The Big Trends - Part 5: Cybersecurity And How Your Data Is Protected

“The typical big winner in the Lynch portfolio (I continue to pick my share of losers, too!) generally takes three to ten years or more to play out.” — Peter Lynch

We’re five weeks into our Big Trends series and this time, we’re looking into the huge world of cybersecurity ! It’s been a decades-long game of tug of war, between hackers improving their offence and their targets improving their defence, and it’s only going to get bigger.

So let’s look at the importance of cybersecurity, why the industry has bright future prospects, and how to get exposure to it!

🎧 Would you prefer to listen to these insights? Checkout the audio recording on Spotify and Apple Podcasts !

Cybersecurity: Digital Defence That Everyone Needs

In an increasingly interconnected digital world, cybersecurity has transitioned from being a discretionary luxury to an absolute necessity.

The alarming frequency and sophistication of cyberattacks observed in recent years have underscored the importance of robust security systems.

The likes of Yahoo, Adobe , Facebook , LinkedIn, Robinhood , and Uber among many others, have all experienced cyberattacks or large data breaches over the last 10 years. In all likelihood, these cyberattacks will become more frequent as time goes on and more of our key personal data is accessible online.

Megatrends: Opportunities on the Front Lines of Cybersecurity - Morgan Stanley

While these attacks weren’t catastrophic to the businesses, they can lead to some significant reputational damage. One recent example would be Optus, Australia’s second largest telecom, losing 10% of customers in the wake of their recent data breaches and 56% of remaining customers considering changing from the telco .

The impacts of these cyberattacks will likely be forgotten in time, but it goes to show that even the biggest players, with the biggest budgets are susceptible to malicious cyber threats.

And these are just the ones that we hear about in the news. There are no doubt hundreds of thousands of attempts on these businesses that get prevented by existing cybersecurity systems that prevent attackers before they do any damage.

Kevin Mandia, CEO of Mandiant (now part of Google Cloud), did a 2022 year in review where he discussed attacker techniques, cyber defense tips for security operators, and how cybersecurity is impacting Board and executive decisioning. An attack can cripple a business overnight, be it operational, or reputational, and hence, the market for cybersecurity is expanding rapidly. This growing demand, coupled with technological advancements, is expected to redefine the sector's boundaries and present lucrative opportunities for investors.

Resilience In Security Spending And The Huge Untapped Market

A 2022 survey from Morgan Stanely to CIO’s showed the resilience of spending within cybersecurity and cloud computing no matter the economic environment.

CIO’s were asked to rank expenses from least likely to most likely to be cut in a recessionary period, and the results indicated that Security software (i.e Cybersecurity) was the least likely to be cut.

Compare this with second placed Digital Transformation (i.e. deploying tech to improve customer experience and reduce costs) which only 5% of respondents deemed to be the least likely to be cut, and we begin to see how valued cybersecurity is to businesses.

2022 CIO Survey: Which areas are likely to see spending cuts - Morgan Stanley Research

This resilience of cybersecurity expenditure seems to paint a very important picture. This is a sector that will see continual investment for years to come.

According to McKinsey, the damage from cyberattacks will likely amount to about $10.5 trillion annually by 2025 . With global spending on cybersecurity amounting to only $150 billion in 2021, the mere cost of not having adequate cybersecurity would seem to suggest that there’s more wiggle room for greater cybersecurity expenditure among businesses.

The report goes on to suppose that there is a pretty alarming differential between the current vended market and the total addressable market.

At an assumed penetration rate of 10% for today’s security solutions, the report implies up to 90% of businesses lack adequate security protection for their needs, an opportunity that amounts to a staggering $1.5 trillion to $2.0 trillion addressable market .

Global Cybersecurity TAM and penetration - McKinsey & Company

And this shortfall in adequate security isn’t something that is easily remedied for these companies. Given there’s a global shortage of cybersecurity talent , organizations have little choice but to engage with third-party vendors because they can’t solve these problems internally.

Meaning, if access to talent remains an issue, outsourced services will be essential for companies that need to support strong security outcomes.

