General Overview

CrowdStrike, the global cybersecurity company, announced in August that Adam Meyers, its senior vice president of counter-adversary operations, will testify before Congress in September regarding the company’s July IT outage, which disrupted industries globally, including air travel and banking.¹

The outage, triggered by a faulty content update, paralyzed key sectors. Estimates are that Fortune 500 companies lost more than $5 billion due to the glitch, and Delta Airlines, who say they lost $500 million in cancelled flights, is seeking damages from both CrowdStrike and Microsoft.²

The incident continues to raise concerns over cybersecurity resilience. Congressman Mark Green, chair of the Homeland Security Committee, stressed the need for clarity on how the incident occurred and what measures are in place to prevent future disruptions. Representative Andrew Garbarino, leading the Cybersecurity and Infrastructure Protection Subcommittee, highlighted that while no malicious actor was involved, hackers and other adversaries have likely taken note of the vulnerability exposed by the update failure. In response, CrowdStrike has implemented broad changes to its update testing and deployment processes to mitigate future risks or the possibility of cyberattack.³

Microsoft will host a cybersecurity summit in September in partnership with CrowdStrike, government officials, and tech firms to address how to prevent future such outages. The event will focus on developing “concrete steps” to protect critical infrastructure and establish both short- and long-term plans for enhanced security and resilience across the industry. While another major cyber incident due to a faulty update cannot be entirely ruled out, experts note that changes made to third-party software oversight since the July outage are promising, suggesting that any future incidents would likely have a much smaller impact.

The good news for investors is that, despite a temporary shock to its stock prices, CrowdStrike’s Q2 results released in late August suggest that no lasting harm has been done to the company’s reputation or earning potential. CrowdStrike exceeded expectations for Q2 but lowered full-year guidance due to free remediation costs for affected customers from the July 19 outage. Revenue was $963.9 million, up 32% year over year. Net income rose to $47 million, compared to $8.47 million a year earlier. Annual recurring revenue hit $3.86 billion, slightly above projections. 

Fortinet Inc

Fortinet has acquired Next DLP, a leader in insider risk and data protection, to strengthen its position in the data loss prevention (DLP) market. The acquisition aims to enhance Fortinet’s Unified SASE solution by integrating Next DLP’s advanced cloud-native SaaS platform and AI/ML-based anomaly detection. 

This move will bolster Fortinet’s standalone and integrated DLP offerings across endpoint and SASE deployments, aligning with its strategy to expand data security capabilities. Fortinet CEO Ken Xie highlighted that the acquisition will help enterprises manage insider risks more effectively. Next DLP’s technology, recognized in Gartner’s 2023 market guides for DLP and insider risk management, will also extend Fortinet’s global reach in data security. The integration is expected to add advanced data protection to Fortinet’s Security Fabric, solidifying its leadership in the cybersecurity industry.

Trend Micro Inc

In August, Trend Micro announced that its AI-powered cybersecurity platform, Trend Vision One, now serves over 10,000 large enterprise customers globally and has expanded to support small- and mid-sized enterprises (SMEs). This growth comes as cybersecurity talent shortages persist, and SMEs face increasing cyber risks. COO Kevin Simzer highlighted the platform’s value in addressing SMEs’ security needs, particularly as these businesses often lack formal risk frameworks. 

The platform, enhanced with tools for Managed Service Providers (MSPs), streamlines risk management and allows MSPs to expand services while improving operational efficiency, empowering MSPs to deliver comprehensive cyber protection and resilience. 

This expansion positions Trend Micro to meet the growing demand for cybersecurity solutions amid a shortage of skilled talent, helping businesses manage risk and strengthen their security posture.

CYBR ETF: Diversified Investing in Cybersecurity

A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio. 

Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cybersecurity industry. For more information, visit the fund page here: https://evolveetfs.com/cybr/. 

Portfolio Strategy and Activity

For the month, Fortinet Inc made the largest contribution to the Fund, followed by CrowdStrike Holdings Inc and Trend Micro Inc. The largest detractors to performance for the month were Okta Inc, followed by Qualys Inc and Tenable Holdings Inc. 

Sources

  1. Tarabay, J., “CrowdStrike VP Set to Testify to Congress on IT Outage,” BNN Bloomberg, August 30, 2024; https://www.bnnbloomberg.ca/business/2024/08/30/crowdstrike-vp-set-to-testify-to-congress-on-it-outage/
  2. Gorelick, E & Bloomberg, “CrowdStrike outage will cost Fortune 500 companies $5.4 billion in damages,” Fortune, August 3, 2024; https://fortune.com/2024/08/03/crowdstrike-outage-fortune-500-companies-5-4-billion-damages-uninsured-losses/
  3. Tarabay, J., “CrowdStrike VP Set to Testify to Congress on IT Outage,” BNN Bloomberg, August 30, 2024; https://www.bnnbloomberg.ca/business/2024/08/30/crowdstrike-vp-set-to-testify-to-congress-on-it-outage/
  4. Brice, J., “Microsoft is organizing a special summit with CrowdStrike, government officials, and tech firms to prevent another global computer meltdown,” Yahoo Finance, August 23, 2024; https://ca.finance.yahoo.com/news/microsoft-organizing-special-summit-crowdstrike-200752033.html
  5. Novet, J., “CrowdStrike beats quarterly consensus but lowers full-year guidance,” CNBC, August 28, 2024; https://www.cnbc.com/2024/08/28/crowdstrike-crwd-q2-earnings-report-2025.html
  6. “Fortinet Strengthens Its Top-Tier Unified SASE Solution with Acquisition of Enterprise Data Security Company Next DLP,” Fortinet, August 6, 2024; https://investor.fortinet.com/news-releases/news-release-details/fortinet-strengthens-its-top-tier-unified-sase-solution
  7. “Trend Micro Platform Exceeds 10K Large Enterprise Customers, Extends Proven Solution to Small Enterprises,” Trend Micro, August 2, 2024; https://newsroom.trendmicro.com/2024-08-02-Trend-Micro-Platform-Exceeds-10K-Large-Enterprise-Customers,-Extends-Proven-Solution-to-Small-Enterprises

Getty Images Credit: Tunvarat Pruksachat

The contents of this blog are not to be used or construed as investment advice or as an endorsement or recommendation of any entity or security discussed. These contents are not an offer or solicitation of an offer or a recommendation to buy or sell any securities or financial instrument, nor shall it be deemed to provide investment, tax or accounting advice. The information contained herein is intended for informational purposes only.
Commissions, management fees and expenses all may be associated with exchange traded funds (ETFs). Please read the prospectus before investing. The indicated rates of return are the historical annual compound total returns net of fees (except for figures of one year or less, which are simple total returns) including changes in unit value and reinvestment of all distributions and do not take into account sales, redemption, distribution or optional charges or income taxes payable by any securityholder that would have reduced returns. ETFs are not guaranteed, their values change frequently and past performance may not be repeated..
Certain statements contained in this blog may constitute forward-looking information within the meaning of Canadian securities laws. Forward-looking information may relate to a future outlook and anticipated distributions, events or results and may include statements regarding future financial performance. In some cases, forward-looking information can be identified by terms such as “may”, “will”, “should”, “expect”, “anticipate”, “believe”, “intend” or other similar expressions concerning matters that are not historical facts. Actual results may vary from such forward-looking information. Evolve Funds undertakes no obligation to update publicly or otherwise revise any forward-looking statement whether as a result of new information, future events or other such factors which affect this information, except as required by law.

Tags crowdstrike it outage  cyberattack  CYBR  data loss prevention  ETF  Hackers  Microsoft  tech