Cyber Risk Management: Tackling The Trojans

This story features TESSERENT LIMITED, and other companies. For more info SHARE ANALYSIS: TNT

The New Criterion's Tim Boreham takes a look at the ASX stocks protecting organisations from the online hackers and hucksters.

By Tim Boreham, Editor, The New Criterion

Afraid of being hacked or cyber-compromised in some other way?

If you want to be very afraid, take a look at the online sites that track the daily flows of global cyber attacks in real-time (similar to a real-time map of global airline routes in the good old days when planes actually flew).

For example, threatmap.checkpoint.com currently logs around 30m attempted attacks a day, with the country locations of the offending and receiving parties changing dynamically from minute to minute.

Usually, the good guys thwart the attacks. But when the ‘black hats’ win over the ‘white hats’ in the constant game of cat-and-mouse, chaos abounds.

The attacks highlight the importance of constant vigilance on the part of government and companies, as well as individuals who remarkably are still vulnerable to the entreaties of disenfranchised Nigerian princesses.

With this week being Australian Cyber Week, what better time to enforce the message?

The silver lining to the dark threats is that cyber-crime prevention has become a billion-dollar industry – and a thriving ASX sector covering high-level encryption work for sensitive government bodies to blocking children’s access to unsuitable sites.

According to Tesserent ((TNT)) chief Julian Challingsworth, cyber risk management issues are permeating upwards to be top of the agenda for company boards and government cabinets.

After all, there’s nothing like the deterrent of becoming front-page news because of “very public and very value-destroying” data breaches.

 “Cybersecurity has transitioned away from being a technology problem – the domain of a chief technology officer or network engineer – to a business risk,” he says.

If boards need any further persuading to take the threats seriously, it’s now mandatory for enterprises with $3m of revenue or more to report cybersecurity breaches and – in some cases – inform customers their data has been compromised.

At a national security level, the risks were paraded by Prime Minister Scott Morrison warned of a serious cyber threat from a “sophisticated state-based actor” – presumably Chinese.

In August the government announced a $1.7 billion spend on cybersecurity measures over ten years. In a separate defence announcement in July the nation’s custodians also earmarked $15 billion for “cyber and information warfare capabilities”, also over a decade.

Canberra is also expected to require companies in sensitive industries to invest in cybersecurity, which shows that the mutual obligation concept is not confined to JobSeeker recipients.

Target industries include the banks, utilities and healthcare.

The cyber spendoolies are music to the ears of Tesserent, which has emerged as the biggest ASX-listed cybersecurity provider in a burgeoning sector. The company is also the undisputed leader in the Canberra market, including to secret squirrel departments such as defence.

Challingsworth says Tesserent acquisition-fuelled growth may have caught investors by surprise: three years ago the company turned over a “stagnant” $5m and employed 19 staff.

The company was also losing -$3m a year.

Now the company employs 220 cybersecurity experts and chalked up $20m of revenue in the year to June 2020.

Tesserent derives about half of this revenue from government departments and agencies and this is only likely to increase.

Tesserent also serves about 700 business customers which account for about 30% of revenue. This sector’s not growing as fast, but is benefiting from the need for extra security for staff who are working at home and especially vulnerable to the online scofflaws

Growth has also been fuelled by an acquisition binge: seven smaller businesses over the last 15 months

Challingsworth adds that with the 5G-enabled explosion of ‘internet of things’ devices, the black hats will have a picnic. “They massively increase the attack surface, in that relatively basic devices provide a way into the organisation for hackers.”

Could the 5G conspiracy theorists be right after all?

Given the strong demand for its wares, Tesserent aims to increase its annualised revenue from $100m to $150m, partly from more acquisitions in the still fragmented sector.

The company also wants to increase its market cap from $200m to $300m plus and become profitable by next year.

archTIS ((AR9))

Similarly, archTIS is Canberra based and is sharing the love going around since Sco-Mo’s cyber boost, having signed $5m of new deals with the Department of Defence, defence contractor Northrop Grumman and Curtin University.

archTIS’s key offering is a tool called Kojensi Gov, a cloud-based platform that enables sensitive documents to be shared without fear of leaks or other breaches.

The gist is that rather than creating a multiple of vulnerable checkpoints (such as user passwords), Kojensi creates an electronic fingerprint on the data or documents determining who can access the material and where and when.

Come to think of it, most other cybersecurity operators go out of their way to ensure the data is not shared.

archTIS listed in September 2018 but the shares were well askew of the 20c listing price until mid-June, when they climbed from sub 5c to as high as 58c.

WhiteHawk ((WHK)), meanwhile, takes the ‘honest broker’ role of an online cybersecurity exchange. This involves devising a risk scorecard for an SME client and matching the business with the most suitable security provider.

WhiteHawk doubled revenue in the June half to $585,835 and also posted a -$1.26m loss.

Based in Washington DC, WhiteHawk also consults to government and businesses including the US Department of Homeland Security.

It no doubt helps that WhiteHawk CEO Terry Roberts is the former deputy head of US naval intelligence – and can therefore keep a secret.

What we can tell you without fear of rendition is that WhiteHawk has struggled to gain traction with investors since listing in January 2018 at 25c apiece, but recent momentum has been more positive.

Other ASX listed cybersecurity exponents include high-level encryption specialist Senetas Corp ((SEN)), which has been listed since 1999.

Back then, government and business leaders were more concerned about the Millennium Bug, which turned out to be a conspiracy theory created by the IT industry.

 A former day traders’ favourite, Senetas turned over $5m last year but still struggles for consistent profitability (a -$3.6m loss). Reassuringly, the company’s $66m market entity backed by $15m of cash and no debt.

As its name implies, Family Zone Cyber Safety ((FZO)) provides internet screening tools for impressionable young ones.

The $150m market cap entity turned over $5m and lost -$17m the last financial year, but there’s still some way to go in keeping kids free of the online nasties.

For investors unwilling to sort the wheat from the voluminous chaff in a still-maturing sector, there is always the diversified option of exchange-traded funds.

With the apt ASX ticker of HACK, the $285m Global Cybersecurity EFT offers a one-stop exposure to 40 offshore cybersecurity providers.

Disclaimer: Under no circumstances have there been any inducements or like made by the company mentioned to either IIR or the author. The views here are independent and have no nexus to IIR’s core research offering. The views here are not recommendations and should not be considered as general advice in terms of stock recommendations in the ordinary sense.

Content included in this article is not by association the view of FNArena (see our disclaimer).

Find out why FNArena subscribers like the service so much: "Your Feedback (Thank You)" – Warning this story contains unashamedly positive feedback on the service provided.

FNArena is proud about its track record and past achievements: Ten Years On

Click to view our Glossary of Financial Terms