What was the SolarWinds 'Sunburst' cyberattack and why is it important for investors?

The SolarWinds 'Sunburst' attack was a sophisticated cyberattack discovered in 2020 where hackers compromised SolarWinds' software update system to distribute malware to thousands of organizations, including government agencies. The SEC's settlement with SolarWinds over this breach is significant because it establishes that companies can be held legally accountable not just for data breaches, but for inadequate security practices and misleading statements about their security posture. For investors, this creates a new regulatory environment where cybersecurity spending becomes mandatory rather than optional, potentially driving sustained growth for companies providing security and compliance solutions.

What is "Zero Trust architecture" and why does it matter?

Zero Trust architecture is a security approach based on the principle "never trust, always verify." Unlike traditional security models that trust users inside the network, Zero Trust requires verification from everyone trying to access resources, regardless of their location. With the SEC's increased focus on cybersecurity accountability, Zero Trust has become more important because it provides companies with stronger protection against breaches and a clear framework for documenting their security controls. Companies like Zscaler (ZS) that specialize in Zero Trust solutions help organizations implement this approach, potentially making them attractive investments as regulatory pressures increase.

What's the difference between cybersecurity and cybersecurity compliance?

Cybersecurity involves the technologies and practices that protect computer systems and data from attacks or unauthorized access. Cybersecurity compliance, on the other hand, focuses on meeting specific regulatory requirements and standards for security controls, policies, and disclosures. The SEC's recent actions signal that compliance is becoming just as important as security itself. Companies now need not only strong defenses but also the ability to document, verify, and report on those defenses. Several stocks in this group, like Qualys (QLYS), specialize in solutions that help automate compliance reporting, making them particularly relevant in this new regulatory landscape.

What does "exposure management" mean in cybersecurity?

Exposure management refers to the process of identifying, analyzing, and addressing potential security vulnerabilities across an organization's entire digital footprint. It goes beyond traditional vulnerability management by considering all possible ways an organization might be exposed to cyber threats. Companies like Tenable (TENB) specialize in this approach, helping organizations continuously discover assets, assess vulnerabilities, and prioritize remediation efforts. With the SEC now holding companies accountable for accurately disclosing their cybersecurity risks, exposure management tools have become essential for identifying and addressing potential weaknesses before they lead to breaches or regulatory issues.

Why is an ETF like CIBR included in this group of individual cybersecurity stocks?

CIBR (First Trust NASDAQ Cybersecurity ETF) provides diversified exposure to the entire cybersecurity sector, making it a complementary option to the individual stocks in this group. While individual companies offer targeted exposure to specific cybersecurity solutions, an ETF spreads risk across multiple companies. This can be valuable in a rapidly evolving sector where it's difficult to predict which specific technologies might emerge as leaders. Including CIBR gives investors a way to benefit from the overall growth trend in cybersecurity spending driven by regulatory changes without having to select individual winners. It's a more balanced approach that can work alongside investments in specific companies.

14 handpicked stocks

Cybersecurity Accountability

This carefully selected group of stocks represents companies at the forefront of cybersecurity defense and compliance solutions. As regulators increase scrutiny following the SolarWinds settlement, these businesses are positioned to meet the growing demand for breach detection, threat intelligence, and transparent reporting.

Han Tan | Market Analyst

Updated 2 days ago | Published at juillet 3