The current investing environment
Once considered a niche domain reserved for investors with a specialist focus, cybersecurity stocks are now enjoying a period of rapid growth, which should put them on the radar of any investor looking to gain exposure to a promising industry.
Firstly, the sector has been one of the big winners of the global economy’s digitisation. This process has been ongoing for years but Covid-19 has spurred this forward as businesses have sought to adjust to remote working and cashless payment infrastructure.
Researchers from the World Economic Forum expect this digitisation to generate a $100tn “dividend” for businesses and society by 2025. But it also opens new avenues through which cybercriminals and other malicious actors can attack organisations by exploiting flaws in their defences.
According to Deilotte, it is this accelerated move to the digital economy which is the main catalyst for a steep increase in cyber attacks against businesses. Close to half of all UK companies reported breaches of security last year, and the trend has continued into 2021, with a number of high-profile attacks and breaches occurring across a diverse range of industries.
The JBS attack, for instance, struck the largest meat processing firm in the world and cost the company $11m (£7.8m) in ransomware payouts. A second attack targeted the Colonial Pipeline Project to leave a major piece of US infrastructure completely inoperational, causing disruption to millions and sending ripples across the commodities, oil and cryptocurrency markets.
Overall, Cybersecurity Ventures estimates that such incidents have cost the global economy around $6tn this year alone, with cybercrime being a more profitable mode of illegal activity than the global drug trade. Additionally, it expects this cost to increase by about 15% per year. If correct, this would rise to a total cost of over $10tn by 2025. While hugely damaging on a global scale, such attacks can also be fatal to individual companies.
Even without including the cost of operational disruptions, businesses that fail to protect customer information are liable to face huge fines, which could dent earnings and negatively impact investor confidence for years. In the UK and Europe, companies risk potential fines equivalent to £17.5m or 4% of their annual turnover, as well as suffering the reputational damage that can accompany such incidents.
This combination of factors has convinced commercial leaders that cyber security should now be a vital part of their businesses. A Microsoft research report shows that executive leaders have now grown conscious of the need to integrate cyber-security technology and best practices into their businesses, with the vast majority ranking cyber threats as a major danger to business operations.
However, the same report finds that corporate leaders also feel less confident in their abilities to resist the growth in cyber incidents. This deficit represents a golden opportunity for cyber-security firms to achieve impressive growth, and there are a number of ongoing developments that look set to increase their importance.
Cyber security in the near future
Many of the changes made to the economy by Covid-19 are likely to be with us for some time.
This is especially true for remote working practices. A survey by Mckinsey reveals that the majority of business leaders expect that future commercial operations will be a mix of remote and on-site work. Often, this entails the use of public or home wifi, which may not have sufficient safeguards to resist potential breaches. In particular, Morgan Stanley has identified a clear “convergence” between the use of public wifi and more effective cyber attacks.
If true, this could represent a specific theme within the broader cyber-security marketplace with significant growth potential.
Alongside this, we are in the middle of a technological transition, which depends upon the connection and networking of ever growing numbers of sensors attached to an expansive range of devices. Better known as the Internet of Things (IoT), it entails the linking of billions of devices, all continuously connected and communicating, and bound together by “Big Data.”
The World Economic Forum’s (WEF) State of the Connected World report expects over 41 billion devices to be connected to internet networks by 2025. These, it argues, will range from electric cars and infrastructure (such as bridges and ports) to automated farms, with the number of connected devices growing at an exponential rate.
The WEF expects this network to increase efficiency but, again, will open potential breach points that could have major ramifications for economic activity. When the Suez Canal was briefly blocked this year, there was major disruption across multiple industries. In the event of an attack against critical infrastructure in a future like that described by the WEF, we could see far more severe outcomes.
This is why all major economies are investing heavily in the cyber-security industry. A recent summit, chaired by US President Joe Biden, brought together tech CEOs, utilities providers, banking and insurance industries, and educators with the goal of implementing one of the most ambitious investment programmes in the history of the cyber-security industry. This followed Biden’s earlier equest to Congress for $9.8bn in funding to improve the security of US federal agencies.
This is likely to be just the start of a wave of government money being injected into the industry. A report from the UK Ministry of Defence notes that there will be an exponential increase in the number of cyber attacks and suggests massive government investments in the industry.
How to invest in cyber security
With all these macro economic and societal factors spurring the industry on, it should not surprise us that some estimates expect the cyber-security market to grow to $400bn by 2027.
