Sizing up thematic returns in February

Sizing up thematic returns in February

Equities continued to swoon during February as investors came to grips with the expanding impact of the coronavirus. Amid a growing sea of corporate warnings that led investors to question earnings forecasts for the current quarter as well as all of 2020, all the major stock market indices finished February down 6.4%-10.1%. The hardest hit was the Dow Jones Industrial Average, and the US stock market barometer that is the S&P 500 fell 8.4% in February, which added meaningfully to its decline year to date. 

Despite investors taking profits in the Technology and Healthcare sectors, they along with Communication Services helped temper the market’s February selloff. Names like Regeneron Pharmaceuticals (REGN), Biogen (BIIB) and Gilead Sciences (GILD) saw gains on advances in potential coronavirus treatment development in particular. While markets overall were impacted by unfolding events during the month Energy, Utilities and Consumer Discretionary names seemed to lead the way down. Muted demand for oil due to reduced manufacturing activity and fears of continued softening in the global economy saw oil prices drop almost 17% during the last week of the month. Unsurprisingly, cruise line operators Norwegian Cruise Lines (NCLH) and Caribbean Cruise Lines (RCL) were among the worst performers this month both posting losses over 30% with Carnival Corporation (CCL) not too far behind losing over 23% of its market value as those companies paired back 2020 expectations due to the coronavirus’s impact. The same was had with airlines with American Airlines Group (AAL) down 29.68% and Alaska Air Group (ALK) off 21.88% as they too canceled flights and reduced schedules owing to the virus.  

At Tematica we’ve often questioned the notion of the S&P 500’s construction as well as the ability of an 11-sector framework to accurately capture the evolving landscapes that we and other investors find ourselves confronting as structural changes associated with our 10 investment themes continue to unfold.  In our view a different perspective is needed, a thematic one, to properly identify those companies at the forefront of these unfolding structural changes. For example, cruise lines such as the ones mentioned above fall into the Consumer Discretionary sector while companies such as Omega Healthcare Investors (OHI) that offer long-term healthcare facilities is classified as Real Estate even though both are feeling the tailwinds of Tematica’s Aging Population investing theme on their respective businesses.

Another example of looking at the world thematically is found in the Tematica Research Cleaner Living Index, which focuses on the shifting consumer preference for cleaner products and services that are better for you, your body, your work, your workplace, and the environment.  Despite sharp February sell-offs in several index constituents, including Acuity Brands (AYI). Fresh Del Monte Produce (FDP) and Hain Celestial (HAIN), solar energy systems companies Sunrun (RUN) and SolarEdge Technologies ((SEDG), as well as plant-based alternative Beyond Meat (BYND) and Tesla (TSLA), led the Cleaner Index to slip by only 3.1% in February. That decline more than offset the index’s modest rise posted during January leaving it down 2.6% year to date vs. the S&P’s 8.6% drop at the end of February. 

Of note during February, 

  • Plant-based meat alternatives notched another win as Beyond Meat announced the Beyond Meat sandwich will be available at Starbucks’ (SBUX) nearly 1,200 coffee shops across Canada on March 3. The sandwich will include cheddar cheese and egg on an artisanal bun. Not to be outdone, Impossible Foods announced its plant-based meats will be available across Walt Disney (DIS) theme parks and cruise lines come Feb. 28. 
  • Confirming the drivers for Cleaner Living are global, during February it was reported by the Fraunhofer Institute for Solar Energy Systems (ISE) that 61.2% of Germany’s net public electricity generation was from renewable sources, marking a new monthly record. 
  • And while Tesla has an early lead in the electric vehicle space, BMW is set to take the wrap off its i4 electric concept car and General Motors (GM) is slated to discuss its electric vehicle and battery strategies at its upcoming EV Day on March 4. GM’s battery facing comments will be ones to watch ahead of Tesla’s “Battery Day” slated for April.

Amid the coronavirus headlines investors were digesting during February, there were two powerful reminders of the growing need for cybersecurity and digital privacy solutions. The first was the announcement from gaming and hospitality giant MGM Resorts International (MGM) that it had been the victim of a data breach in 2019. The second was a statement from the US State Department blaming the Russian military intelligence agency known as the GRU for the cyberattacks that hit Georgia last October and disrupted “several thousand Georgian government and privately-run websites and interrupted the broadcast of at least two major television stations.”

