Cybersecurity stocks spike after global ransomware attack — why this rally could last

When a hacking incident made global headlines in recent years — Sony, the DNC, countless corporate data breaches — the otherwise sleepy sector of cybersecurity stocks would often rise on expectations that the world would finally get serious about protecting its computers. Usually, they’d slump back down again.

In the wake of the WannaCry ransomware attack, which seized 200,000 computers in more than 150 countries, that may be changing. As Chris O’Brien noted, the attack has been a wake-up call for anyone who has regarded computer security as a headache, a complex problem to address someday — just not today. The WannaCry attack made clear that hacking can be a potentially life-or-death problem.

As per usual, stocks in the cybersecurity sector rallied. The PureFunds ISE Cyber Security ETF rose 3.6 percent Monday, with many of its components rising further. FireEye Inc rose 7.9 percent, while Qualys gained 6.1 percent. SecureWorks, spun off from Dell last year, surged 10.7 percent.

Networking stalwart Cisco also rose 2.8 percent, bolstered by an upgrade by a Morgan Stanley analyst who wrote that the company’s “paradigm shift” to security-defined networking is winning it a bigger share of corporate IT budgets. Last quarter, Cisco saw overall revenue decline by 3 percent, but its networking revenue rose by 14 percent.

Last Thursday, before the ransomware attack took effect, President Trump signed an executive order on cybersecurity that, while vague, drew some praise from the cybersecurity industry. More importantly, cybersecurity is a rare area of policy these days that shares bipartisan support, which could help increase federal funding in the industry.

Another analyst, Pierre Ferragu of Sanford Bernstein, published a note Monday saying the attack and the executive order, taken together, could loosen corporate spending on cybersecurity. “The opinion of enterprise decision makers is heavily influenced by such events, and this one is likely to support spending decisions.”

The WannaCry attack may have earned its perpetrators a mere $26,000 as of Saturday, according to Krebs on Security, but that may have had more to do with how difficult it still is for many people to use Bitcoin, the attacker’s preferred payment method. By any other measure, the attack was a success: the most widespread use of ransomware in history, and the kind of nightmare hacking maneuver that security experts have warned of for decades.

In the wake of the recession, companies grew tight on their IT spending. Many cybersecurity stocks languished as companies held back on spending and simply hoped for the best. But that lack of spending is now coming up against an increasing sense of urgency, in which the cost of doing nothing can be vastly greater than the cost of securing a company’s systems from attack. Further inaction will only embolden hackers to develop more sophisticated attacks.