← Back to Sidekick
Market Pulse
Monday, September 25, 2023

Decoding Cybersecurity Investments

Welcome to this week’s Market Pulse, your 5 minute update on key market news and events, with takeaways and insights from the Sidekick Investment Team.

In this week’s edition we have 3 interconnected stories focused on cybersecurity:

  1. The $150 billion solution for an $8 trillion problem
  2. A stock-picking sector
  3. From passwords to patterns: behavioural biometrics

Read the full Market Pulse below, or if you want to access it on the go, download the Sidekick app.

Adrian (Portfolio Manager), and the rest of the Sidekick team.

It’s important to note that the content of this Market Pulse is based on current public information which we consider to be reliable and accurate. It represents Sidekick’s view only and does not represent investment advice - investors should not take decisions to trade based on this information.


Decoding Cybersecurity Investments

Last week, Cisco announced it is buying Splunk for $28 billion in cash. This is its largest acquisition ever, accounting for over 10% of the company’s market value. While investor’s reaction to the announcement has been akin to a collective shrug (Cisco shares fell 4% on Thursday), the news has given us the opportunity to revisit cybersecurity. The megatrend is popular among investors, but it's also a challenging one. We explain why.

1) The $150 billion solution for an $8 trillion problem

Imagine measuring cybercrime as if it were a country's economy. If we did that, it would rank as the third-largest economy globally, just behind the United States and China. In 2023, it's predicted to cause a staggering $8 trillion in damages, which is expected to grow by 15% annually until 2025[1].

To put this into perspective, these cybercrimes exceed the economic impact of natural disasters[2] and outstrip the combined profits generated by the global trade of all major illegal drugs[3]. Undoubtedly, this represents one of the most significant wealth transfers in economic history.

Currently, the solution to this $8 trillion problem comes in the form of a $150 billion cybersecurity industry. However, the potential market for cybersecurity solutions is estimated to be between $1.5 and $2 trillion, presenting a 10x growth opportunity[4].

That opportunity has investors excited about cybersecurity software. While this could be the highest growth software sub-sector over the next five years, it is also among the most difficult to generate an outperforming investment return if recent history is an indication.

2) A stock-picking sector

One might naturally assume that, given the impressive figures mentioned above and the significant boost to digitalisation brought about by COVID-19, the cybersecurity sector would be thriving. However, that doesn't seem to be the case. Collectively, the industry has struggled to surpass the performance of the S&P 500, let alone its counterparts in the software industry.

This is evident when we examine the Hack Index[5], the first ETF designed to offer access to companies specialising in cybersecurity solutions:

How is it possible that a sector with such high growth potential, arguably one of the most promising in the software industry, lags behind all its peers in terms of investment returns?

Cybersecurity solutions help companies defend against threats from malicious actors outside their systems. These bad actors are determined and drive ongoing innovation in response. As a result, the types of security risks that customers need protection from are constantly changing. For example, in the top-10 web application security risks, the main vulnerabilities shifted between 2017 and 2021, with three new issues emerging [6].

The challenge here is that the vendors who are well-equipped to address these threats are often different. Even when existing vendors have the capability, they might need to expand their products. This development time can create opportunities for new entrants, making it harder for existing vendors to grow due to increased competition.

Thus, a potential explanation for cybersecurity’s underperformance is that the constantly changing landscape allows only a few companies to achieve lasting and consistent growth.

When we assess the various publicly traded players in the cybersecurity field, we find that a small group of companies generated nearly 90% of the returns in the sector over the last seven years. This highlights the risks of taking a "blind sweep approach" to investing in cybersecurity

But despite the challenges, certain characteristics may help us identify long-term winners. For example, platform-based solutions help CISOs (Chief Information Security Officers) save time and money while supporting understaffed teams[11]. In addition, since large enterprises typically work with over 100 cybersecurity providers[7], platform-based solutions simplify their client’s operations while protecting them from competition.

The sector is too enticing to overlook, and we're busy looking for who the long-term winners are, as there could be potential for outsized returns.

3) From passwords to patterns: behavioural biometrics

With the rapid advancement of AI, biometrics is becoming increasingly important. Captcha tests, which have been used to protect against bots, are becoming less effective as bots have gotten better at solving them[8]. This raises concerns about the security of biometric data and the risk of spoofing, especially with the rise of generative AI and deepfake technology[9].

To address these challenges, behavioural biometrics has emerged as a solution. This technology analyses unique patterns in human activities, such as how someone walks or types, to identify individuals. Unlike traditional methods that rely on data collection, behavioural biometrics continuously authenticate users based on their activity patterns during a session.

Behavioural biometrics can be used for access control, preventing account takeover, detecting scams, and identifying money laundering. While the current market is valued at around $1 billion, it is expected to grow by approximately 25% annually over the next decade, reaching nearly $9.5 billion [10].

The growth is significant, albeit from a low base. But again, it shows the importance of a new and emerging technology and the challenges of finding one security solution that fits all. Given the persistent threat of bad actors seeking to disrupt the industry, it becomes crucial that cybersecurity companies proactively innovate and reinvent themselves to offer effective solutions.


Notices

Sidekick is not yet regulated but has applied to the FCA for authorisation to operate. Prior to Sidekick becoming fully authorised, none of the information provided is intended as an invitation or inducement to apply for any Sidekick product or service.

Please remember, investing should be viewed as longer term. When we launch, your capital will be at risk — the value of investments can go up and down, and you may get back less than you put in.


References

[1] https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assets/resourcefiles/2022-Official-Cybercrime-Report.pdf

[2] https://ourworldindata.org/grapher/damage-costs-from-natural-disasters?time=1980..2022

[3] https://press.un.org/en/1997/19970624.socnar.764.html

[4] https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/new-survey-reveals-2-trillion-dollar-market-opportunity-for-cybersecurity-technology-and-service-providers

[5] https://etfmg.com/funds/hack/

[6] https://owasp.org/www-project-top-ten/

[7] https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-unsolved-opportunities-for-cybersecurity-providers

[8] https://arxiv.org/pdf/2307.12108.pdf

[9] https://www.economist.com/biometrics-pod

[10] https://www.globenewswire.com/news-release/2023/08/03/2718137/0/en/Global-Behavioral-Biometrics-Market-Envisaged-to-Reach-USD-9-345-99-Million-by-2032-at-CAGR-of-25-10-Polaris-Market-Research.html

[11] https://cybersecurityventures.com/jobs/#:~:text=%E2%80%9CWe%20expect%20brisk%20hiring%20in,also%20shoulder%20a%20security%20burden

Sidekick Money Ltd is a company registered in England and Wales (No. 13882980). Sidekick Money Ltd is authorised and regulated by the Financial Conduct Authority (FRN 984829). Our address is 21-33 Great Eastern St, London, EC2A 3EJ.

Payment and e-money services (Non MIFID related products) are provided by The Currency Cloud Limited. Registered in England No. 06323311. Registered Office: Stewardship Building 1st Floor, 12 Steward Street London E1 6FQ. The Currency Cloud Limited is authorized by the Financial Conduct Authority under the Electronic Money Regulations 2011 for the issuing of electronic money (FRN: 900199)

Sidekick Money Ltd also provides investment management and lending services. These are separate and unrelated to the account and payment services you receive from The Currency Cloud Limited.