Picture the scene. A quirky computer geek frantically jabs at a keyboard through fingerless gloves. Code streams down the screen at a rate of knots.
If you grew up in the 90s this is the Hollywood hacking scene you’ll recognise in an instant. But the world has moved on since then and so has the sophistication of cybercrime.
The US Justice Department said it recently seized around $2.3m in Bitcoin paid as ransom to DarkSide, a criminal hacking group.
Unfortunately, the recovery is a rare outcome amid a boom in corporate ransomware attacks hitting firms where they are often weakest.
Joseph Blount, boss of the affected Colonial Pipeline, said the company complied with the $4.4m demand because they simply had no idea of the extent of the intrusion and how long it would take to restore operations.
Demand for robust security software in this new digital era is stronger than ever, especially after a year that has seen us stretch our networks across the country and away from the office.
Making sure we aren’t vulnerable to the rise in online attacks has prompted a wave of spending on fortifying online defences and cybersecurity stocks have largely benefited.
With global spending on cybersecurity expected to exceed $120bn in 2021, and the need to be proactive in readying defences before any threat presents itself, the sector could well see a sustained level of attention from corporates long after the pandemic is over.
There is a wide range of UK and US shares in the cybersecurity sector available on Freetrade. From stalwart internet security firms to identity authentication to cloud protection and maintenance.
The spectrum highlights why it’s not just a case of established firms shifting a contract out to one singular service provider and patting themselves on the back.
More often than not, where one cybersecurity firm can’t put an entire shield around a company’s network, it will have to fit into a blend of software solutions with different capabilities.
That makes the cybersecurity ecosystem a lot more symbiotic, with less head-to-head competition in many circumstances. It also paves the way for firms in the space to adapt and widen their services to keep customers on board and get ahead of the other offerings out there.
Given the wealth of propositions operating in the space, investors might prefer to gain access to a readymade basket of distinct areas like cloud infrastructure and identity checking through one product.
It can be easier and less time-consuming, especially if your objective is to gain exposure to the secular growth of the whole space rather than specific companies in it.
One option is the L&G Cyber Security UCITS ETF (ISPY). Not only does it have a cracking ticker, it also gives investors access to the sector by targeting firms in two key areas.
Its ‘Infrastructure Providers’ bucket contains businesses developing hardware and software for safeguarding internal and external access to files, websites and networks. And its ‘Service Providers’ segment concentrates on firms offering consulting and secure cyber-based services to other companies.
The ETF is set up to track the ISE Cyber Security® UCITS Index and has an overwhelming tilt towards the US. With most of the world’s cybersec firms based in the States, it’s maybe unsurprising to see around 80% of the fund’s assets based across the pond.
Looking at the ETF’s most recent factsheet (as of 30 April 2021) throws up a few big names like Cloudflare, CrowdStrike and Palo Alto Networks with 57 holdings in total across the portfolio.
As at 30 April 2021. Source: L&G April fund factsheet.
Another option in the ETF space is Rize Cybersecurity & Data Privacy UCITS ETF (CYBR).
Set up in 2019, Rize focuses on thematic ETFs and launched CYBR last year, aiming to create a fund of ‘Cybersecurity 2.0’ companies according to co-founder Jason Kennard.
The outfit is no stranger to the industry, with its team coming from careers at ETF Securities and L&G Investment Management.
Part of their mission in CYBR is to provide pureplay cybersecurity exposure for investors. That might seem obvious but such is the lust for exposure to the sector that investors can often overlook the fact that it only makes up a small portion of a company’s overall revenue streams.
To construct their ETF range, which also includes funds covering medical cannabis, sustainable food and education technology, Kennard and Co. work with thematic experts to help curate a purpose-built index that captures the theme.
Looking for firms whose proposition is truly based around cybersecurity also means ruling out firms involved in controversial weaponry, according to Kennard.
While defence companies will naturally now have a cyber wing, again it may not be their real revenue driver. More broadly, Kennard says these types of firms are unlikely to satisfy the sustainable thread running through the process at Rize.
As at 31 May 2021. Source: Rize May fund factsheet.
Headline charges for the ETFs (0.75% for L&G, 0.45% for Rize) are higher than investors might be used to paying for traditional index-tracking ETFs.
A lot of thematic ETFs will charge more than their truly passive cousins.The argument here is there’s more going on behind the scenes in the active element of getting the niche index together and managing it.
So if you’re still of the opinion that all ETFs are the antidote to actively managed funds charging for research and portfolio construction, you might have to get used to that distinction looking increasingly blurry.
Whatever your view on fees, just make sure you’re getting value for money
Of course, you could opt to go for the individual stocks themselves, instead of broader ETFs.
This will of course give a more concentrated exposure to the sector but that might be what you’re looking for. You might have a specific conviction in one company and would rather keep on top of that one stock than spread yourself thinly over a range of them.
The Darktrace IPO highlighted the most recent British entrant to the market but, on the whole, this is a US-dominated sector.
Past performance is not a reliable indicator of future returns.
What do you think about the investment case for the cybersecurity sector? Let us know on the community forum: