investor daily logo

Investor interest surges as high-profile breaches propel cyber security growth

By Rhea Nath
5 minute read

With recent high-profile breaches like Ticketmaster and MediSecure dominating headlines, investors have increasingly been flocking to take advantage of the potential growth opportunity that lies in cyber security.

In 2023, the Office of the Australian Information Commissioner was notified of around 483 breaches between July to December, up from 407 breaches in January to June. Among the main sources of such data breaches were malicious or criminal attack (67 per cent), followed by human error (30 per cent), and system fault (3 per cent).

According to Betashares, amid this growing trend, its global cyber security ETF, HACK, has seen over $40 million net flows over the past year.

As at 31 May 2024, it holds some $890 million in net assets.

“As people, businesses, and governments interact more via digital means, the cyber security industry has grown significantly to ensure these interactions and associated data are safe from criminals and other bad actors,” Hugh Lam, investment strategist at Betashares, told InvestorDaily.

“In recent weeks, we’ve seen high-profile breaches of companies like Ticketmaster and MediSecure, demonstrating the constant vigilance that is required. As a result, cyber security technology has evolved to include a far greater ecosystem of products and services.”

Current projections suggest annual spending on cyber security will hit $215 billion this year, which will provide a significant earnings tailwind to leading global cyber security companies.

Particularly, the rise of generative artificial intelligence (AI) has been flagged as a challenge and an opportunity in this realm.

“If the threat of cyber attacks is increasing from AI, then by extension, companies need to develop tools backed by the same power and scale that AI provides which should provide strong structural tailwinds for constituent companies in HACK,” Lam remarked.

The fund, which launched in August 2016, has since been a “standout performer” for Betashares, he added.

“During this time, HACK delivered strong performance over the MSCI World AUD and S&P 500 benchmarks, returning 17.2 per cent per annum since inception. Clearly, it’s been a thematic offering that investors see as a long-term investment opportunity to hold within portfolios,” he said.

Moreover, strong earnings from some of the world’s largest cyber security companies that are among the fund’s holdings, including CrowdStrike, Okta, and Palo Alto, means HACK continues to trade at attractive valuations of around 23x forward price/earnings as at 30 April 2024, Lam said.

Approaching the ‘tipping point’

Similarly, a more recent cyber security offering in Australia, Global X’s cyber security ETF, BUGG, now holds around $4.2 million in assets under management since launching in September 2023.

Speaking to InvestorDaily, Global X investment strategist Billy Leung foresees this “strong thematic” to continue growing.

“What’s happening now is there’s a lack of awareness or inaction either on the corporate side or the investment side. These are global numbers, but in terms of ransomware attacks, it’s actually up 70 per cent in 2023 and this is one of the highest growths in the past,” he said.

“If you look at the average cost of each cyber security breach, it’s actually gone from $3 million per breach to over $4 million in the last eight years, and despite all this, the global spending on cyber security has maintained at around 6 per cent of total IT spending.”

In this context, he believes firms are fast approaching the “tipping point” before they begin to elevate investments to this burgeoning technology trend.

“I’m always saying that, especially with thematics and innovation, we’re waiting for the thousandth paper cut. One paper cut doesn’t hurt, but when you get that thousandth paper cut, it’s really going to start hurting,” he added.

Cyber security investment is also being influenced on the policy front, he pointed out, with the US Securities and Exchange Commission (SEC) now requiring public companies to disclose material cyber security incidents they experience and, on an annual basis, material information regarding their cyber security risk management, strategy, and governance.

“I think that’s a really big step in terms of promoting and incentivising companies to spend more on cyber security,” Leung said.

Importantly, technology thematics aren’t as linear as investing in the old economy, he remarked, which offers additional growth prospects.

“The analogy I always use is, if you invest in gold operations, you buy the mine, you buy the equipment, and the mine gets mined, it’s very linear. But if you look at the new economy and tech stocks, it’s more circular, and drives each other.

“For example, in the AI space, we have hardware chip manufacturers like Nvidia building really powerful chips for cloud software infra like Cisco and IBM, and these, in turn, drive end users like Amazon and Meta. But those end users also drive high demand for better software, so Nvidia has to build better chips every year. It’s circular and it’s very similar in cyber security,” he said.

Meanwhile, various segments of cyber security – including network security, endpoint security, identity access management, and cloud security – are offered by tech giants such as Palo Alto, CrowdStrike, Okta, and Fortinet.

By investing in wrappers like ETFs that invest in a number of such stocks, investors can achieve a variety of exposures to the cyber security thematic, Leung pointed out.

“It’s not just buy one stock and you’ll have the whole breadth of it – there’s all these companies that provide distinct services,” he said.