Never underestimate people’s ability to take advantage of a crisis, including the current coronavirus as cyber-criminals have been quick to take advantage of the understandable levels of fear. This morning NortonLifeLock (NLOK) sent an email to its clients warning about a phishing email going around that uses the logo of the CDC Health Alert Network claiming to provide a list of local active infections. Recipients are asked to click a link where they are then to enter email login credentials, which are then stolen.
Also this morning, the European Central Bank warned banks that there may be a jump in cyber attacks as hackers look to exploit virus-related chaos.
The watchdog urged banks in a letter this week to test the capacity of their technology systems “also in light of a potential increase of cyber-attacks and potential higher reliance on remote banking services.”
The outbreak has prompted lenders to ask more employees to work from home or spread them across different offices, while more clients may choose online banking over going to branches. While banks have improved defenses against hackers in recent years, the ECB has called cybercrime and technology deficiencies some of the top risks for the industry this year.
The ECB letter is part of efforts to ensure banks can keep functioning in case they’re directly affected by the coronavirus outbreak that’s rippling through the global economy.
These warnings follow a recently published blog post by Fortinet (FTNT) on how it has seen a significant increase in malicious activity surrounding the coronavirus. In the post, the company shared it has found reports appearing from “trusted sources, such as governmental agencies, news outlets, etc. that were actually malicious.” Fortinet goes on to point out the World Health Organization (WHO) is contending with malicious activity as “criminals are disguising themselves as WHO to steal money or sensitive information.”
We suspect in the coming months we are likely to see a spike in companies reporting cyber attacks and data privacy violations, which will not only shortcomings but also spur demand for companies found in the Foxberry Tematica Research Cybersecurity & Data Privacy Index. Our advice is to wash your hands frequently and be wary of what you click on and where you click. It’s a viral world.
The headlines are increasingly dominated by frightening images of people wearing masks or encased in hazmat suits along with words like “pandemic,” not exactly pleasant over morning coffee. We are being told that this virus isn’t all that much worse than the usual flu, yet cities are being quarantined, travel is being restricted or outright banned, and companies are making all kinds of severe contingency plans. How can this be no worse than the usual flu if everyone seems to be having a total meltdown?
I did some simple math to show why this virus could be both:
(A) something I personally don’t need to get overly worked up over when it comes to my own health, while at the same time
(B) a major medical threat on a global level.
Sounds like I’ve lost my mind right? Just give me a few minutes and we’ll walk through the numbers.
The breakdown for the impact of the typical influenza virus every season is illustrated in this chart from the Center for Disease Control (CDC). Since 2010 the number infected by an influenza virus every year ranges from 9.3 million to 45 million. The number hospitalized ranges from 140,000 to 810,000 and the number that die from the virus ranges from 12,000 to 61,000.
In the chart below I took the midpoint of each of the ranges shown above. I realize that those ranges are quite large so simply taking the midpoint of the numbers loses some meaning, but bear with me here as we are just looking to understand magnitudes. On average 8.23% of the population of the United States has been infected by the seasonal influenza virus every year since 2010. Of those who have been infected, 1.75% have needed hospitalization and 0.134% have died.
If we assume that the coronavirus is just an average flu bug, then we can use these averages. In the example below I assume that 1.75% of those that contract the virus need hospitalization and 0.134% will die. In the chart below I show how many will need hospitalization and how many will die based on 5% to 50% of the population contracting the virus.
(Please note on the chart below that I took the total number of hospital beds from the 2020 American Hospital Association’s 2020 AHA Hospital Statistics, developed from the 2018 AHA Annual Survey. I estimated the number of ICU beds using data from the Society of Critical Care Medicine which referenced AHA data that found the ration of ICU beds to total beds to be 14.3% in a 2015 study. Surprisingly enough the number of ICU beds is not an easy number to find.)
The problem quickly becomes evident. Under our assumptions, when the percent of the population infected by the virus gets between 15% and 20% of the total population, there simply aren’t enough hospital beds in the country even if every single bed is dedicated to someone with the coronavirus. This is the problem. It isn’t the health risks to any one particular person, but rather the sheer number of people that this virus may be able to infect.
