Stock markets in the United States, Europe, China and India continued their volatility Aug. 24. How well will the stock of cybersecurity companies weather the downturn?
See Also: Rethinking Endpoint Security
To answer that question, it's important to note that the quantity and severity of hack attacks is not going to decrease (see Ashley Madison: Spam, Extortion Begins). So any short-term downturns in stock prices may not represent a critical setback for the long-term prospects of today's hottest cybersecurity firms.
"If the 'correction' from Friday continues, I wouldn't be surprised if it affects tech," Sean Sullivan, a security advisor at Helsinki-based security firm F-Secure, tells me. "I'm always hearing the question of whether or not there's a bubble. But as for cybersecurity? I'm not an expert, but I'd think the Ashley Madison hack would be an example of why more money needs to be spent. So I'd be a little bit surprised if they go down as much as other tech."
Here's the recent picture, so far: In the United States, stocks opened down sharply on Aug. 24, as predicted after Standard & Poor's 500 Index - containing roughly the 500 biggest U.S. companies that are listed on U.S. stock markets - lost 3 percent of its value on Aug. 21. While Wall Street's Dow Jones Industrial Average initially plummeted 1,000 points, losing 6 percent of its value, by the end of trading, it had recovered to a loss of 588 points, or roughly 3.5 percent.
Meanwhile, London's FTSE 100 closed down 4.6 percent, while major markets in France and Germany fell by 5.5 percent and 4.96 percent respectively, BBC reports. By comparison, China's Shanghai Composite index declined 8.5 percent - losing all of its 2015 gains - while stocks in India suffered their biggest fall in seven years, CNN reports.
Economists say the market volatility stems largely from China's unexpected decision to devalue its currency on Aug. 11. "Investors in China have lost confidence in the central bank, and it's a very alarming and difficult situation for the markets," Bruce Bittles, chief investment strategist at Milwaukee-based Robert W. Baird & Co. - which oversees $110 billion - tells Bloomberg. "It ultimately depends on whether the China situation results in a severe economic slowdown. It that happens, it's going to ripple through the U.S."
Of course, it's too soon to tell what long-term effect that ripple could have on the cybersecurity sector, which has recently been going gangbusters (see Security Sector Business Roundup). In the first half of the year, for example, the world's first exchange-traded fund devoted to cybersecurity, the PureFunds ISE Cyber Security ETF (HACK), recorded a 21 percent increase in market value. The fund mostly tracks major cybersecurity stocks; its top-three holdings are Japan's Trend Micro, plus U.S.-based Fortinet and Juniper Networks. On Aug. 24, the fund's value declined just under 4 percent, similar to the overall market's performance.
Sullivan says the U.S. could see an infusion of funding for cybersecurity if the U.S. Cybersecurity Information Sharing Act is eventually passed (see CISA: One Step Back, Another Step Forward). CISA would allocate U.S. government funds to create a threat-sharing network. It's strongly backed by the U.S. business lobby, including the American Chamber of Commerce.
"Outside of whatever is going on today, in the near future, I would expect several companies to benefit from the passage of CISA, which all signs point to happening," Sullivan says.
For a cybersecurity-deadlocked Congress that cannot figure out how to pass a national data-breach notification law - despite discussing the subject for well over a decade - CISA might offer an opportunity for legislators who want to appear tough on hack attacks to "do something."
"I know that opponents of the bill are concerned about surveillance - but from where I sit, it's more about setting up a government-funded malware sample exchange system," Sullivan says. "CISA looks to me like an attempt to monopolize numerous malware samples to the American market. Bad for global businesses who don't buy security services from the USA - but good for some, particularly U.S.-based security companies."