Cybersecurity vendors see share prices rocket following ransomware attack

Sophos, Symantec and FireEye all saw share prices rise as organisations moved quickly to secure their IT systems

A host of publicly traded cybersecurity vendors saw their share prices spike on Monday after the global ransomware attack escalated over the weekend.

The attack first came to light on Friday when a number of NHS Trusts confirmed issues with their IT systems, and over the following days organisations around the world announced they had been hit by the same ransomware variant.

With more systems expected to be affected when people returned to work yesterday, IT teams scrambled to ensure all infected systems were removed from networks and unaffected machines were patched and updated as soon as possible.

The global panic saw a sharp spike in share prices for a number of security firms when stock exchanges reopened yesterday.

Palo Alto Networks, Check Point, Trend Micro and Cisco shares were all up over two per cent at closing yesterday; Symantec was up over three per cent; Sophos was up more than five per cent; Proofpoint and FireEye were both up over seven per cent; and Mimecast was up around 11 per cent.

Indraneel Arampatta, analyst at Megabuyte, told CRN that the swell was most likely caused by traders predicting a flurry of business to vendors from end users fearing future attacks.

"These kind of events bring cybersecurity to the forefront in terms of corporate decisions and board-level decisions," he said.

"I'm sure there were a lot of reviews over the weekend and will be over the next few weeks that will drive huge demand, especially in companies that haven't thought about cybersecurity policies before, so that's interesting from a sales perspective for the cybersecurity vendors.

"The knock-on effect is that investors get interested because they're expecting them to have little jumps in performance and are trying to pre-empt that with some buying [of shares]. From an early analysis that's the main reason."

While the immediate effect on public companies was clear to see, Arampatta pointed out that it will be interesting to see whether the ransomware attack stokes interest among private investors in next-generation end-point vendors.

He explained that trends in the private sector, however, will likely take longer to feed through.

"From the private company perspective it will be interesting to see whether this brings to the front any investment from the private investors community into cybersecurity," he said. "It was already rather high anyway, but this focuses attention towards end-point protection, which is a main point of focus for the vendors as well.

"Sophos was in the news a bit because it's the largest cybersecurity vendor in the UK and they've been bolstering their end-point protection for the last couple of months - they highlighted that in their latest results - so I think end-point will be an area of interest [for investors].

"You have your high-profile private end-point protection vendors like Cylance, Crowdstrike, SentinelOne [as well] - it will be interesting to see whether there's renewed interest in them in the future."

Mimecast

London-headquartered Mimecast saw share prices rise by as much as 11 per cent in the wake of the attack, which Arampatta said could be attributed to its focus on data backup and recovery - a potentially critical area of IT when it comes to the aftermath of ransomware attacks.

"It's been doing well recently anyway and they've been trying to address GDPR (General Data Protection Regulation) as their key differentiator given that they're involved both in security policy but also data, which is a much less prominent part of the policy but still just as important - having a good data structure, archiving and backup.

"Because they're involved in both of those areas they're really trying to use GDPR as a market differentiator for themselves, so when this comes along it just emboldens that a bit more, so it's a really good time for them at the moment."