Shares in companies that make security software for computers have been on a tear lately. Although unwanted e-mail and viruses have been a threat to computing for years, 2005 has witnessed what seems to be an unprecedented number of attacks aimed at stealing data and electronic cash.

Since January, companies and government agencies in the U.S. have reported more than 50 significant breaches of computer data, potentially affecting almost 50 million people.
The largest — at Atlanta-based CardSystems Solutions Inc., a payment-processing company — accounted for almost 40 million potential exposures of debit and credit cards, including about 500,000 accounts held by Canadians.

It’s difficult to say whether the numbers represent a peak. U.S. firms and state governments have been compelled to notify the public about data breaches only since 2003, when California passed a landmark bill. Seventeen states followed suit, and the federal government is now contemplating similar legislation. Data breaches in Canada, in sharp contrast, are dealt with quietly, with the exception of several provincial government agencies.

The heightened publicity about data theft is prompting businesses and consumers alike to pay more attention to securing their online activities. The result has juiced up security software revenue and earnings, which have been posting solid gains since April 30.

Three firms — Entrust Inc. of Ottawa, McAfee Inc. of Santa Clara, Calif., and RSA Security Inc. of Bedford, Mass. — saw their share prices jump well in excess of the Nasdaq composite index’s rise from April 30 to Aug. 15. Not coincidentally, many analysts contend that investors should now stay away from all three.

Entrust, a supplier of secure identity software (which verifies you are whom you say you are), has seen its share price soar almost 70% since its April 26 earnings call, when CEO Bill Conner confirmed a trend of profitability. Benjamin Green, an analyst with Avondale Partners LLC of Nashville, Tenn., projects double-digit sales increases for Entrust, to US$113.9 million in 2006 from US$91 million last year, combined with slim but consistent profits. However, Green contends, the growth prospects aren’t good enough to justify the recent share price. In mid-July, with Entrust trading at US$5.37 a share, Avalon downgraded the firm to a 12-month price target of US$5.25. Entrust continued rising, however, closing at US$6.40 on Aug. 15.

McAfee has put on a terrific show since early last year, thanks to a partnership with America Online, which sets up each of its new subscribers with McAfee anti-virus software. However, revenue growth is expected to ease next year as the AOL subscriber base becomes saturated. A second factor putting a damper on McAfee prospects is an ongoing investigation into its accounting by the U.S. Securities and Exchange
Commission.

Investors hunting for better value in the security software industry can probably find it in a pair of security specialists held down in recent months by the impact of significant acquisitions.

Topping the security “buy” list — with three of every four analysts surveyed by Bloomberg LP recommending it — is Cupertino, Calif.-based Symantec Corp. , one of the industry’s heavyweights. Ordinary computer users know it through purchases of its anti-virus, anti-spam and personal firewall software sold under the Norton brand name. But Symantec also markets heavy-duty security software for corporate networks.

Equally significant, Symantec has become a force in data-storage technology following its US$13.5- billion acquisition of Veritas Software Corp., announced in December 2004 but completed in July.

The Veritas deal is key to understanding the opportunities analysts see in Symantec. CIBC World Markets Inc. and Kaufman Bros. Equity Research have 12-month price targets of US$33 and US$32 a share, respectively, on Symantec — vs its US$21.61 close on Aug. 15. CIBC World analyst Shaul Eyal in New York argued in an Aug. 10 note that people are overestimating the difficulties of making its merger work.

“With [the current quarter] being the first for the combined company, investors need to take a longer-term view of the story,” he wrote. “Merger risks associated with the Veritas acquisition are priced into the stock.”

Eyal estimates Symantec’s post-merger revenue will hit US$5.6 billion in the fiscal year ended March 31, 2007, up 115% from fiscal 2005. Projected earnings will jump 119% to US$1.4 billion, although he expects earnings per share to rise only 37% to US$1.18.

@page_break@The acquisition does two things for Symantec. First, it diversifies its base of technology into an area that’s not only fast-growing on its own but also requires security software.
Most of this year’s data breaches have involved compromised data storage networks.
Second, the Veritas deal shifts Symantec’s base of customers away from consumers, whose purchase patterns tend to be volatile, and toward corporations, whose buying habits tend to be more predictable. Consumers last year accounted for 51% of the company’s total sales, but by 2007 that portion is expected to tumble to 30%.

Verisign Inc. of Mountain View, Calif., is another popular pick with two out of every three analysts surveyed by Bloomberg carrying a “buy” recommendation. Verisign is best known for its Internet naming and directory business — it looks after the registry for dot-com and dot-net domain names, charging a few dollars per name each year. It also has a sizable Internet security business involving services for authenticating Internet users, which establish that you are whom you say you are and have the authority to access the information you request.

Verisign’s fastest-growing business is a relatively new one. It emerged from its US$273-million purchase last year of Berlin-based Jamba! AG, a provider of wireless content services such as ring tones, games and text messaging. The idea was to bolster Verisign’s burgeoning telecommunications services unit through which the company provides wireless roaming, directory access and billing, and payment technology.

In many ways, the Jamba acquisition, known as Jamster in North America, has been a spectacular success. At the time of the June 2004 merger, Verisign predicted Jamba would achieve sales of US$70 million in the second half of 2004; actual revenue reached almost US$170 million. Jamba products are now doing even better. In the quarter ended June 30, they accounted for US$171 million of sales — or 39% of Verisign’s total.

In early August, Deutsche Bank analyst Todd Raker predicted two of the U.S.’s largest telecom carriers — Sprint and Verizon — would sign up with Jamster by yearend. He also noted the service will be added to markets in Russia, the Czech Republic and Portugal. The upshot: Raker reckons Verisign’s earnings per share will jump 49% this year to US$1.07, and another 17% next year. Accordingly, he has a 12-month target price of US$38 a share, a significant increase from the Aug. 15 close of US$23.85.

But other analysts aren’t as convinced of Jamster’s staying power. Kevin Buttigieg, an analyst with A.G. Edwards & Sons, in New York, pointed out in an Aug. 10 note that Jamster’s sales outside the U.S. (the vast majority) took an unexpected 10% tumble in the second quarter from the first quarter. Buttigieg speculated the firm’s wildly successful “crazy frog” ring tone finally ran out of new buyers. In the absence of another ring tone hit, many subscribers cancelled their monthly plans.

Buttigieg projects Verisign’s mobile services content unit will grow at a modest clip year-over-year, while the company’s original security business will increase by 15%-19% over the next two to three years. The result in 2006, he expects, will be a 19% jump in revenue to US$2.1 billion and earnings per share to US$1.27 a share. He rates such performance a “hold” — in large part because he feels the Jamster business is too risky to justify jumping in.

The irony is Verisign moved into the mobile content business to diversify its sales away from what was then an underperforming ID security unit. Now, the latter is providing the steady base for Verisign’s still-healthy market value. IE