According to Global X ETFs, cybersecurity stocks are being boosted by the proliferation of sophisticated cyberattacks and the role of artificial intelligence (AI) in creating new ways of combatting them. Business leaders increasingly see cybersecurity as a key component of digital transformation strategies.
- Global X identifies Zscaler as a leading provider of cloud-based cybersecurity services.
- Executives’ second-highest concern is loss of revenue on the back of cyberattacks, says a Deloitte survey.
- CrowdStrike and Palo Alto Networks’ share price more than doubles year-to-date.
Alex Roll, Investment Strategist at Global X ETFs, wrote in December that rising geopolitical tensions and cyber threats are tailwinds for the cybersecurity sector.
Average weekly attacks increased 8% year-over-year during the second quarter of 2023, to 1,258, according to data from Check Point Research cited by Roll.
Check Point data shows that education and research institutions saw the greatest year-over-year increase in average weekly cyberattacks globally, followed by government and military organisations.
The proliferation of such attacks will, according to Roll, “underscore the importance of enhancing security software with zero-trust offerings like secure access service edge (SASE)”. Citing research by Gartner, he suggests that this section of the cybersecurity market in particular could see growth rates that are triple the “low-double-digit expectations” for the cybersecurity market as a whole. Last year, spending on SASE architecture-based programmes accounted for approximately $6.6bn of the $96bn cybersecurity market.
Besides SASE cybersecurity firms (such as Zscaler [ZS] and Palo Alto Networks [PANW]) Roll also suggests that those offering cloud-based security will have an advantage over their competitors. In addition to Zscaler, he cites CrowdStrike [CRWD] as an example of the latter, especially given their positioning to upsell to government agencies.
The potential of generative artificial intelligence (AI) to combat cyberattacks is, for Roll, another long-term tailwind for companies that are able to incorporate it into security solutions. However, in the short term, he cautions that investment into the technology could squeeze firms’ profit margins.
Cyber’s Business Importance
Deloitte’s 2023 ‘Global Future of Cyber Survey’ found that cybersecurity is increasingly seen as a key unit in its own right by businesses, rather than a subset of the IT department, as has historically been the case.
When asked in which aspects of their business transformation cybersecurity plays a leading role, the top answers among executives were “to a medium extent” or “to a large extent”, the latter more so with regards to cloud, data analytics, 5G and IoT projects.
The report identifies five key areas of focus for businesses regarding the future of their cybersecurity strategies: multidirectional engagement, criticality to digital transformation initiatives, robust planning, appreciating and investing in talent, and a diverse ecosystem of tools and services. Notably, the fifth of these places the emphasis on ensuring that a wide array of cybersecurity measures is in place, including application security, cyber cloud, and strategies for emerging technologies (such as AI, 5G and quantum computing).
This breadth of coverage, advised for large organisations in particular, is resulting in a growing market for cybersecurity services. Statista forecasts a 10.5% CAGR for the cybersecurity industry between 2023–28, during which time it is expected to grow to $273.6bn. Average spend per employee on cyber solutions is expected to almost double, from $22.47 to $44.41 during that time.
Deloitte’s survey spoke to the practical necessity of that spending. Out of 11 possible areas of concern posed by cyberattacks, ‘loss of revenue’ was ranked second after ‘operational disruptions’, up from its place as the ninth-highest concern two years prior.
British Institutions Under Attack
An October attack on the British Library in London underscored the extent to which research institutions are increasingly targeted by cybercriminals. The attack saw library customers’ data sold to bidders on the dark web, according to the BBC.
In early December, it emerged that UK nuclear waste disposal site Sellafield had been hacked by groups linked to Russia and China in a series of breaches going back as far as 2015. According to a report by the Guardian, malware could have infiltrated the highest levels of security sensitivity at the site, potentially compromising its ability to remove waste and monitor leaks of hazardous materials.
A government response did, however, follow the Guardian’s report, claiming that it had no evidence that its systems had been hacked in the manner described, and asserting that its “robust” monitoring systems gave it confidence that no such malware exists in its system.
“All of our systems and servers have multiple layers of protection,” read the statement, which added that “critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these”.
AI in Cyber: Friend or Fraud?
CrowdStrike co-founder and CEO George Kurtz recently discussed the way in which AI boosts cybersecurity software with Jim Cramer on CNBC.
Using AI, which Kurtz says has been part of CrowdStrike’s offering since he started the company, the software can detect ransomware without having encountered it previously. “That’s different than signature-based technologies that are out there today,” he added.
According to CrowdStrike’s website, the company’s AI software is trained on trillions of security events, which in turn enables the majority of security threat detection and response to be automated.
There is, however, a flip side. Kurtz observed on CNBC that cybercriminals are able to use new generative AI tools such as FraudGPT to attack systems without requiring a great deal of prior knowledge of them.
How to Invest in Cybersecurity
Alex Roll highlighted three of the firms that are at the forefront of developing cybersecurity solutions geared towards the increasingly cloud-based, AI-driven demands of modern businesses: Palo Alto Networks, CrowdStrike, and Zscaler.
Palo Alto’s stock has gained 119% year-to-date through 13 December. CrowdStrike’s gained 136.1% over the same period, while Zscaler gained 88.3%.
More diverse exposure to cybersecurity companies can be gained through a thematic ETF. The Global X Cybersecurity ETF [BUG] tracks an index of cybersecurity companies. As of 12 November, Palo Alto, CrowdStrike and Zscaler are all among its top five holdings. BUG has gained 36.8% year-to-date.