Those attacks are but the latest high-profile ones to be reported and point to the increasing need for companies, governments, other institutions and individuals to protect their data, especially as the regulatory environment could increase the frequency of financially motivated cyber-attacks. Each week in Thematic Reads, we share some of the latest headlines and news stories surrounding the Foxberry Tematica Research Cybersecurity and Data Privacy Index. As society becomes increasingly connected as part of our Digital Lifestyle investment theme and as new technologies associated with our Digital Infrastructure investing theme look to connect more devices than ever before, we continue to see an increasing demand profile for the constituents that comprise the Foxberry Tematica Research Cybersecurity & Data Privacy Index. During February the index fell 8.2% as gains registered in the shares of Cloudflare (NET), Norton Lifelock (NLOK) and ForeScout Technologies (FSCT) were offset by declines in Palo Alto Networks (PANW), Globalscape (GSB) and Mimecast (MIME) shares. 

Turning to the Tematica’s Thematic Dividend All-Stars Index, which is comprised companies with at least ten consecutive years of increasing annual regular dividend payments and whose business models will benefit from multiple thematic tailwinds tracked by Tematica’s Thematic Scorecard, its total return for February was -8.1% vs. the total return for the S&P 500 of -8.3%. Among the index’s 65 constituents, only Healthcare Services Group (HCSG), Albemarle Corp. (ALB) and Target (TGT) finished higher in February, leaving meaningful declines at Aaron’s (AAN), Nu Skin (NUS) and Invesco (IVZ) to have a greater impact on this equally weighted index. 

Generally speaking, companies that continually increase their dividends to shareholders tend to see a positive step function higher in their share prices. During the first two months of 2020, just over 25% of the index constituents announced fresh dividend increases including Aaron’s (AAN), Analog Devices (ADI), Digital Realty Trust (DLR), Best Buy (BBY) and AT&T (T). Given the positive impact of tailwinds associated with Tematica’s investment themes, we look forward to sharing news of new dividend increases at the other 72% of the index constituents in the coming months. 

GRU’s Grand Day Out and MGM’s Bad Privacy Luck

GRU’s Grand Day Out and MGM’s Bad Privacy Luck

In the last twenty-four hours, we’ve had two powerful reminders of the growing need for cybersecurity and digital privacy solutions. The first was the announcement from gaming and hospitality giant MGM Resorts International (MGM) that it had been the victim of a data breach in 2019. The second was a statement from the US State Department blaming the Russian military intelligence agency known as the GRU for the cyberattacks that hit Georgia last October and disrupted “several thousand Georgian government and privately-run websites and interrupted the broadcast of at least two major television stations.” 

As the digital world becomes increasingly pervasive so too does the need for cybersecurity and data protection solutions. The passage of General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act are both driving spending on security measures as companies race towards compliance with these new personal data privacy regulations.

In the case of the MGM breach, the personal details of more than 10.6 million guests of the resort chain were published on a hacking forum, including information from driver’s licenses, passports, and military ID cards. While the company doesn’t have any current operations in California, it does have operations in Maryland, Massachusetts and New York. All three of those states introduced new privacy laws in 2019, which are pending in Maryland and Massachusetts but active in New York as of January 2020. 

Those new laws and a growing number of similar legislative acts emerging in other states are intended to increase the cost to companies of data breaches compared. As we noted in “A Whitepaper on Cybersecurity and Privacy”, fines associated with privacy law violations can be $100-$750 per user, which could be financially devastating. If a company doing business in California experienced an attack similar in size and scope to MGM’s, it would be staring down a potential fine between $1-$8 billion. For some perspective, the MGM breach paled in comparison to the 2018 breach at Marriot International (MAR) that exposed data of up to 500 million guests. 

Luckily for MGM, this data breach occurred in 2019 before new privacy laws were enacted this year. Even so, in response to the attack, MGM retained two cybersecurity forensics firms to conduct an internal investigation into the server exposure and has “strengthened and enhanced the security of our network to prevent this from happening again.”[1] That means spending on cybersecurity and data privacy solutions. Given the evolving nature of attacks, this will not be a one-time investment. MGM, and all companies facing such risks, will need to be perpetually vigilant in safeguarding their networks especially customer data. 

