Hacking attacks are nothing new.
On its website, cyber security specialist ECSC Group plc (LON:ECSC) lists the first hack as taking place in 1903, when Marconi’s fledgling telegraph was intercepted.
ECSC’s’ timeline also indicates clearly that attacks have become increasingly frequent.
Only this week, the UK’s National Cyber Security Centre (NCSC) warned it was a ‘matter of time’ before the country suffered a life-threatening cyber-attack.
Businesses and other institutions, too, face an ever-growing threat.
The NHS, Dixons and TalkTalk have all been subject to high-profile breaches of security in recent memory.
But with the introduction of new data protections rules in May (GDPR), the financial cost of being careless is punitive.
That’s in addition to any commercial and reputational damage a hack might cause.
Ian Mann, ECSC’s chief executive, points to TalkTalk’s £400,000 fine for the hack of 157,000 customers in 2015.
Under GDPR penalties, that fine could have been anywhere between £100m-200mln or up to 4% of annual global turnover as set out in the guidelines.
As yet, there has not been a major breach where enough time has passed since GDPR was introduced for the ICO to demand a fine paid of this magnitude, , but ECSC says business is growing as more companies take steps to protect themselves.
ECSC listed on AIM at the end of 2016 at 167p and at one time the shares reached almost £6 as investors bought into the cyber defence story.
“The cyber security market is a growing market,” says Ian Mann, “but it is not going up like a rocket, rather it is a steady incremental improvement.”
Indeed, failure to meet those early investor expectations resulted in heavy punishment for the share price, which at 92p now is still some way below the float level.
ECSC has also had to deal with a boardroom dispute that saw Mann stand down in April, only to re-join the board two weeks later.
He was subsequently re-appointed as chief executive in September.
It was a disagreement over strategy that caused the issues, but the upshot was that several non-execs departed and tech veteran Elizabeth Gooch joined the board.
Gooch sold her business EG Solutions to US firm Verint Systems for £26mln in 2017.
Mann adds the board now has a much clearer appreciation of where the company is going and how it will get there.
The core of the business is a consultancy arm that works with many of the UK’s senior companies to secure them against a hack.
Around 50 new consultancy clients were signed in the first half of 2018, with turnover 36% higher at £1.6mln.
ECSC’s aim is to migrate consultancy customers to become managed services clients that use it for 24/7 cyber protection.
Its sweet spot is companies with an IT staff of 10-100, as they don’t have the resources to maintain constant global coverage says Mann.
Managed services revenue jumped 52% in the first half of 2018 with the order book standing at £2.4mln.
A new artificial intelligence tool was introduced in June to enable potential suspicious activity to be spotted that much quicker.
After disappointing sales in 2017, revenues jumped 43% in the first of 2018 to £2.65mln, while there was a halved loss of £817,000.
Mann says if you look at sales over five, ten and fifteen years rather than six or twelve months, growth has been consistent at 20% per year.
Going forward that is where the market expects it to be as well.
Newly appointed house broker Allenby Capital predicts sales will rise to £5.4mln this year, £6.5mln in 2019 and £7.7mln in 2020.
In 2020, ECSC will also turn an underlying profit [EBITDA] of £1mln the broker suggests and have cash of £1.6mln.
On the 2020 numbers, the forward earnings multiple is about 12 currently, which seems to reflect the burnt fingers last year.
An average of 20% a year revenue growth is robust by any yardstick and if ECSC shows it can sustain it over a reasonable period, a re-rating looks likely, especially with the backdrop of a rise in cyber crime.
True, the market might have got carried away initially, but hacking is here to stay and for ECSC that can only be good news.