Updating cybersecurity standards

May 27, 2021

Occasionally we are reminded that cybersecurity decisions have real-world impacts. In early 2021, news of a cyber attack at a water treatment plant in Florida was made public, in which one of the employees lost control of his mouse and watched as the hacker increased the level of sodium hydroxide 111 times from its intended level, making it dangerous to even touch the water. Luckily, the computer’s owner was proactive in rectifying the situation and escalating the case to the FBI. Even though many security checks were in place, making it unlikely that the contaminated water would reach the population, this case illustrates how ill equipped modern infrastructure is to deal with cybersecurity threats.

On May 7, Colonial Pipeline announced that it became the victim of a ransomware cyber attack that forced the company to halt all pipeline operations for a full week, making it the largest successful cyberattack on an oil infrastructure target to date. As the largest refined oil pipeline system in the eastern United States (US), the consequences were felt immediately. An estimated 12,000 gas stations faced shortages, fuel prices rose to more than $3/gallon, and panic buying surged to levels not seen since the toilet paper mania at the onset of the pandemic last year. As is usually the case with ransomware attacks, management did not know exactly how severe the breach was or how long it would take to have the systems work again on their own. As such, the company went ahead and paid the full ransom of 75 bitcoins, worth roughly US$4.4 million, and its operations were able to resume several days later.

Ransomware and other forms of cyber attacks are much more frequent than one would expect. In its annual “State of Email Security” report, Mimecast Ltd. found that 61% of organizations surveyed had been impacted by ransomware in 2020, an increase of 20% over 2019. On average, these companies lost six working days of system downtime and for 37%, the downtime lasted a week or more. One of the worst parts is that more than half of the victims paid the ransom demand but only 66% of them were able to retrieve their data afterward. This means one third never saw their data again despite paying the ransom.

In past commentaries we discussed how email is the most frequent and vulnerable attack vector, even more so since work from home became the norm. Since the beginning of the pandemic, it has been found that employees are three times more likely to click on malicious emails than they had before, while the number of email threats rose 64% year over year. This implies that working from home is also leading to employees being less vigilant about potential threats. Meanwhile, companies have been slow to adapt. Cybersecurity training is provided by only one out of five companies, despite almost half of technology chiefs believing that their biggest weakness stems from their employees’ lack of cybersecurity knowledge. Furthermore, one in ten companies do not even have an email security system.

With this in mind, it is not difficult to understand why Global Alpha has maintained continuous exposure to the cybersecurity sector over the years. In the past, we owned names such as Sophos, Nice Systems, and we currently own Mimecast Ltd. (MIME US).

Business Overview

Mimecast is a cloud-based platform that offers email security solutions. They provide a range of services, including targeted threat protection, encryption, large file sending services, and data leak prevention. Peter Bauer is one of the co-founders of the firm and has been CEO since its inception in 2003. Insiders own about 7% of the shares outstanding.

Competitive Advantages

Given the sticky nature of the business, Mimecast enjoys very high retention rates. They also have the fastest search service-level agreement in the industry because their service architecture was designed for the cloud from the beginning.

Mimecast processes over 400 million emails every day, and has more than 300 billion emails under management. They are the only email security provider to guarantee 100% continuity on Office 365.

Growth Strategy

  • Cross sell opportunities as the average customer owns around 3.5 products (up from 3.2 in 2019)
  • New product launches (6 products at its IPO in 2015, currently 11)
  • Increased penetration in the enterprise business

We are always on the lookout for new investment opportunities with secular growth opportunities. Our ability to be highly selective and nimble in our portfolio holdings leaves us well positioned to add some exposure to the online security industry at attractive valuations.

Global Alpha Capital Management Ltd.
May 27th, 2021