Which of these AIM tech shares will profit from cyber crime?

Cyber security is back in the news due to the ransomware attack in the UK and other countries. This has led to a knee-jerk jump in the share prices of many of the cyber security companies quoted on AIM.

A lack of awareness continues to hamper cyber security even though there has been an increase in spending on the sector. High profile cyber attacks should hopefully bring the risks even more to the fore when it comes to the thinking of organisations. The use of networked computers helps problems to spread. As technology continues to rapidly develop the cyber security needs to as well.

The World Economic Forum's 2016 Global Risks Report claimed that cyber crime cost the global economy $445 billion (£344 billion) last year, and cyber crime is thought by those surveyed to be one of the highest risks of doing business in the US, China and Europe.

As the Internet of Things becomes more prevalent the dangers of hacking and other cyber crime will increase. The Internet of Things means that every connected device, not just computers, is something that can be attacked.

In 2015, McKinsey estimated that the Internet of Things could be valued at more than $11 trillion by 2025, which would be around 11% of the total global economy. That shows just how fast the technology could spread and how good security will be vital to the global economy. The strategies to prevent hacking and cyber crime do not appear to be keeping pace with this growth.

There is already something called GPS satellite spoofing, which can redirect vehicles and ships and make them go off course, and this hacking can be done with off-the-shelf technology.

The World Issues Monitor 2017, published by the World Energy Council, says that cyber attacks are posing greater threats to the energy sector than before. The intention to roll out smart meters provides another area of attack.

The global market for cyber security is estimated by Gartner to be worth $75 billion, and the UK probably accounts for about 10% of that figure. According to MarketsandMarkets, the market could grow at 11% a year.

Companies have already been raising their spending on cyber security. The Global State of Information Security Survey 2017, published by accountant PwC, reported that UK companies have more than doubled their average annual spending to £6.2 million.

The survey says that cyber security training and awareness is getting better, but it argues that organisations need to assess their wider digital ecosystem to help detect and prevent cyber attacks. Service providers and suppliers are blamed for around 56% of incidents. There are 57% of companies that will be investing even more in cyber security this year, and 52% of companies specifically investing in security for the Internet of Things.

I wrote about cyber security companies back in November 2015, and one of the most noticeable things is that their share prices are lower, or at a similar level - even after the recent upward movement. Given the large market it seems strange that most of them have not done particularly well in terms of the progress of the business and share price performance.

Back then the TalkTalk hack was in the news. NCC Group's acquisition of AIM-quoted online data security services provider Accumuli in the summer of 2015 was meant to combine existing IT consulting activities with managed services and technology.

However, the acquisition has been disappointing and is one of the major reasons behind the poor performance of NCC. A failure to grow as fast as hoped has hampered many of the AIM-quoted cyber security businesses.

Falanx Group Ltd was always overoptimistic about the pace of growth of its cyber security centre operations. Revenues remain modest but they are growing. A consultancy business was acquired to help to boost contracts. Two weeks ago, £2 million was raised at 6.875p a share, equivalent to one-fifth of the enlarged share capital. The share price has moved ahead in the past week.

Corero Network Security is focused on distributed denial of service (DDoS) attacks and has been one of the most cash hungry of the businesses, having most recently raised £5.6 million at 5p a share. One year ago, cash was raised at 22p a share. There has been a move from trying to sell its SmartWall product outright to a recurring revenue model.

Eckoh has not had a smooth ride, but it continues to win contracts for its secure payments services - compliant with Payment Card Industry Data Security Services (PCI-DSS) - that enable payments to go from customer supplier without going through a call centre, so no one can hack into the call centre and steal card data. Group revenues are growing strongly, but profit has been held back by a one-off loss from discontinued activities and a move to recurring revenues in the US.

Regenersis has become Blancco Technology following the disposal of non-data erasure operations. Data erasure ensures that important information that could be used in hacking and fraud cannot be obtained from old computers. Blancco also offers active erasure while a computer or mobile device is being used.

Richard Stiennon, who wrote a book called There Will Be Cyberwar, has joined Blancco as chief strategy officer and a recent fundraising provides fire power to make acquisitions. This is a profitable business, but it does not have the potential growth of many of the other companies.

Tern has continued to focus on its Cryptosoft encryption product, although this business has changed its name to Device Authority following the acquisition of a US business with that name. The business has gained its first significant customer but there is still a long way to go.

Since the previous article there have been other cyber security-focused companies that have joined AIM. ECSC has been one of the big winners over the past few days, although the share price has fallen from new highs.

At their height, the shares were trading on more than 70 times forecast 2019 earnings and, even after dropping to 487.5p a share, the forecast multiple is nearly 60 times. So, do not be surprised if there is further profit-taking considering the share price has more than doubled since the start of March.

ECSC joined AIM at the end of last year, when it raised £5 million at 167p a share, but it has been involved in cyber security consulting since 2000. It has been profitable, but the investment put into the business following the flotation will push it into loss this year. For example, sales personnel are being trebled to around 30 and it will take time for them to generate revenues.

Cyber security reviews, penetration testing and incident response are services provided by ECSC, which wants to convert more of its consultancy customers into managed security services clients in order to increase recurring revenues. House broker Stockdale forecasts 2019 profit of £900,000.

Cyber security software provider Osirium Technologies floated even more recently. Osirium prevents targeted cyber attacks from accessing privileged accounts and joining AIM has raised its profile. Osirium has experienced management. Revenues remain relatively modest, and the growth rate was lower than expected, while the cost base is being built up to cope with expansion. The rise in cyber security share prices missed out Osirium.

Defenx offers security, protection and backup services predominantly for mobile and it joined AIM just after the previous article was published. The main revenue generator is a mobile anti-malware product and last year Defenx acquired cloud back up and synchronisation business Memopal. A deal has been done with BV-Tech where Defenx paid €2.6 million in cash and shares to acquire encrypted voice and messaging software.

The deal with BV-Tech will dilute earnings, but Defenx is profitable. It has tended to trade on a single figure multiple apparently because of concerns about high debtor days, but the recent share price rise has pushed the multiple into double figures.

Other businesses are getting involved in cyber security. Last month, Crossrider acquired CyberGhost, which is a SaaS-based cyber security provider, as a way of widening its digital product range, as well as adding 1.5 million users.

Technology investment company Mercia Technologies has an interest in CyberOwl, a venture set up by NEX-quoted Crossword Cybersecurity and Coventry University to focus on cyber security for smart cities. SecurEnvoy reversed into Aurum Mining to create Shearwater Group, which provides multifactor authentication software that can be used as an additional source of authentication on top of a password making it more difficult to hack into a network.

Investors need to be wary about some of the large jumps in share prices. Many of these businesses have strong potential but this is not the right time to get involved. The share prices will inevitably drift lower without any further stimulus and there are likely to be better times to invest in the future.