So while the risk to me of needing hospitalization may be no worse with coronavirus that the usual flu, there may be no beds available to treat me if I end up needing one! Now I’m worried.
According to the Center for Disease Control (CDC), on average, about 8% of the US population gets sick from the flu every season, with a range of between 3% and 11% depending on the year. What about the contagiousness of the typical flu? This is from the CDC:
People with flu are most contagious in the first 3-4 days after their illness begins.
Some otherwise healthy adults may be able to infect others beginning 1 day before symptoms develop and up to 5 to 7 days after becoming sick.
Some people, especially young children and people with weakened immune systems might be able to infect others for an even longer time.
Part of why the typical flu is not as contagious as the coronavirus is because you know more quickly when you are sick. The problem with the coronavirus is we are seeing evidence that people can be contagious for more than 14 days and may not have any symptoms. This gives the coronavirus the potential to totally blow away the usual 3% to 11% infection rate during a typical season.
This is why the virus can have the same health risk to any particular person as the usual flu bug while at the same time being an enormous health risk on a city, state and national level. Recall the movie Mission Impossible 2 where our hero Ethan Hunt needs to stop the biological weapon “Chimera” from getting out? Chimera was fatal within 20 hours and those infected quickly experienced severe symptoms. That movie got it all wrong. The most dangerous virus would be one that infects its host and is easily transmitted from one person to the next for years without its host having any symptoms. With such a virus, by the time we even knew of its existence, the majority of the world’s population could already be infected.
As a final note, in the example above we assumed a fatality rate (meaning the percent of those infected that die) of just 0.134%. In China, as of February 11, 2020, according to data compiled by Statista, the fatality rate has been much higher – 21.6x higher in Hubei, 17.2x higher nationwide and 3x higher in other regions excluding Hubei.
As of February 27, 2020 at 18:00 Central European time, there were 650 confirmed cases in Italy, 17 deaths and 45 healed. This makes for a mortality rate of 2.6% which is 19.5x more deadly than our example. Current statistics can be found here.
In South Korea, as of the writing of this piece, the total confirmed cases had reached 2,022 with 13 deaths. This makes for a mortality rate of 0.64% which is 4.8x more deadly than our example.
According to LiveScience.com, as of the afternoon of February 28, 2020 there are have about 83,704 confirmed cases and 2,859 deaths. This makes for a mortality rate of 3.4% which is 25.5x more deadly than our example.
On that note, I’m going to go wash my hands… again.
Here at Tematica, one of the things we like more than anyone of our investing themes is when two or more of them intersect as it forms a super-theme of sorts. We’ve seen numerous examples over the last several quarters, but there are also times when the tailwind of one of our themes presents a headwind for another. We are seeing that unfold between the cashless consumption aspect of our Digital Lifestyleinvesting theme and our Middle Class Squeeze and Safety & Security ones.
There are benefits to be had with the move by business to digital commerce…
Some retailers are cutting out cash to speed up transactions, reduce the risk of theft and accommodate the increased use of credit and debit cards, as well as digital wallets like Apple Pay and Google Pay, to purchase services and products.
… and there are times when having to pay only by cash can be a hassle, especially if you’ve gotten used to paying with a swipe or a tap. There are also those folks that are tapping their credit cards harder than others as they look to make ends meet. According to the Federal Reserve Bank of New York’s latest Household Debt and Credit Report, consumer household debt balances have been on the rise for five years and quarterly increases continued on a consecutive basis, bringing the second quarter 2019 total to $192 billion.
But as the below excerpts note, not everyone in the entire population is able to participate in cashless consumption be it because they lack a debit or credit card. Others have those but are wary about leaving a digital trail that could be exploited by cyber attackers and compromise their privacy.
But with 6.5% of U.S. households in 2017 not having bank accounts, according to the FDIC, and 18.7% having accounts but also using financial services outside of insured institutions, some are pushing back on the trend
But it’s not just those without credit and debit cards who may balk at being told they can’t use cash. In an era when data breaches have occurred at institutions such as Capital One and credit rating agency Equifax, some consumers worry that cashless payments can infringe on their privacy.
