We can expect a ransomware attack every two seconds in 2031, an increase from every 11 seconds in 2011, according to Cybersecurity Ventures. Ransom payments and related costs will also skyrocket over the next decade, with estimated costs growing to US$265 billion in 2031 from US$65 billion in 2021.

Organisations that want to avoid these costs and the headlines which come with such attacks will increase their IT security spending dollars, Morningstar senior equity analyst Mark Cash says.

In a recent report, Cash examined how ransomware attacks have developed, how this affects the cybersecurity firms, and which ones are best poised to respond to this opportunity.

Here are key takeaways from Cash’s report and two cybersecurity stocks to watch amid increased ransomware attacks.

More innovative ransomware attacks

Cybercriminals have recently found that traditional ransomware--meaning malicious software that can encrypt data and paralyse devices--isn’t enough to threaten targets, owing to organisations having data backups or strong cybersecurity practices.

Now cybercriminals employ “double extortion” tactics. This involves traditional data encryption along with stealing confidential information like intellectual property, emails, or business plans. Cybercriminals then threaten to release this information to boost their odds of a ransom payout, Cash explains.

There’s also been a shift from individual people deploying attacks to organised, developed networks of attackers. Cash believes threat actors were spread too thin by handling all the steps between developing ransomware, negotiating ransom, and collecting ransom payment. Now, cybercriminals can focus their expertise and outsource other tasks, “spawning the notion of ransomware-as-a-service,” Cash says.

High-profile ransomware attacks

Social-distancing-induced remote work and school created widespread opportunities for cybercriminals.

One of the most high-profile attacks was on a Florida public school system in April 2021. They were held hostage for aUS $40 million ransom along with 26,000 stolen files as part of “double extortion" tactics.

The school system counteroffered with US$500,000, but that wasn’t enough--so the attackers published the thousands of stolen files. Cash explains that public organisations like school systems “are becoming popular prey because of their antiquated security measures and tight staffing budgets.”

One of the more public attacks came on Colonial Pipeline in May. Colonial Pipeline’s CEO said in a US Senate hearing that it paid the US$5 million ransom quickly, since it was part of critical infrastructure. To deal with the attack, the company shut down its infrastructure, which hampered fuel transfer to the US East Coast, Cash explains.

Two cybersecurity picks to watch

The technical expertise of cybersecurity firms like CrowdStrike (CRWD), Zscaler (ZS), and Fortinet (FTNT) is attractive, but aggressive growth expectations have created lofty valuations, Cash says.

He sees another cybersecurity firm, Check Point Software (CHKP) as undervalued, yet its longer trajectory for share price appreciation lags its peers. This leaves Okta (OKTA) and Palo Alto Networks (PANW) as the top picks amid increased ransomware attacks.

Okta receives a 4-star Morningstar Rating for Stocks, meaning it’s undervalued. Palo Alto Networks receives 3 stars, meaning it’s fairly valued and not currently a buying opportunity--though it makes for a good watchlist candidate. These two companies also receive narrow Morningstar Economic Moat Ratings.

Here’s a closer look at Okta and Palo Alto Networks, according to Cash.

Okta

Okta (OKTA)

“We believe that enabling access management and protecting networks from malicious actors based upon identity credentials are cornerstones of cybersecurity, and that the dissipation of a distinct security perimeter could make security teams further rely on user-based cybersecurity. Okta's cloud-based identity access solutions upended the prevailing methodology of protecting users and providing access to digital resources based upon on-premises products. We believe that Okta's innovative solutions for user access and security will provide it with a sustainable presence, and we expect strong revenue growth alongside significant margin expansion.

"Okta addresses two primary markets through its workforce identity and customer identity products. Workforce identity affords protection and allows access for a customer's employees, contractors, and partners, while customer identity is for enabling a customer's customers. Okta melded these two distinct markets within its identity cloud, and has a robust integration network that simplifies identity access and security protocols for the applications its customers rely on. We expect Okta's solutions to be in high demand due to entities desiring a seamless experience for its employees and customers when accessing requested applications, while also ensuring that networks are protected. Always-connected distributed workforces are increasingly using more cloud-based resources, which amplifies the complexity of cybersecurity. We believe that Okta's network of application integrations provide it with a unique selling proposition in that entities can holistically provide identity access across their cloud-based and on-premises applications in a manageable fashion.

"Alongside a rapidly expanding customer base and gaining more clients with larger deals, Okta is migrating upstream to land more enterprise clients and expanding internationally. The company has become a favorable partner with large system integrators, which we expect to help its growth plan with large customers undergoing digital transformation and market expansion efforts.”

Palo Alto Networks (PANW)

“Palo Alto Networks became a leading cybersecurity provider through its next-generation firewall appliance altering the requirements of this essential piece of networking security. The firm's portfolio has expanded outside of network security into areas such as cloud protection and automated response. Looking ahead, we think Palo Alto's nascent threat-prevention solutions will provide robust growth along with a significantly improved margin profile.

"The complexity of an entity's threat management increases as the quantity of data and traffic being generated off-premises grows. Network security can be attacked from various angles, and we posit that security will remain a top concern for all enterprises and governments, which bodes well for Palo Alto and its peers. Security point solutions were traditionally purchased to combat the latest threats, and IT teams had to manage various vendors' products simultaneously, which leads us to believe that IT teams are clamoring for security consolidation to manage disparate solutions. Core to Palo Alto's technology is its security operating platform, which provides centralized security management. We believe the ability to add technologies via subscriptions in the Palo Alto framework can alleviate complications by providing more holistic security, which can generate sustainable demand.

"We expect that Palo Alto will continue to outpace its security peers by focusing on providing solutions in areas like cloud security and automation. Palo Alto's concerted efforts into machine learning, analytics, and automated responses could make its products indispensable within customer networks. Although we expect Palo Alto to remain acquisitive and dedicated to organic innovation, we believe significant operating leverage will be gained throughout the coming decade as recurring subscription and support revenue streams flow from its expansive customer base.”