Threat intelligence firm KELA identified the culprit behind the MGM attack as a member of the GnosticPlayers[2], a hacking group responsible for the hacks of more than 45 companies and the leaking of over one billion user records throughout 2019. The new privacy laws in the US and the European Union expand the potential damage such hacking groups can inflict on companies, increasing the need for cyber protection lest they leave themselves vulnerable to attacks and privacy-related fines. The new privacy regulations increase the potential financial harm to a company from hacking, creating yet another powerful incentive for preventative security spending. 

While the attack on MGM was a clear example of the need for better corporate cybersecurity and data privacy, the cyberattack on Georgia, is one of cyber warfare. The Georgia attack knocked out thousands of government, private sector, and media websites, and interrupted broadcasts of at least two major television stations.

The UK’s National Cyber Security Centre (NCSC), concluded, “with the highest level of probability, “the attacks, aimed at web-hosting providers, were carried out by the GRU (a Russian military spy agency) in a bid to destabilize the country. The GRU is also believed to be behind NotPetya, a June 2017 cyberattack that invaded global corporate networks crashing many systems worldwide, disrupting business for companies including “Maersk, pharmaceutical giant Merck, FedEx’s European subsidiary TNT Express, French construction company Saint-Gobain, Mondelez, and Reckitt Benckiser. “[3]

In terms of the size of the NotPetya attack, “According to confirmation received by WIRED from former Homeland Security adviser Tom Bossert, the result of this attack was more than $10 billion total loss in damages.”[4] That compares to losses of $4-$8 billion associated with the WannaCry virus in May 2017.

While the attack on Georgia is gaining renewed exposure, the reality is it is just the latest in a growing number of cyber warfare attacks; a list of such attacks is being compiled by the Center for Strategic & International Studies. 

The bottom line is in a world of increasing connectivity that brings ever greater accessibility, companies, governments, and institutions are facing a cyber arms race that will generate continual and growing demand for evolving cyber defense solutions. If a company opts not to secure itself, it risks devastating fines. We suspect the more prudent companies will instead engage with cybersecurity and data privacy companies that comprise the Foxberry Tematica Research Cybersecurity & Data Privacy Index.


[1] ZDNet, “Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum”, 2020. Available at https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/

[2] ZDNet, “Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum”, 2020. Available at https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/

[3] NS Tech, “Russia’s GRU launched cyberattacks aimed at destabilising Georgia, says NCSC”, 2020. Available at https://tech.newstatesman.com/security/russia-gru-cyber-attacks-georgia-ncsc

[4] Business Standard, “NotPetya: How a Russian malware created the world’s worst cyberattack ever”, 2018. Available at https://www.business-standard.com/article/technology/notpetya-how-a-russian-malware-created-the-world-s-worst-cyberattack-ever-118082700261_1.html

Hospitals push device makers to improve security following cyberattacks 

Hospitals push device makers to improve security following cyberattacks 

As the kinds of cyber attacks companies and other businesses are experiencing expand, we are seeing the actual victims, as well as potential ones of these attacks, step up their efforts to protect themselves. In hospitals, one of the areas of focus is internet connected equipment, but we can see how this will quickly spill over to the burgeoning Internet of Things and larger 5G markets, igniting a new round of demand for companies that fall within the parameters of our Safety & Security investing theme.

Hospitals are pushing medical-device makers to improve cyber defenses of their internet-connected infusion pumps, biopsy imaging tables and other health-care products as reports of attacks rise.

Rattled by recent global cyberattacks, U.S. hospitals are conducting tests to detect weaknesses in specific devices, and asking manufacturers to reveal the proprietary software running the products in order to identify vulnerabilities. In some cases, hospitals have canceled orders and rejected bids for devices that lacked safety features.

Hospitals, after a decade of racing to wire up their medical records and an explosion of internet-connected medical devices, are growing more aggressive with technology suppliers amid pressure to better defend against incursions that could threaten patients and cause costly disruptions. Credit-rating agency Moody’s Investors Service in February ranked hospitals as one of the sectors most vulnerable to cyberattacks.