“You do hear a good portion of people saying ‘Once we move to this cashless economy, there is a digital trail for every single one of my purchases, and I’m not entirely comfortable with that,’’’ Santana says. “And there’s a possibility there could be a data breach where your information gets compromised. The probability of a data breach happening is very low, but it is isn’t zero.”
Interestingly enough, despite these headwinds, the tailwind for cashless consumption continues to blow as evidenced by the continued decline in using cash.
Square Inc. found that four years ago, shoppers used cash for 46% of purchases that were less than $20. But this year, shoppers used cash for 37% of transactions in the same price range.
And while there may be some overlap in the user numbers, earlier this year Paypal’s (PYPL) Venmo reported 40 million users that completed one transaction in the prior 12 months, while Square reported 15 million Square (SQ) Cash App users for “monthly actives (at least one transaction in the past month).” While those numbers are larger than some digital user figures at banks — Bank of America (BAC) reported that its active base of digital users was 37 million in the March 2019 quarter and for the same period Wells Fargo & Co. (WFC) had 29.8 million active digital users – during the June 2019 quarter Apple (AAPL) Apple’s Apple Pay completed nearly 1 billion transactions per month, nearly transaction levels in the year-ago quarter.
What those figures tell us is in today’s increasingly connected world filled with more consumers embracing digital shopping and mobile ordering, for both convenience and in many cases better affordable prices, we will likely see a continued movement away from cash usage… but we may not see the use of cash disappear just yet. In thematic speak, two powerful tailwinds may be impeded by one headwind, but that will likely only slow the impact, not eliminate it.
As that shift away from cash continues, odds are we will see more companies embrace our Disruptive Innovatorstailwind and bring new solutions to market. One such company is Tematica Select List resident USA Technologies (USAT) that is bringing mobile payments to vending machines and unattended retail.
Another is the cash to debit card ReadyStation kiosk found at the now cashless Mercedes Benz stadium in Atlanta. The kiosk by ReadyCard that converts cash to a prepaid debit card that can be used anywhere VISA is accepted. That is but one solution that could thwart regulatory headwinds, especially if like the ReadyStation kiosk the resulting debit card is fee free.
From Philadelphia to San Francisco, several cities and states have passed or are considering bills that prohibit retailers from refusing to accept cash, a policy they say shuts out the millions of Americans who don’t have a bank account, lack credit cards or don’t have photo identification.
Another reminder that where there is a pain point, solutions tend to result.
A look at the thematic outlook we can piece together from the flow of earnings reports we’ve received thus far.
On this episode of the Thematic Signals podcast, we find ourselves in the thick of earnings season and Tematica’s Chris Versace not only provides an overview for how all of these reports are coming together to form a larger picture, he shares a thematic look at what’s moving several stocks, including Amazon (AMZN), Apple (AAPL), International Airlines Group (ICAGY), IBM (IBM), Netflix (NFLX), Skyworks Solutions (SWKS) and the impact of spending on cybersecurity. In thematic speak, it’s the Digital Lifestyle, Digital Infrastructure, Disruptive Innovators, and the Safety & Security themes, with an added dash of privacy. Of particular note, Chris is really excited about one of the latest signals for Tematica’s Cleaner Living investing theme as Nestle SA has found a way to dramatically reduce the sugar content of its KitKat bar. Why? Because it and other food and beverage companies are under pressure from consumers and governments alike to make healthier products amid rising obesity and diabetes rates. If Nestle keeps this up maybe one day it could land in the Tematica Research Cleaner Living Index.
In the 1976 motion picture, All the President’s Men, the catchphrase “Follow the Money” was coined. It was the advice given by the Deep Throat character as reporters Woodward and Bernstein looked to uncover the scandal that came out of the Watergate break-in. When it comes to thematic investing, the same advice should be heeded.
Very recently an interesting stat came across my desk in an article on MarketingLand.com that sheds light directly on our Safety & Security investment theme. The article covers a survey of over 4,000 adults in the U.S. and the United Kingdom with regards to their sharing behavior online:
Asked whether Cambridge Analytica and other data and privacy scandals had impacted their online behavior, 78% of respondents said yes. Among that group, 74% said they are sharing less information online. For those whose behavior has not changed, the survey found that “they were already highly protective of their information, or that they had accepted a lack of privacy when engaging online.”
