Cybersecurity: A potentially vast investment opportunity as technology evolves

Key points:

• The cybersecurity market is predicted to grow significantly, as organisations need to protect themselves from sophisticated threats
• Spending on cybersecurity is likely to be resilient even in an economic downturn
• Other types of ‘Software as a Service’ also have strong revenue traction and are likely to grow further as digitalisation continues

When companies are the victim of cyberattacks, the headlines often focus on data loss – customers’ personal information that is compromised – or a systems outage, where websites crash on the back of an artificial surge in traffic.

While this can leave consumers worried about what will happen to their data, or unable to access services, this is just the tip of the iceberg where cyberattacks and cybersecurity are concerned.

Companies can face a range of problems – and costs – including data recovery, loss of business, remediation and fines, as well as a longer-term impact on brand and reputation. In addition, geopolitical tensions can lead to cyberattacks on governments and government agencies, often for the purpose of espionage or to cause widespread disruption.

Some of the most well-known and damaging viruses since the turn of the century were so-called ‘worms’ like Mydoom, which affected Microsoft Windows and became the fastest-spreading e-mail worm ever, which sent consumers scrambling for anti-virus protection software.¹

And then there have been incidents such as in 2011, when the PlayStation network was hacked – some 77 million accounts were impacted and Sony had to shut its network for 23 days, costing the firm an estimated $171m.²

Internet service provider Yahoo suffered three data breaches between 2013 and 2016, affecting around three billion accounts, resulting in a $117.5m settlement and its subsequent owner Verizon agreeing to increase its spend on information security fivefold.³

Governments have also been hit by cyberattacks.⁴ The 2017 NotPetya ransomware attack targeted Ukraine’s administration as well as its financial institutions and energy network, which in turn caused significant financial damage to global companies with offices in Ukraine.⁵

When cyberattacks were less prevalent, the industry arguably received less attention but today, businesses cannot afford to be nonchalant over such digital threats. Every type of business entity, from consumer services and entertainment groups to banks, pension funds and the wider financial services industry, needs to ensure it has robust cyber protection.

Overall, damage from cyberattacks is expected to amount to $10.5trn annually by 2025 – a 300% increase from 2015 levels.⁶ Companies and organisations – including governments - are taking cybersecurity very seriously, as they seek to protect themselves from more frequent and more sophisticated attacks.

Strong revenue streams

The global cybersecurity market was valued at $154bn in 2022 and is expected to grow to $425bn by 2030.⁷ However, the total potential opportunity could be as much as $2trn, according to one analysis⁸ - as companies do not always adopt sufficient levels of products and services, while the current solutions available do not all meet the ever-evolving needs of customers.

Enterprise-level cybersecurity firms such as Palo Alto Networks and CyberArk offer year-round services ranging from vulnerability assessment to managed security services and even damage control consulting if the worst happens.

It’s not enough to install a firewall – many companies participate in real-time simulations of cyberattacks, constantly update their processes, and invest a significant amount in training employees, who are the first line of defence – and potentially the entry-point for a virus via a phishing email.

Even a small business could be a target for its systems, data or customer information – and the risk of underestimating the importance of cybersecurity, and underinvestment in that area, could leave a company as the equivalent of the only house in the street without a burglar alarm – and an unlocked door.

That is why even in a more difficult economic environment, cybersecurity budgets tend to be more resilient, as customers prioritise digital transformation – and the need for digital protection. ⁹ This is why we expect potentially strong long-term earnings growth and relatively low volatility in the cybersecurity-related tech sector.

Image

Cloud-based efficiencies

A lack of in-house skills and the scale of investment needed to keep up with the changing cyber risk landscape – as cybersecurity must keep up with technological innovation - are among the reasons why many companies turn to third-party providers, buying in cybersecurity as software as a service (SaaS).

Spending on all cloud-application SaaS by end-users is expected to increase from $167.3bn in 2022 to $232.3bn in 2024, according to Gartner.¹⁰

SaaS is a model where applications are usually provided to end-users via the cloud, running on a subscription-fee basis. This means visibility of revenue streams and potentially less volatility in earnings that is attractive for investors.

As well as cybersecurity, other types of SaaS products include customer relationship management, workflow automation to improve efficiency and corporate management solutions such as bringing together human resources and finance systems.

For example, as companies expand and become multi-national, with employees in different regions and different working patterns (something we have seen even more of post-pandemic), payroll processing is becoming more complicated, and this is where providers like Workday can help.

Many SaaS companies are also continuing to demonstrate growth even in a challenging economic environment. For example, ServiceNow, which allows companies to manage their IT service requests, grew revenues by 23% in the second quarter of this year compared to the year before¹¹ .

The way these services are delivered is key to their growth. In the past companies had to buy licences, typically for a certain number of devices and a certain number of people for a fixed period. They also had to buy the hardware to run the software on, hire employees or pay consultants to deploy it and integrate it with existing systems – which could take many months before the new system was up and running.

Now, with SaaS, businesses can access new software products instantly and be using them in a matter of hours. This has cost efficiency benefits and means smaller companies have easier access to the latest software, which in the past may have been something that only large enterprises could justify investing in – also giving SaaS providers a broader base of potential customers.

It also means that when updates are released, all users have access to the latest version – whereas in the past, businesses may only undertake a software upgrade several months or even years after it went onto the market.

Supported by strong underlying trends

We see potential long-term opportunities within SaaS as companies look for efficiencies and embrace digitalisation, with this underlying structural trend supporting tech companies in this space.

With its potential for scalability, repeated revenue streams and an ever-growing market of potential customers, we see good scope for potential growth in this sector.

And as more and more companies embrace new innovations, such as artificial intelligence and the metaverse, this can bring new challenges both operationally and in terms of potential cyber threats. As a result, we expect areas like cybersecurity and SaaS more broadly to become even more important over the coming years.

References to companies are for illustrative purposes only and should not be viewed as investment recommendations.