This further reinforces the expected growth rates and demand for cybersecurity solutions, and can help explain why some researchers expect the cybersecurity industry to grow at 13.8% annually to reach revenues of $425 billion by 2030 , from $172 billion today.

Recent and Future Innovations in Cybersecurity

By nature, cybersecurity is an industry that requires constant innovation.

Cybercriminals and potential targets are playing a constant game of tug-of-war between developing new malicious attacks that can go undetected and developing new security software that can anticipate the unknown threat.

As we touched on last week , artificial intelligence is slowly making its way into every industry and cybersecurity is no different. Let’s take a look at anti-viruses to illustrate the example.

Traditional antiviruses work by scanning programs and files as they enter your device and comparing them to known viruses. However, the problem with that may be obvious… Any malicious piece of software unknown to the anti-virus is very difficult to detect.

This is where AI and Machine learning steps in.

By leveraging algorithms that can analyze patterns, detect anomalies and predict potential threats, machine-learning-based cybersecurity offers a proactive approach.

Specific threats don’t need to be known about to be protected against. Simply knowing the patterns associated with how threats work is enough to premeditate many types of attacks.

Here are some of the ways in which the latest innovations in machine learning are pushing the boundaries of cybersecurity:

1. Predictive Analytics ut ilizes historical data and AI predictive models to forecast potential attack vectors, enabling companies to take preventive measures even before they’re under attack.
   
   
2. Behavioral Analytics analyzes user behavior and feeds the data into a trained machine learning model to identify patterns that tend to indicate suspicious activities, such as unusual login attempts, that may signal a breach.
   
   
3. The previous two innovations rely on analyzing data to identify threats, whereas Automated Incident Responses use machine learning to automate responses to detected threats, quickly isolating infected systems to prevent the spread of malware.

The benefits of AI/ML driven cybersecurity solutions don’t stop there. Aside from being more accurate in the face of unknown threats, AI/ML Cybersecurity solutions can be quite lightweight and easily deployable.

Crowdstrike’s Falcon Module is only 15MB but is a model that has been trained with data gathered from the company’s other protective measures. The result is an Anti-Virus (AV) program with minimal performance overhead but robust threat detection capabilities.

Innovating For Our Growing Interconnectivity

Cybersecurity hasn’t had to just keep up with the growing number and complexity of cyberattacks, it’s had to keep up with the new ways in which we store data or communicate with networks.

As a response, different branches of cybersecurity have arisen to protect us in the different ways we interact with networks.

1. Network Security : Protects the integrity of network traffic by controlling incoming and outgoing connections. This includes firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
   
   
2. Endpoint Security : Focuses on securing individual devices such as computers, smartphones, and tablets. This will be the type of cybersecurity most people will be familiar with.
   
   
3. Cloud Security : Ensures the safety of data stored in cloud environments through encryption, access control, and secure data transmission. Services like Amazon’s AWS, Google Cloud or Microsoft Azure require robust cloud security infrastructure to protect the transmission and storage of data in the cloud.
   
   
4. Identity and Access Management (IAM) : Regulates user access within a network through authentication, authorization and access control.
   
   
5. Application Security : Targets the security of software applications, employing measures like code review, security testing, and application firewalls.
   
   

What The Future Could Hold For Cybersecurity

Of course it’s impossible to tell how the cybersecurity industry is going to shape up in years to come.

It’s clear that AI and machine learning are the newest frontier in which the industry is exploring, but it’s an interesting thought experiment to think about where the industry could head next.

Perhaps innovations in advanced biometric security or passwordless authentication is the next big step. Or perhaps it’ll be building a more secure application security ecosystem.

Just think, if autonomous cars become commonplace, there’s a major safety risk if their control systems are vulnerable to attack. These examples could begin to form the basis of a strong investment narrative that could guide your research in the cybersecurity space.

Getting Exposure To The Cybersecurity Trend

A key thing for investors to remember in this space is patience. There will be periods of slowdown in spending depending on macro conditions and there will be periods of elevated growth in cybersecurity spending.

If we as investors are looking 10 years out though, the fluctuations in the middle won’t matter too much to us. In fact, they may provide opportunities to buy high quality businesses during temporary setbacks when the market is only looking a few months ahead..