Further into the article, an even more concerning stat reveals that consumers have no hope of achieving a level of privacy anymore:
Compared with the 2018 survey, consumers in the U.S. and U.K. now overwhelmingly believe [online privacy is not achievable]. The “online privacy is possible” respondents have declined from 61% in 2018 to 32% in 2019.
Impact of the Change in Online Behavior
One would think that with all of the cyber scams, data hacks and “fake news” pervading social media, and even the internet as a whole, we would see most of the internet darlings taking it on the chin.
Such negative effects from consumers’ evaporation in confidence of online privacy are not readily apparent — at least in the near term — when we look at the likes of social media giants Facebook (FB) and Twitter (TWTR). By all accounts, Facebook knocked it out of the park in its latest earnings report, which was released back in April 2019 and summarized the company’s first quarter of 2019. Mark Zuckerberg’s empire produced revenue for the quarter that soared 26% and net income per share that came in at $1.89 versus expectations of $1.62. Twitter (TWTR) too killed it in the first quarter with $787 million in revenue and first-quarter earnings per share of 37 cents, compared with analyst estimates of $776.1 million and 15 cents per share.
The longer-term impact, however, of consumers sharing less and less, and lacking trust in online sites with their data is that the level of user engagement begins to wain.
Why log into Facebook five . . . six . . . ok 24 times per day, if none of your friends are sharing anything worth looking at?
That “Fear of Missing Out” (FOMO) quickly goes away when all you are missing out on is your friend’s latest cat photos or the toddler video you’ve seen 17 times. If the content isn’t fresh and refreshed, at some point, you and your attention span will move to where it is, which will be something to watch for Netflix (NFLX) as Apple (AAPL), Disney (DIS), AT&T (T) push into the video streaming market tapping our Digital Lifestyle investing theme.
So we’ll be on the look out for any confirming data points on this when Facebook (FB) announces its Q2 earnings on July 24, 2019 and Twitter’s on July 26, 2019.
Regulation and Fines Also Keeping CEO’s Up at Night
Losing the engagement of a customer base for privacy concerns can be terrible, but actual missteps in the handling of customer data and privacy can come along with some hefty costs as well.
We already have the European Union’s GDPR regulation, which British Airways (BA) has run afoul of and hit with a $230 million fine and Marriott (MAR) as well with a $123 million fine. Additionally, the State of California’s California Consumer Privacy Act (CCPA) is to take effect in January of 2020 and we also have rumblings of Congress taking steps to impose GDPR-like regulations on a federal level.
So is Silicon Valley and the rest of Corporate America and beyond concerned about this?
While we can’t peak into the sleeping patterns of CEO’s and CIO’s of these companies, these kinds of concerns are being revealed when we . . . you guessed it . . . follow the money.
Yesterday, OneTrust, a privately held company focused providing tools and services to help companies comply with GDPR and assess their risk levels announced a $200 million Series A investment, which equals a not-to0-shabby $1.3 billion valuation for a company that is just three years old.
The OneTrust series A round came on the heels of a $70 million D round closed by San Francisco-based TrustArc. That latest round brings the total amount raised by TrustArc to over $100 million. In an article on VentureBeat.com covering the TrustArc news, the size of the privacy and compliance market as described as:
TrustArc competes to an extent with StandardFusion, LogicGate, Iubenda, and Netwrix Auditor, all of which are vying for a slice of enterprise governance, risk, and compliance market that’s estimated to be worth $64.62 billion by 2025. Bregal Sagemont partner Daniel Kim isn’t terribly concerned about rivals, though — he points out that TrustArc has engaged with over 10,000 customers to date across its client base of more than 1,000 clients.
Getting back to following the money, these are developments we monitor as we develop our themes where we look to identify those companies riding the tailwinds of a theme as reflected in operating profit or sales. In the case of privacy and compliance, it’s a key component of our Safety & Security investment theme and the planned release of a new index to go along with our Cleaner Living Index that was launched in June of 2019.
On this episode of the Thematic Signals podcast, Tematica’s Chris Versace gets investors and corporate leaders ready for what Fed Chairman Powell may do at this week’s semi-annual testimony in front of the House Financial Services Committee.