In stepping up their efforts, hospitals have gone beyond building firewalls and taking other actions to shield their own networks—they have moved into demanding information like the software running devices that manufacturers have long considered proprietary. The requests have generated tensions between the sides.

Source: Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security – WSJ

New cyber attacks aim to steal corporate funds

New cyber attacks aim to steal corporate funds

It comes as no surprise cyber attacks are continuing. As we’ve shared in the past when discussing our Safety & Security investing theme, cyber is the new war front. Now we are seeing is a more pronounced change in the types of attacks (ransomware) and the targets (healthcare and small businesses). Perhaps the thinking is those new targets are more vulnerable or they lack adequate security measures that have been put in place by larger organizations.

From our Safety & Security perspective, it says the under protected will need to step up their cybersecurity spending to thwart the growing threat, creating demand along the way.

The threat of cyberattacks continues to grow, and small businesses (SMBs) are caught in the crosshairs.

The latest research in small business cybersecurity has revealed the relentless nature of the threat, with new strategies emerging and new strains of ransomware rearing their ugly heads. As a result, 71 percent of ransomware attacks are now targeting small businesses, according to a report released by Beazley Breach Response (BBR).

Its most recent Beazley Breach Briefing, released last month, analyzed 3,300 data incidents in 2018, and found that small businesses face a higher risk of being targeted by a ransomware attack than larger enterprises.

“The threat posed by cybercriminals continues to grow in complexity as they devise new techniques to breach IT security and trick unsuspecting employees into allowing them access to systems,” said Beazley Global Head of BBR Services Katherine Keefe in a statement. “Unfortunately, we see these threats globally across all sectors, and we strongly believe that education about the risks and preparedness are as important as IT security measures for protecting individuals and assets from cyberattacks.”

Beazley researchers found that the mean for ransomware attack demands was $10,310, though one incident saw a demand for $8.5 million. Healthcare emerged as the largest target for ransomware attacks, followed by financial service providers and professional services. Meanwhile, instances of the Business Email Compromise (BEC) are also on the rise: About 47 percent of all incidents examined last year were the result of a hack or malware — and, of those, about half were BEC scams.

Source: New Cyberattacks Rise To Steal Corporate Funds | PYMNTS.com

The SEC is calling for better controls as cyber scams grow

The SEC is calling for better controls as cyber scams grow

We’re not one to make lite of any fines assessed by the Securities Exchange Commission (SEC) or any corporate losses, but among the pain identified from an SEC investigation showed there is much room for improvement when it comes to identifying malicious cyber attacks even ones as simple as those found in an email. Should the SEC get its collective back up over cyber attacks given that investors rely on a company’s internal controls, and find companies are being lax in their security, we could see the SEC step in and issue fines to foster better corporate behavior. That would add another catalyst for cybersecurity spending, bolstering our Safety & Security investing theme in the process.

Another proof point that threats to one’s safety and security are being had in a variety of new and different ways.

Public companies that are easy targets of cyber scams could be in violation of accounting rules that call for firms to safeguard assets, the Securities and Exchange Commission said.

The SEC said in an investigative report that nine public companies wired nearly $100 million to hackers who impersonated corporate executives or vendors using emails. One company made 14 wire payments to a hacker, resulting in more than $45 million in losses, the SEC said.

“Cyber frauds are a pervasive, significant, and growing threat to all companies, including our public companies,” SEC Chairman Jay Clayton said in a statement. “Investors rely on our public issuers to put in place, monitor, and update internal accounting controls that appropriately address these threats.”

The type of scam the companies faced, known as business email compromises, have been responsible for more than $5 billion in losses since 2013 and ranked last year as the top cause of estimated losses linked to any cybercrime, the SEC said, citing data from the Federal Bureau of Investigation.

The investigation signaled regulators’ increased scrutiny of companies’ efforts to protect against cyber scams and whether intrusions are made easier due to poor compliance.


Company executives and boards have been grappling with cybersecurity issues long before the latest prodding from the SEC, said Charles Elson, director of the Weinberg Center for Corporate Governance at the University of Delaware. “Can anyone at this point figure out how to appropriately deal with this issue? That’s the difficulty of this whole area,” he said. “You are dealing with criminals. This is something that boards are dealing with,” he said.

