The cybersecurity market is expected to reach around $350 billion by 2029, according to Global X.
As increasing reliance on digital ecosystems leaves individuals, businesses and governments vulnerable to exponentially increasing cyber threats, investment strategist Billy Leung has highlighted the growing appeal of this megatrend.
However, until now, semiconductors and hardware have largely supported technology market dominance – software, on the other hand, has lagged global indices.
“After a year or two of outperformance in the technology sector, I think right now there might be an opportunistic rotation into the laggards, which is software,” he said, with cybersecurity representing a significant share of this market.
Global X’s cybersecurity ETF, BUGG, has returned 32.9% over the past 12 months.
Launching the ETF, Chief Executive Officer Evan Metcalf said cybersecurity is a matter of personal, organizational and national security.
“Australians saw first-hand during the major data breaches at Medibank and Optus how devastating cyberattacks and hacking can be,” Metcalf said.
And now that global economies are moving toward, or appear to be moving toward, a lower interest rate environment, Leung believes this theme is poised to gain further traction.
“What we’ve seen empirically and historically is that it’s actually beneficial for companies with more consistent earnings. If you look at software names, they generally have much more consistent revenue, mainly because a lot of their revenue is recurring.
Additionally, cybersecurity will likely remain insulated from growing geopolitical risks.
“When there are tariffs or trade wars, that’s a segment that’s not involved… there are no tariffs, there are no sanctions on software.” , Leung said.
“These mainly benefit from local, even national, growth in the United States. So it’s something that’s going to be very resistant to geopolitics and American politics.”
But beyond the macro view, Leung believes that the growing awareness of the role that cybersecurity plays in our society makes a compelling argument in itself.
So, of the five largest security breaches in history, based on estimated financial damage, three of them occurred in the last three years, according to Global X data.
“We are seeing more and more breaches and bigger breaches, so I think there is a growing awareness,” Leung said, adding that the increase in data traffic and activity coming from the E-commerce and social media exacerbate the risk.
He noted that the timing is particularly opportune for the cybersecurity sector, as it is about to undergo a “refresh cycle.” Just as mobile devices need to be replaced every few years, says the investment strategist, cybersecurity software also requires regular updates.
“We are now entering a period of, or about to enter, a refresh or replacement cycle, and that’s where the key players are generally going to benefit.
“I’m looking at Authonet, CrowdStrike, Checkpoints at Palo Alto — that’s the long-term theme,” Leung said.
Approaching the “tipping point”
Earlier this year, Leung explained that the cumulative impact of many small incidents and breakthrough innovations is poised to catalyze substantial growth in cybersecurity, creating a “thousandth paper cut” effect.
“What is happening now is a lack of awareness or inaction, whether on the business side or on the investor side. These are global numbers, but in terms of ransomware attacks, they have actually increased by 70% in 2023 and this is one of the highest growths in the past,” he said in July.
“If you look at the average cost of each cybersecurity breach, it has actually increased from $3 million per breach to over $4 million over the last eight years, and despite all of that, global cybersecurity spending cybersecurity remained at around 6%. of total IT spending.
In this context, Leung believes that companies are quickly approaching the “tipping point” before starting to invest in this booming technology trend.
“I always say that, especially when it comes to themes and innovation, we are waiting for the thousandth paper cut. A paper cut doesn’t hurt, but when you get a thousandth of a paper cut, it’s really going to start hurting,” he said.
Investments in cybersecurity are also being politically influenced, he noted, with the U.S. Securities and Exchange Commission now requiring public companies to disclose significant cybersecurity incidents they experience and, on a annually, important information regarding their cybersecurity risk management. , strategy and governance.
“I think this is a very important step in terms of promoting and encouraging companies to spend more on cybersecurity.”