Cyber security prospectors rush in to beat digital pirates
Stampedes of buyers hope to stay ahead of rivals in data protection race
David Williams, chairman of the Aim tiddler Shearwater that was Aurum Mining, firmly believes “there’s gold in them thar hills”. But he does not mean in the crags and crevices of Spain, where Aurum used to prospect for gold and tungsten. Nor even the hills of Dahlonega, Georgia, which Mark Twain’s catchphrase supposedly referred to in 1849.
Mr Williams thinks his next millions will be made in cyber security.
That is why two years ago Mr Williams — who made a name building up Breedon, the £1.4bn quarry business — began selling off the mining assets and reshaping lossmaking Aurum Mining into an acquisitive cyber security group.
He brought in a team of security specialists on the board and bought three companies involved in data protection, services and software. And last week the group, although still lossmaking, announced it had increased revenues from zero to £6m.
It is small beginnings but Mr Williams’ timing is good. The results came a day after Dixons Carphone revealed it had underestimated the hack reported in June. It now seems data from 10m customer records and nearly 6m credit card details were accessed last year — before the EU brought in its demanding new GDPR regime. It is possibly the biggest attack on a British company, surpassed only by the WannaCry strike on the NHS and the details of 26m patients. Dixons now talks of tripling its spending on cyber security. That is why Mr Williams can talk of gold in them thar hills.
Dixons is not alone. Many enterprises underestimate their vulnerability to digital piracy, says Mr Williams. Shearwater cites research suggesting that US businesses would lose up to $15bn if there was a three to six day cloud outage. Mr Williams’s plan is to buy and build a diversified empire of specialists needing Shearwater’s help to grow.
It is ambitious. Shearwater is capitalised at £50m and data protection companies, even the titches, do not come cheap.
However, earlier this year rival Sophos reckoned the global cyber security market was worth about $40bn-$50bn and growing at 6 per cent-plus a year.
GRC International, a new entrant to Aim aiming to be a one-stop shop for security and data compliance products and services, reckons the value of all cyber security hardware and software purchases could be $135bn by 2020.
Yet as GRC admits, defending businesses against the dark arts of ransomware, malware and piracy is an amorphous and fragmented market. The statistics are not entirely reliable. And as in the 1849 gold rush, crowds of prospectors hope to strike lucky. Stampedes of buyers are trying to stay one step ahead of the pirates and their rivals.
That adds to the uncertainties of panning through the proliferation of small ventures to find the ones with potential. In this market it is easy to overpay, over-egg the opportunities, raise investors’ expectations only to disappoint them later.
GRC is about Aim’s best performing float this year. The shares, listed at 70p, are now trading at 290p and the company is worth £168m.
But it is the exception. ECSC, which floated in 2016, said this year it was taking longer than predicted to clinch deals prompting a full scale management shake-up in April. The shares remain below their float price, as do those of Avast, the Czech group that joined the London stock market in May.
Last month, Sophos, which floated in 2015 at 250p a share, said billings in the first quarter had been lower than expected. Its shares had risen to above 600p but fell back to 482p. That is still more than 40 times expected earnings, but down on peak multiples of 50-plus.
NCC, which has been advising on defence against computer attacks for decades, is a textbook case of over expansion. The company hit the buffers last year having made a series of expensive acquisitions that it failed to integrate. The company took on too many staff, became complacent about customers and contracts, moved into swanky offices, bungled the paperwork and fell into the age-old accounting trap of booking revenues early. A new management team was brought in but the shares are still way below their pre-2017 highs of 312p.
Mr Williams may be right that there is gold in them thar hills of cyber security, but extracting it will not be any easier than digging for nuggets of the real yellow metal.