Cybercrime: Threat and opportunity

Simon Black, Head of Investment Management at Dolfin, looks at how to assess investment opportunities in the cybersecurity space

The continued growth in cybercrime is creating a long-term opportunity to invest in companies that help organisations and individuals defend against it. The ever-increasing amount and value of data in the world means that incentives for criminals to illegally access and exploit this information keep growing. The nature of cyberattacks is also evolving constantly, and with it the demand for more sophisticated security.

The global market intelligence firm IDC forecasts that worldwide annual spend on cybersecurity solutions will grow from $103bn in 2019 to $134bn in 2022. But even that may not be enough to keep pace. According to Netscout, there were nearly four million cybercrime attacks globally in the first half of 2019, up 39 per cent on the previous year.

Meanwhile, according to a report from Ponemon Institute and Accenture, fewer than a quarter of companies relied on the internet 10 years ago – now, 100 per cent do. But almost 80 per cent are adopting digital innovation faster than their ability to secure it against attack. The report calculated the total value at risk from direct and indirect cybercrime at US$5.2 trillion over the next five years.

The number of security companies has grown rapidly to meet this threat, with new start-ups arriving regularly. But an estimated skills shortage of three million people has left organisations struggling to recruit and retain professionals.

Furthermore, new rules, such as the general data protection regulations (GDPR) and the California consumer privacy act (CCPA) are holding organisations more accountable for the protection of information. GDPR, which came into force last year, was pivotal in that companies must now proactively identify and address vulnerabilities to avoid fines. The regulations have already resulted in two massive fines: £99m for hotel chain Marriott International and £183m for British Airways.

These penalties created shockwaves and prompted organisations to boost cybersecurity spending plans significantly: 77 per cent of companies plan to invest over $500,000, according to PwC.

Finding opportunities

A good way to start assessing cybersecurity investment opportunities is to look at the biggest evolving threats, how companies are responding, and the investment gaps. In 2018, an average organisation experienced 145 security breaches, costing $13m, according to research by the Ponemon Institute and Accenture’s.

They found that malware was the most expensive attack type, costing $2.6m annually for organisations – up 11 per cent over the year. Malicious insider attacks increased by 15 per cent to $1.6 million a year.

Security intelligence and threat-sharing applications are saving companies the most money.

Companies are boosting defences by spending more on discovery and containment, as opposed to recovery and investigation. Security intelligence and threat-sharing applications are saving them the most money ($2.26m), and 67 per cent of respondents to the research use these. Automation, artificial intelligence and machine learning are the next biggest savers ($2.09m) but only 38 per cent of organisations use them. This makes it an interesting area for investors, especially as these technologies could start addressing staff shortages by supplementing skills and capabilities.

Forensic cyber and user behaviour analytics also save costs ($1.72m). However, only 32 per cent of organisations use them. Wider adoption could help companies save more, so this is another area to consider. The largest corporate spend has been on advanced perimeter controls – but these applications also save companies a healthy $1.2m. With exponential growth in the internet of things, organisations must maintain their advance perimeter controls.

Sector analysis

Investors should also consider which sectors and geographies could benefit from improved cybersecurity. Plummeting equity markets have distracted investors from the increase in debilitating cyberattacks on US cities. Although cities are already among the biggest spenders on cybersecurity – alongside banks, manufacturers, professional services and telecommunications firms – they will need to invest billions in boosting their security, and any company involved could benefit greatly.

Two-thirds of global security spend is likely to be in the US and Europe, but the highest growth will be in China, Asia/Pacific, and Latin America. Chinese investment will be particularly strong as it builds a security infrastructure around its ambitious technology plans.

Now is the time for investors to take advantage.

In terms of companies, the FactSet cybersecurity Index shows the kind of firms that have been successful to date. To take just two examples, Palo Alto Networks is a leading firewall and automated security network provider; and Check Point Software Technology provides cutting-edge technologies such as advanced network threat protection and next-generation firewalls. Deeper research can also help find promising start-ups.

This trend is not going away, so now is the time for investors to take advantage.

For more specific information on investing in cybersecurity, read our October 2019 investment update or speak to your Dolfin relationship manager.