This week, the Australian Signals Directorate (ASD) released its Annual Cyber Threat Report 2024-2025, highlighting the urgent demand for cyber security solutions in a world increasingly mired by rising geopolitical tensions.
The report underscored the persistent nature of online threats and the sector’s continued relevance in a changing global landscape – particularly from an Australian perspective.
As an early and substantial adopter of digital technology, the report outlined that Australia “remains an attractive target for criminal and state-sponsored cyber actors”.
Among other examples, the report found the ASD’s Australian Cyber Security Centre had experienced a significant increase in notifications to entities regarding potentially malicious cyber activity. In FY2024–25, these notifications rose by 83 per cent from the previous year – exceeding 1,700 instances.
On the back of these findings, Hugh Lam, Betashares investment strategist, has reiterated cyber security as a key and enduring investment theme. The sector has established itself as a significant investment theme for some time now, attracting private equity investors and demonstrating strong exchange-traded fund (ETF) performance in recent months.
Discussing the report, Lam pointed to several major cyber attacks in Australia in recent years, with one notable example being the 2022 Optus data breach, which impacted up to 10 million customers.
In recent days, hackers also attacked Qantas, releasing customer data onto the dark web, while Ansell also experienced a significant data breach just this week.
Beyond these blue-chip companies, the report outlined that individuals and small businesses can be particularly vulnerable to the risk of cyber attacks due to inadequate security systems and, in some cases, a lack of education regarding cyber security.
In response, governments globally have been increasing resources to combat cyber incidents and safeguard national integrity.
As a whole, global cyber security spending is now projected to reach US$377 billion by 2028, with sustained double-digit growth rates, according to the International Data Corporation. Notably, NATO members recently committed to investing 5 per cent of gross domestic product annually on core defence requirements and defence and security-related spending by 2035.
When the hike in spending was first proposed earlier this year, Billy Leung, senior investment strategist at Global X, identified cyber security ETFs as being potential “standout beneficiaries”.
“Cyber security remains one of the few sectors within global software that continues to deliver positive earnings revisions, supported by stable fundamentals and consistent demand,” Leung told InvestorDaily at the time.
Now, Lam has pointed to the success of Betashares Global Cybersecurity ETF (ASX: HACK), which seeks to provide investors “pure-play exposure” to the theme through incumbent leaders such as CrowdStrike and Palo Alto, as a prime example.
As of 14 October, HACK has so far received $152 million in net flows this year and now sits at $1.4 billion in funds under management, according to data from the firm.
Returning over 34 per cent over the last 12 months to the end of September, it is now one of the largest thematic ETFs listed on the ASX.
At the same time, cyber security ETFs in particular are not foolproof, with July seeing Global X’s Cybersecurity ETF (ASX: BUGG) become one of the worst-performing ETFs that month – declining by 4.73 per cent following an 8.2 per cent surge over the six months to June.
Speaking to InvestorDaily at the time, Leung noted that cyber security companies, as opposed to defence companies, are “more exposed to corporate IT spending, which can be cyclical and recently under pressure”.
However, Lam concluded that in addition to significant spending projections for the sector, it is arguably “highly defensive in nature”.
This observation is supported by a Morgan Stanley survey, where chief information officers identified cyber security as the category least likely to face cuts during an economic downturn.
