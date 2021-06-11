When the topic of cybersecurity is raised, many people's minds tend to go towards the growing number of high-profile attacks, including the recent ones on the Colonial Pipeline and meat processing company JBS SA. Both companies have copped to paying ransomware attackers, with Colonial Pipeline paying $4.4 million because the company was unsure how badly the cyberattack had breached its systems while JBS paid $11 million in part "because of the sophistication of the attack."

If one was overly focused on only those high-profile high profile attacks, it would be easy to miss the online posting of a massive 100GB TXT file containing 8.4 billion entries of passwords, making it the largest data breach compilation ever. Here’s the thing, by combining the 8.4 billion passwords with other breach data that includes usernames and email addresses, threat actors have the potential to attack a horrific number of online accounts.

For investors, this serves as a harsh reminder that while cybersecurity is suitably attracting headlines, digital privacy is also a fertile market. As harsh as it is to say, the truth of the matter is that pain points make for wonderful investing opportunities. The internet of things (IoT) revolution is expanding the number of connected devices at a mind boggling pace, resulting in the amount of data that will be created, consumed, and dissected, increasing at an exponential rate.

Compared to today’s modest collection of connected devices that center on smartphones, tablets, wearables, security, and smart home devices, the IoT market will expand to include autos, hospitals and medical equipment, industrial and other machinery, agricultural equipment, and more. By 2025, as 5G technology is further deployed, the number of connected devices is predicted to reach 22-25 billion, which means that both cybersecurity, as well as data privacy measures, will see their total addressable market expand considerably in the coming years.

Getting personal

Even as the connectivity explosion of 5G gets underway, bad actors have already targeted some of those IoT markets. Above we touched on the Colonial Pipeline, but recently, Ireland’s health system was crippled by a cyberattack that cut off access to patient records, delayed Covid-19 testing, and forced the cancellation of countless medical appointments, and even surgeries. Earlier this year in California, Scripps Health, which operates five hospitals and several clinics in San Diego, was crippled by a ransomware attack. Over the last few weeks, cybercriminals shared they planned to attack more than 400 hospitals.

We bring this up because what could be more personal than one’s health information? Another example, however, reveals a very different way in which bad actors could obtain one’s personal information. A pair of bugs in John Deere's apps and website could have allowed hackers to download the personal data of all owners of the company's farming vehicles and equipment. According to Sick Codes, before patches and fixes were implemented, those vulnerabilities could have exposed information about John Deere's customers, including their physical addresses.

But how important is personal data privacy?

Some believe privacy is dead; however, new research from Invisibly suggests the desire to protect one’s personal data is very much alive. Here’s the thing, we have started to see a shift in data privacy concerns from personal information that could be obtained through a cyber-attack to including the collecting and sharing of one’s data. According to its recent survey, Invisibly found 68% of respondents indicated data privacy is important to them while 82% supported measures that would prevent companies and devices from collecting or sharing their data.

Another confirmation comes from a company that has historically done a rather good job recognizing consumer tipping points and leveraging them to their advantage. We’re talking about Apple (AAPL), and if you haven’t viewed one of its latest commercials that speaks to how important it sees privacy as a competitive differentiator, all we can say is watch this. A humorous but on-point take on the findings shared by Invibly.

To be fair to Apple, it has been focused on the privacy of its device users for some time in terms of both the devices themselves and the apps on them. Easy examples include TouchID, Apple Wallet, and the introduction of its App Tracking Transparency feature with iOS 14.5 that prevents third-party apps from tracking users across the web. At its 2021 Worldwide Developer Conference, Apple took further steps with the introduction of iCloud+ that includes “Private Relay.” Essentially, when a user browses the internet using Safari, their data will be sent through two separate servers to mask the user’s identity and what sites they are visiting.

While one relay gives the user an anonymous IP address, the second is used to send the browsing query to the appropriate results. Apple also announced new privacy features will be introduced to iOS Mail apps to impede marketers’ abilities to gather information regarding open rates. These efforts have riled up the companies that have relied on such data, ranging from Facebook to email newsletter publishers.

Is Apple the only company embracing privacy? In a word, no, and among those doing so, we can count in Alphabet (GOOG), which recently added a Privacy Dashboard, to its latest iteration of Android. For those looking to see how the privacy landscape evolves, one could argue that given its core Google search-advertising business model, Alphabet is the company to watch.

While Apple’s efforts are likely to appeal to users and be reflected in unit sales volumes, translating it across the company’s business and stock valuation is far trickier because of the way it reports its financials and operating data. There are, however, a number of companies focused on protecting consumer data, privacy, and identity. Examples include Norton Lifelock (NLOK), Ping Identity (PING), SailPoint Technologies (SAIL), OneSpan (OSPN), and Okta (OKTA). We’re also seeing new contenders enter the public markets, including ForgeRock, an identity verification software company that is reportedly working with banks on its initial public offering.

As privacy and identity become a greater focal point, we expect M&A activity will also heat up as companies look to fill competitive gaps and product holes. Recently, Okta completed its $6.5 billion acquisition of Auth0, a leading identity platform for application teams. We doubt this will be the last we see of this kind of growth and expansion in the industry.

Disclosures

Norton Lifelock (NLOK), Okta (OKTA), OneSpan (OSPN), Ping Identity (Ping), SailPoint Technologies (SAIL) are constituents of the Foxberry Tematica Research Cybersecurity & Data Privacy Index.

