The cybersecurity market is expected to grow to some US$350 billion in size by 2029, according to Global X.
With increasing reliance on digital ecosystems leaving individuals, businesses, and governments vulnerable to the exponential rise of cyber threats, investment strategist Billy Leung has underscored the growing attractiveness of this megatrend.
“If you look at the past 12 months, or even the last 24 months, technology has obviously been one of the key drivers of global US indices,” Leung told InvestorDaily.
However, to this point, the likes of semiconductors and hardware have largely underpinned technology’s market dominance - software, on the other hand, has lagged global indices.
“After a year or two of mega outperformance by tech, I do think right now there could be some opportunistic rotation into the laggards, which is software,” he explained, with cyber security representing a significant portion of this market.
Global X’s own cybersecurity ETF, BUGG, has returned 32.9 per cent over the past 12 months.
On occasion of the ETF’s launch, chief executive Evan Metcalf said that cyber security is a matter of personal, organisational, and national security.
“Australians have seen firsthand during the major Medibank and Optus data breaches how devastating cyber attacks and hacking can be,” Metcalf said.
And now with global economies on their way to, or indicating towards, a lower interest rate environment, Leung believes the thematic is poised to gain further ground.
“As we enter into an interest rate cutting cycle, it does also mean that it's very likely entering into a low growth cycle,” the investment strategist said to investorDaily.
“What we found empirically and historically is that this is actually good for companies with more consistent earnings. If you look at software names, they generally have much more consistent earnings, mainly because a lot of their earnings are recurring.”
Moreover, cybersecurity is likely to remain insulated from rising geopolitical risks.
“When there's tariffs or trade wars, this is a segment which does not get involved…there's no tariffs, there's no sanctions on software,” Leung said.
“These are mostly benefiting from local or even domestic US growth. So this is something that's going to be very resilient to geopolitics and US politics.”
But beyond the macro view, Leung opined that the rapidly-rising awareness of the role cyber security plays in our society builds a compelling case on its own.
Namely, out of the five largest security breaches in history, based on estimated financial damage, three of them occurred within the last three years, according to data from Global X.
“We're seeing more breaches and we're seeing larger ones, so I think there's a rising awareness,” Leung explained, adding that increased data traffic and activity from the likes of e-commerce and social media are exacerbating the risk.
He noted that the timing is particularly ripe for the cyber security sector as it is set to undergo a “refresh cycle.” Just as mobile devices need to be replaced every few years, the investment strategist explained, cybersecurity software also requires regular updates.
“Now we are entering a period, or close to entering, a refreshment cycle or replacement cycle, and these are where the key players are generally going to benefit.
“I'm looking at Authonet, Crowdstrike, Checkpoints at Palo Alto - this is the longer term thematic,” Leung concluded.
Approaching the ‘tipping point’
Earlier this year, Leung explained that the cumulative impact of numerous small incidents and breakthrough innovations is poised to catalyse substantial growth for cybersecurity - creating a “thousandth paper cut” effect.
“What’s happening now is there’s a lack of awareness or inaction either on the corporate side or the investment side. These are global numbers, but in terms of ransomware attacks, it’s actually up 70 per cent in 2023 and this is one of the highest growths in the past,” he said in July.
“If you look at the average cost of each cyber security breach, it’s actually gone from $3 million per breach to over $4 million in the last eight years, and despite all this, the global spending on cyber security has maintained at around 6 per cent of total IT spending.”
In this context, Leung believes, firms are fast approaching the “tipping point” before they begin to elevate investments to this burgeoning technology trend.
“I’m always saying that, especially with thematics and innovation, we’re waiting for the thousandth paper cut. One paper cut doesn’t hurt, but when you get that thousandth paper cut, it’s really going to start hurting,” he added.
Cyber security investment is also being influenced on the policy front, he pointed out, with the US Securities and Exchange Commission (SEC) now requiring public companies to disclose material cyber security incidents they experience and, on an annual basis, material information regarding their cyber security risk management, strategy, and governance.
“I think that’s a really big step in terms of promoting and incentivising companies to spend more on cyber security.”