The world’s 10 biggest cybersecurity companies have generated almost one and a half times the returns of the S&P 500 in the last five years. However, this year they managed to grow only 5%, only one third the S&P 500 advance.
The Crowdstrike induced global outage and the selloff that followed was a significant factor in the decline of cybersecurity stocks, writes eToro analyst for Romania, Bogdan Maioreanu.
The Microsoft outage caused by a failed update of Crowdstrike appears to be the “largest IT outage in history” after impacting over 8.5 million PCs, and leading to the cancellation of more than 5,000 commercial airline flights worldwide. It also disrupted businesses from retail sales to hospitals, costing revenue and staff time and productivity. Losses are estimated to exceed one billion dollars, according to CNN. It shows the dangers of today’s concentration on IT services on a few suppliers.
It is not the first time when something like this happens. In 2010 when an update of the McAfee antivirus accidentally deleted critical Windows files, causing millions of computers to blue screen and loop reboot. In a strange coincidence, at that time the CTO of McAfee was the current CEO of Croudstrike, George Kurtz.
Another similar incident happened in 2017, when British Airways experienced a massive IT failure that grounded all its flights for two days, costing the airline an estimated $68 million and stranding 75,000 clients. The failure was attributed to a power surge that caused a critical system provided by a single vendor to fail.
Despite this, cybersecurity in itself remains a primary need in a rapidly digitising world. And AI will not make things easier for companies. When asked, 56% of cyber leaders are considering that in the next two years generative AI will help attackers and only 9% consider that will help the defenders, according to the World Economic Forum Global Cybersecurity Outlook 2024. When asked what impact of a cyberattack is most concerning, the majority of leaders from Europe and North America reported that operational disruption was their greatest concern, followed by direct financial losses and brand and reputational damage. Last, but not least, 33% of cyber leaders fear the possibility of losing access to important goods or services (transportation, communication, healthcare, banking, etc) due to a cyberattack.
The Crowdstrike outage is not yet fully resolved and for the company, most likely, an increase in litigation and compensation costs will follow. The stock price lost almost 27% in the past 5 days after the outage news and subsequent downgrade by several research firms. Despite the quick response of the company in finding a fix, the damage it suffered to its reputation will impact its new and existing business. But this is creating opportunities for its competitors as the companies will learn from this and will try to diversify from single vendor dependency.
Investors continue to distance themselves from Crowdstrike but yesterday the other cybersecurity companies had mostly a green day. The largest one by market capitalization, Palo Alto increased almost 1%, with the performer of the day being Sentinel One with an almost 7% increase in its stock price due to its AI advanced capabilities, different architecture and the recent signing of a contract with CISA, the Cybersecurity and Infrastructure Security Agency, which is part of the U.S. Department of Homeland Security.