For those looking for exposure to the cybersecurity space, there’s the direct approach of investing in individual cybersecurity stocks, and then there’s the broader ETF approach for those with less conviction in specific players in the space.

Some of the biggest cybersecurity stocks in the US include: Broadcom , Cisco , IBM , Palo Alto Networks , Fortinet , CrowdStrike , Zscaler , Check Point Software , Okta and Tenable .

For analysis on some of these stocks and a look at even more cybersecurity stocks, check out our Top 10 Cybersecurity stocks .

When researching cybersecurity stocks, here are some of the key things to think about:

1. The type of cybersecurity the company specializes in :
   1. Do they specialize in Network security? Cloud security? Application security? A mix?
2. Who their core customers are:
   1. Are they corporations? Government agencies? Individual consumers?
3. If they’re well positioned to take advantage of new innovations :
   1. Are they well capitalized enough? Have they announced any new products? Have they recently made any acquisitions?

For those looking for ETFs in the US, there’s the likes of LOCK , CIBR , BUG IHAK , WCBR , HACK and many others globally.

When comparing ETFs make sure you look at:

1. Fund holdings (to know what stocks you’ll own through it)
2. The fees (lower the better)
3. Net assets of the fund (typically, the bigger the better)
4. Product Structure - physical or synthetic (does it own the underlying asset, or derivatives on the asset? (the former is typically preferred)

Reviewing ETFs holdings can be a great way to get familiar with companies in the space, and to find ideas to research further. 

If you're outisde the US, a simple Google search can help find cybersecurity stocks or ETFs within your local market, and the framework above should help when researching those investments.  

What Else is Happening?

Here’s few news items that we thought were worth noting…

• 💰11 major Wall Street banks have been fined a collective $549 million for failing to back up employees’ messaging app histories. Federal regulatory agencies have cracked down on the use of “off-channel” messaging apps (WhatsApp, iMessage, Signal and text messages) for conversations relating specifically to business.
  • This latest round of fines has brought the total fines associated with the Wall Street ‘WhatsApp Probe’ to over $2.5 Billion , relating to unauthorized messaging within major banks.
  • While it is standard practice at most banks to maintain records of employees' email communications, firms have struggled to restrict all communications to these official channels. 
    
    
• 🏢 WeWork’s share price plunges 40% after raising “substantial doubt” over its future. The company says that in order to survive, it’ll need to drastically improve its liquidity and profitability over the next 12 months.
  • The company has warned that it’s already facing high turnover rates among its members , undoubtedly a consequence of rising popularity in remote or hybrid work.
  • In response to skyrocketing operating expenses, WeWork has outlined a plan to begin negotiating more favorable lease terms, controlling other spending and seeking additional capital.
    
    
• 📉 Following on from Fitch Ratings’ downgrade of US Debt, Moody’s decided to join the fun by cutting the ratings of 10 U.S. banks.
  • Among the lenders who had their rates cut were M&T Bank , Pinnacle Financial , BOK Financial and Webster Financial .
  • Moody’s also put several big lenders on notice, with Bank of New York Mellon , U.S. Bancorp , State Street and Truist Financial among the names of those under review for a downgrade.
    
    

Key Events During the Next Week

There’s a few things to be looking out for this week, with the UK reporting its June unemployment rate on Tuesday and its inflation data for July on Wednesday.

US Retail data is also on the radar for this week, with the consensus coming in at 0.4% growth, up slightly from June’s 0.2% growth figure.

Those who like a complete view of the global economy might also be interested in China’s industrial production data.

Earning season continues with a few heavy hitters still to report along with a few cybersecurity companies which we’ve already mentioned this week:

• Home Depot
• BHP
• Suncor Energy
• Cisco Systems
• Target
• JD.com
• Walmart
• Applied Materials
• Deere & Company
• Palo Alto Networks
• Estee Lauder Companies

Have feedback on this article? Concerned about the content? Get in touch with us directly. Alternatively, email editorial-team@simplywallst.com

Simply Wall St analyst Bailey and Simply Wall St have no position in any of the companies mentioned. This article is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material.