a 34% turnover rate, and a low 0.75% expense ratio.

The First Trust NASDAQ Cybersecurity ETF (CIBR) began on July 7, 2015 to track the Nasdaq CTA Cybersecurity Index. This index includes securities of companies classified as “cybersecurity” companies by the Commodity Trading Advisors organization. It has $5.8 billion in assets and an even lower 0.60% expense ratio.

The two funds have similar portfolios, although CIBR is more concentrated. CIBR also has had better performance. HACK was up 3.2% in 2016 and is up 10.6% year-to-date. CIBR was up 10,9% in 2016 and is up 9.1% year-to-date.

I think they’ll both make you substantial profits over the next three years. I’m going to recommend that you take a full position in the First Trust NASDAQ Cybersecurity ETF under $23 for a three to five-year hold.




Want to learn how to invest?

Get a free 10 week email series that will teach you how to start investing.

Delivered twice a week, straight to your inbox.