Three ways to invest in cyber security
Last Friday, the WannaCry ransomware virus struck. Its penetration technique was old-fashioned but, as the technology used by organisations such as the NHS, FedEx, Renault, Telefonica, the German railway and the Russian interior ministry seems to have been equally as outdated, its impact has been significant.
Cyber attacks are not new but they are increasing at quite a rate. In a survey last year of more than 10,000 industry participants, PricewaterhouseCoopers (PwC) found that there were an estimated 59 million cyber security incidents globally in 2015, representing a 38% increase from the previous year*. At the same time, the average cost of a cyber attack to an organisation is on the rise.
Where hacking was once about curiosity and thrill, today it can be big business. And with the increase in internet-connected devices, and more and more confidential and personal information stored in the digital space, cyber risk is a key concern for companies.
The investment opportunities in this area are diverse and interesting. While you may initially think of new technologies, there are also socially responsible investing and insurance aspects to consider.
Socially responsible investing
EdenTree, a pioneer of socially responsible investing, says that assessing and mitigating potential financial losses from a data breach should be a top risk-management priority. They believe that investors have a role to play in asking tough questions of companies around cyber resilience and the resources they employ to respond to it.
An expanding and increasingly complex digital economy, combined with heightened levels of government and company board oversight, should drive further growth in investments for security technologies and services, in their view.
An example of one such company held in Elite Rated EdenTree Amity UK is NCC Group. Headquartered in Manchester, it is the largest player globally for storing software source code for critical applications to ensure business continuity. It also boasts the world’s largest team of ethical hackers, who are hired out to companies to find vulnerabilities in their cyber defences.
New technology
According to Jeremy Gleeson, manager of Elite Rated AXA Framlington Global Technology fund, more regulated industries, such as financial services and healthcare, have historically invested heavily in their cyber security, with the big banks and drug companies being some of the biggest spenders in these kinds of security measures. He believes that, as other industries become increasingly digital, they‘ll need similar protections and this is where we could see real investment opportunities.
He commented: “When it comes to diversity across size and geographies, we see many of the ‘best of breed’ IT security firms coming from the US and Israel. This ranges from smaller companies to $100 bn+ companies such as Cisco, thus the sector has a broad base in terms of market cap and geography but also in revenue growth and opportunities.
“We have invested in cyber security firms for a very long time and currently have around 8% of the fund in these types of company. An example of a holding is Proof Point, an enterprise software business whose products include cyber security tools that help prevent malicious email and web-based attacks. The company’s shares went up by 8% the Monday after the WannaCry attack. “Other key stocks in the portfolio include Palo Alto Networks [also liked by EdenTree], which provides a wide suite of enterprise-level next-generation firewalls with a diverse range of security features and Cisco, which covers a wide range of enterprise class security.”
Global insurance
Cyber coverage is also an emerging area of growth for insurance providers with PwC estimating that the gross written premiums in the cyber insurance market could rise from $2.5 bn per annum currently to $7.5 bn by 2020*. This growth is likely to be driven not only by insureds seeking breach damage containment but also by strong appetite among insurers to provide cyber insurance writings.
However, as EdenTree point out, although this new area of business provides opportunities for insurers to enhance profitability, it also poses significant challenges. The rapidly evolving cyber security landscape, limited amount of actuarial data on the scale and financial impact of cyber attacks makes this a difficult risk to evaluate and price with precision.
The managers of Elite Rated Polar Capital Global Insurance fund have taken a significant interest in this area as it has developed, meeting with cyber underwriters in Lloyds and discussing the risks with management teams.
Cyber insurance has actually been written in one form or other since the early 1990s but the market has grown materially since 2010 driven by increased legislation, corporate awareness and prominent losses among companies such as Target, Sony, JPMorgan and Home Depot.
According to Polar Capital, penetration rates are still very low, with less than a quarter of the largest companies in the US, the most advanced cyber market, purchasing any kind of coverage. Penetration rates then further drop off rapidly in mid-size and smaller companies at less than 10%. 2016 was a big year for growth in the cyber market and Polar Capital believes the recent WannaCry attack is likely to further drive demand for the product.
If you are concerned about cyber security, information about personal online security for you, your business or your family is available at the UK Government website CyberAware.
*PwC (2016) The Global State of Information Security Survey 2016 – Turnaround and transformation in cybersecurity