If oil was the most important commodity of the 20th century, then data is undoubtedly the most important of the 21st. I should probably know this by now – but having recently forgotten my spare pair of socks as I headed to the gym the reality suddenly hit home.
At the last minute I headed to M&S, only to see how big an impact the recent cybersecurity breach actually was. Contactless was not working, vouchers were a “no-no” and even chip & pin took an age to work. Staff were even manually checking fridge temperatures due to concerns about digital monitoring systems.
A couple of weeks later, the issues are far from solved as others – notably Harrods and the Co-op – are also reacting to cyber-attacks. In short, companies are facing a range of problems – and costs – including data recovery, loss of business, remediation and a longer-term impact on brand and reputation.
Things are likely to get worse with growing geopolitical concerns (there are plenty of hackers from Russia, China and North Korea to name a few) and the rise of digitisation. All of this means companies must continually adapt to avoid becoming victims.
Figures suggest that global spending on cybersecurity could exceed $400bn by 2030, a near 10% annual growth rate. Research from KPMG shows that 76% of global chief executives agree that cybercrime and insecurity will negatively impact their organisation’s prosperity over the next three years.
Allianz Technology Trust manager Mike Seidenberg said cybersecurity is critically important because nearly every aspect of modern life – from banking and healthcare to energy grids and national defence – depends on digital infrastructure.
His firm undertakes an annual survey highlighting cyber-attacks as the most important business risk for corporate clients. As a result, IT budgets are typically growing 3-4% per annum, compared to 10-12% secular growth in cybersecurity spending.
From whack-a-mole to a digital arms race
Many would put all elements of the technology sector in the growth bucket but cyber security is style agnostic – like undertakers, bread makers and hairdressers, it is needed on an ongoing basis. AXA Framlington Global Technology co-manager James Dowey said the sector has continued to post strong double-digit returns in the past decade, even at points when there has been a slowdown across the wider software sector.
Historically, cybersecurity has been a difficult area to invest in as companies grow in a short period of time and don’t necessarily kick on to a point of sustainable profitable growth.
Dowey and co-manager Matt Ward try to avoid investing in early-stage companies for this reason. “A company’s product has got to be so critical for a sustained period of time or they are building more features to effectively become a security platform, chasing the next threat landscape,” Ward said.
Up until now there has been a “whack-a-mole” reactive approach, with security teams focusing on responding to individual threats as they emerge, rather than addressing the root causes and vulnerabilities that allow those threats to persist. But there are now plenty of providers building platforms that can offer greater security.
Artificial intelligence (AI) changes the game
Liontrust Sustainable Future Managed holds Palo Alto, a global cybersecurity company known for its network security platforms and cloud-based offerings.
Manager Peter Michaelis said: “Digital security is an arms race. It is a $100bn-plus market and grows at mid-teens per cent each year. It does not stop if an economy slows because hackers don’t. They use AI so you have to use AI to stop it.”
He added it is a theme that will “run and run”, noting that we’re already seeing the move from individual packages to protect emails, network monitoring and firewalls to cloud-based offerings.
“Your chief technology officer can’t manage all these packages; firms like Palo Alto or CrowdStrike will offer you a whole platform to solve all these problems,” concluded Michaelis.
Dowey agreed that cloud and AI have changed the game, making it more pressing as our dependence on tech grows. He said we are no longer living in a world of everything being kept in a traditional office (with on-site, and you have a firewall. which is like a moat around the castle).
As more people work remotely, the desire for cloud services has increased. The move has been to “zero trust architecture”, which is more like a lockdown facility that devices talk to (as opposed to talking to one another).
He pointed to companies such as Zscaler, which has already built a competitive advantage in zero-trust, cloud-based systems.
The final point I want to make is AI will only speed up the need for solutions. I read that the average enterprise has around 15 cybersecurity functions across a number of vendors.
AI is enabling hackers, so having an integrated system (offering many of these services) is both cost-effective and more secure, which perhaps points to the potential for further mergers and acquisitions (M&A) in this market.
Google is a good example. Its parent company Alphabet acquired the cloud security company Wiz for $32bn, its largest ever acquisition. Dowey said this figure is almost as big as the cloud security market itself. It enhances the relative attractiveness of Google Cloud at a time when Microsoft has had more success with its Azure platform.
Cybersecurity is a rock-solid investment opportunity. It is also present across all markets. For example, Baillie Gifford Shin Nippon holds Global Security Experts, which does everything related to cybersecurity, ranging from training to preventative measures.
This tech sub-sector is style neutral, with a secure and growing market that will continue to have billions of pounds thrown at it in terms of research & development (R&D) and M&A as companies seek solutions to the growing threat of hackers.
Darius McDermott is managing director of FundCalibre and Chelsea Financial Services. The views expressed above should not be taken as investment advice.