With this in mind, investors will be wondering the best way to gain a piece of the market. There are several ways that investors could take. They can either pick individual cybersecurity companies to invest in or put their money into themed cyber-security funds.
Investing in cybersecurity stocks
If choosing to invest in stocks, investors may choose to go with those companies with a proven track record and a dominant position in the industry, such as firms with the largest valuation. Below are three of the largest US cyber-security stocks by market capitalisation.
Crowdstrike (CRWD) is a company that deals with the entire product and software line of cyber security, providing a wide spectrum of cyber-security services, including endpoint security, threat intelligence and cyber-attack response.
The company gained media attention when it was involved in the investigation of major cyber attacks, including the attack against Sony by North Korean hackers in 2014, and the attacks against the DNC during the 2016 US election. It currently holds a market cap of $59.23bn, with its stock delivering year-to-date (YTD) growth of 22.54%.
The second bluechip in the market is Fortinet (FTNT). This company has a particular focus on industry hardware but also provides a range of software services. In 2018, it entered into a long-term information sharing deal with Interpol, placing FTNT at the heart of international policing operations.
FTNT’s market cap currently hovers around $49.25bn and it has managed to beat Crowdstrike in terms of recent growth, with YTD return of 103.01%.
Close behind the other two, Palo Alto Networks (PANW) also offers investors a potentially lucrative option. The company currently sports a market cap of $46.75bn and offers a range of services that operate across the entire enterprise cyber-security product line.
The company is used by the vast majority of Fortune 100 firms, becoming a well-known brand across the technology space in the process. That’s something that has contributed to PANW investors seeing a YTD growth of 35.05%.
Selecting companies already at the top of the market means that investors will benefit from the steady hand of an experienced executive team and a well-known brand.
There are significant drawbacks to this, however. Stock picking requires a tremendous amount of research that can be time-consuming as an investor should look into a company's financial statements to evaluate its business health. Plus, a lack of diversification would mean investors putting all of their eggs into one basket, and if a company experiences problems, there is a high risk of potential losses.
Cybersecurity investment funds
Exchange Traded Funds (ETFs) track a specific market or sector. ETFs allow investors to gain broad exposure to their market of interest without having to focus on a single company. This method provides a higher portfolio diversification by spreading the risks across the entire sector in a single trade.
Here is a list of the biggest Nasdaq-listed cyber-security funds with assets under management (AUM).
First Trust NASDAQ Cybersecurity ETF
First Trust NASDAQ Cybersecurity ETF (CIBR) comprises some of the most profitable and well known companies in the space. While dominated by American cyber-security firms, it also benefits from geographical diversity, drawing in companies from the UK, France and Japan.
Thus far, the fund has $4.8bn under management, and has experienced an impressive growth of 47.94% throughout the last year and 169% over the previous five years. With an expense ratio of 0.60%, this fund provides a cost-effective way for investors to gain a slice of the biggest cyber-security firms.
ETFMG Prime Cyber Security ETF
ETFMG’s Prime Cyber Security ETF (HACK) enables investors to gain exposure to the entire cyber-security product chain, including companies that specialise in hardware, SaaS and data analytics. Therefore, it reflects the entire industry closely. The fund holds some $2.4bn AUM, with an expense ratio of 0.60% coupled with previous returns of 11.73% YTD, and 19.62% over the last five years.
Global X Cybersecurity ETF
Investors looking for a wider geographical distribution might be interested in the Global X Cybersecurity ETF (BUG). This fund sports a total AUM of $870.27m, an expense ratio of 0.50%, and has achieved a growth rate of 50.24% since its inception in 2019.
While dominated by American firms, BUG also contains cyber-security stocks emanating from a number of other growth regions, including East Asia, where the cyber-security market is set to grow by $51bn in the next five years.
Geographical distribution also allows investors to increase the resilience of their portfolios in the face of potential economic or political crises concentrated in a single country or region.
The bottom line
Ultimately, investors are spoiled for choice when it comes to cybersecurity stocks to buy, with options to suit every strategy be it passive or active investing. However, investors should bear in mind that, like all financial assets, cybersecurity shares and funds will come with risk.
This may be especially true in this space as it is an industry that is still very much in development. In addition, technology stocks do return high levels of volatility when compared to more mainstream firms.
But given the fact we live in a world increasingly dominated by technology, coupled with rising geopolitical tensions and the growing skills of cyber criminals, now may be the time for those investors with the stomach for such volatility to take the plunge into the cyber-security marketplace.