Not all companies that fall for cyber scams are guilty of having lax safeguards, the report said. “What is clear, however, is that internal accounting controls may need to be reassessed in light of emerging risk.”

Source: SEC Calls for Better Accounting Controls as Cyber Scams Increase – WSJ

Axon’s new body cameras add greater law enforcement connectivity to the security equation

Axon’s new body cameras add greater law enforcement connectivity to the security equation

If we were only to read the headlines, one might think that cybersecurity is the only form of protection one needs these days. I’ll grant you that as we venture deeper into our Digital Lifestyle and Digital Infrastructure themes, odds are cybersecurity will play an increasing role, but there will still be other forms of security and protection needed. Those along with cyber-security give rise to our Safety & Security investing theme, which is poised to benefit from increasing military spending as well as new products with new capabilities that will aid law enforcement and help improve personal security.

Axon, the preeminent manufacturer of body-worn cameras for law enforcement, has launched the latest version of its devices, known as the Axon Body 3.

The new version features gunshot detection, livestreaming, and wireless uploads.The current version of the cameras, which are typically worn in the mid-chest region, must be physically docked before investigators can access the footage. These also lack detection and livestreaming capabilities.

Since May 2018, when Axon acquired its next-largest rival, VieVu, it has had a near-monopoly in the United States on body-worn cameras. A tiny Silicon Valley startup rival, Visual Labs, has been selling its Android-based cameras, which have had livestreaming and similar wireless features for at least two years.

Axon made the announcement Saturday evening at a law enforcement conference held in Orlando, Florida. The company, formerly known as Taser, also said that it has improved the camera’s ability to capture low-light situations in the new version.

Beyond the camera, Axon promoted a new version of its previous flagship product, the Taser 7, at the event. That device is now integrated with the company’s Evidence.com cloud-based storage system.

Source: Next generation of body cams for cops can livestream, detect gunshots | Ars Technica

BMO and CIBC attacks are reminders of the growing cyber threat

BMO and CIBC attacks are reminders of the growing cyber threat

Another reminder that cybersecurity, a key aspect of our Safety & Security investing theme and our Safety & Security Index, is the 21st century version of insuance – one needs to have for when something does go wrong. With $445 billion lost last year to cybercrime, I see that making cybersecurity a must have for companies as well as elevating it past the C-suite and into the Boardroom.

Similar to insurance, people tend to become complacent as the cyber attack headlines die down. As these two attacks show, however, the hackers are not taking a breather and that means cybersecurity growth prospects remain vibrant.

 

 

Bank of Montreal and Canadian Imperial Bank of Commerce (CIBC) announced Monday (May 28) that hackers stole data on close to 90,000 customers.

According to a report in Reuters, Bank of Montreal said it was contacted by hackers who claimed to have personal and financial data on its customers — the bank thinks it’s less than 50,000 of its 8 million customers. The spokesman wouldn’t tell Reuters if customers’ money was stolen in the hack, but did say that the hackers said they would make the data public. The bank is working with authorities and has launched an investigation.

Reuters noted that the Bank of Montreal thinks the attack happened from outside the country and is confident it has shut off the exposure that led to the data breach. Meanwhile, CIBC said fraudsters also contacted it, claiming to have stolen personal and account information on 40,000 customers. Both banks said they have notified customers and urged them to monitor their credit reports.

Source: Bank of Montreal, CIBC Announce Cyberattacks | PYMNTS.com

Pacemaker Security Update Needed to Protect Hearts From Being Hacked

Pacemaker Security Update Needed to Protect Hearts From Being Hacked

If you need more evidence that we are living in an increasingly internet-connected world, look no further than a recent software update aimed at making sure 465,000 people with pacemakers don’t have hearts that are vulnerable to hackers.

The U.S. Food and Drug Administration announced this week that medical device company Abbott has issued a corrective action for implantable cardiac pacemakers made under the St. Jude’s Medical brand. According to the company, there is a “risk of patient harm due to potential exploitation of cybersecurity vulnerabilities.”To address this heart-hacking vulnerability, Abbott is issuing a firmware update to the pacemakers.

Source: 465K People Need A Pacemaker Security Update To Protect Their Hearts From Hacking – Consumerist