In June Powell signaled a more dovish tone with monetary policy citing the slowing global economy, trade related uncertainty and the lack of inflation. After Independence Day 2019, however, several pieces of new data may give Powell and the Fed some room to wait. What the data was and what it could mean, we discuss on the podcast. We’re also sharing several signals for our Digital Lifestyle, Cleaner Living, Living the Life and Safety & Security investing themes.
What’s going on in Oregon is more than likely typical of most governments and companies – a patchwork of systems that not only have difficulty talking to one another but also gaps that leave the government, company or other institution vulnerable to an cyber threat. Simply throwing money at the cyber security problem leads to silo solutions not a shrewd, cohesive cyber security system that is both proactive and reactive that protects the institution in full. Granted, cyber attacks are a moving target, but that also means their evolving nature combined with the growing adoption of our Digital Lifestyle and expanding access points under our Digital Infrastructure investing theme mean cyber security will likely remain a key growth driver for our Safety & Security investing theme. No wonder Broadcom is looking to scoop up Symantec.
Auditors say Oregon’s central administrative agency lacks basic controls to protect its information and systems from a cyber attack.
That means the Department of Administrative Services’ information and systems are at risk for “unauthorized use, disclosure, or modification,” according to a report released Wednesday, July 3, by Secretary of State Bev Clarno.
Auditors said a fragmented organizational structure and approach to managing security concerns may be parts of the problem. The agency’s roughly 30 subdivisions “receive varying levels of support” from the agency’s IT department, which supports only 16 of the 85 applications that workers use. The rest are supported by non-IT employees scattered throughout those divisions, and don’t receive oversight or involvement from the agency’s IT department, auditors said.
That has created inconsistency, and means the agency’s subdivisions may not be aligning with best practices when it comes to security.
Auditors said cyber-threats are a growing worry. “Cyberattacks, whether big or small, are a growing concern for both the private and public sector,” auditors wrote. “Recent breaches at Oregon state agencies have only escalated this concern.”
If there was any lingering doubt that cyber would be the next battleground between countries, that confirmation was had as the US opted to attack Iran using cyber strikes rather than traditional military ones. The fallout from such an attack will likely spur demand for cyber and other solutions tied to our Safety & Security investing theme.
The U.S. covertly launched offensive cyber operations against an Iranian intelligence group’s computer systems on Thursday, the same day President Trump pulled back on using more traditional methods of military force, according to U.S. officials familiar with the matter.
The cyberstrikes, which were approved by Mr. Trump, targeted computer systems used to control missile and rocket launches that were chosen months ago for potential disruption, the officials said. The strikes were carried out by U.S. Cyber Command and in coordination with U.S. Central Command.
The officials declined to provide specific details about the cyberattacks, but one said they didn’t involve loss of life and were deemed “very” effective. They came during the peak of tensions this week between the U.S. and Iran over a series of incidents across the Middle East, including Tehran’s shooting down of an American reconnaissance drone.
It’s long been thought that you leave home with four things – keys, money, wallet and your phone. Over time that thought process has shifted due to digital locks and payment systems to just your wallet and phone. We here at Tematica have been wondering for some time when personal identification, be it an identity card, drivers license, or passport, would become digitized and stored on our smartphone.
It would seem that day is finally approaching, but as with other forays into our Digital Lifestyle investing theme, we will likely see an added identify management tailwind for our Safety & Security theme as well
The Federal Ministry of the Interior has announced that it will be possible to scan German ID cards with an iPhone running iOS 13.
Apple originally locked the NFC reader in iPhones so that it only supported the data format for contactless payment cards, limiting use to Apple Pay. With iOS 13, Apple is removing that restriction, so that iPhones fitted with the chip will have the technical ability to read any NFC chip.
Apple still needs to approve apps on a case-by-case basis, but the existing precedents mean we can expect it to approve all official government apps for passports and ID cards. Any country that wants to be able to offer this capability to its citizens will be able to do so.
Macerkopf reported the news from Germany, noting that this will make it easier for German citizens to verify their identity online, as well as using the virtual card at airports.