Written by Rahul Bhushan, co-founder of Rize ETF
By now, we’re all aware of the considerable investment opportunities that have emerged alongside the internet: e-commerce, cryptocurrency, social media – the list goes on.
But where these (arguably) more positive aspects of the online world tend to court the lion’s share of attention, the investment proposition indirectly offered by one of its more objectively ‘dark’ sides is often overlooked.
The reality is, by next year, there will be three times more networked devices worldwide than humans, according to a report from Cisco.1 And as this ‘surface area’ of global connectivity continues to increase, so too do the opportunities for cybercrime.
In fact, according to online security company Surfshark, UK victims of cybercrime have increased 17 times over in the past two decades.2 Meanwhile, figures from Bitkom Research released earlier this year found that cyber-attacks now impact an astonishing 90% of companies.
Increasingly pervasive attacks
It’s not just the number of attacks, either. It’s also the type. The public perception of cybercrime may be wedded in early 90s films like “Hackers”. But while these code-based attacks on corporates no doubt still exist, the reality is that the cybercrime sector as a whole is now more sophisticated.
Perhaps most worryingly, individuals themselves are more at risk than ever, with their personal data and even their personal safety being targeted.
In 2022 alone, cyber-attacks on InterContinental Group3, Uber4, and Optus5 have compromised customer data. Likewise, it was only August this year when a ransomware group was alleged to have threatened to change the composition of some 1.6 million individuals’ water supplies during an extortion attempt.6
This is an extreme example. Not to mention the fact that the validity of the claim was disputed by South Staffordshire Water, the victim of the attack. But what all of these points serve to demonstrate is that cybercrime is no longer something that happens to someone else, or to big businesses only.
The regulatory response
As a result, regulators are stepping in to ensure firms take adequate steps to guard themselves and their customers online. Just last month, the European Union unveiled a new “Cyber Resilience Act”, which introduces mandatory cybersecurity requirements to protect consumers and businesses from products with digital elements throughout their whole lifecycle.7
As our lives are conducted via more and more digital touchpoints, it seems likely the requirement – both from regulators and customers – for adequate cybersecurity measures will continue to grow too. In line with this, spending will have to increase significantly from today’s levels.
For context, a recent survey by KPMG discovered that 40% of UK CEOs believe a cyber-attack on their company is inevitable.8 That’s despite the fact that investment in UK cybersecurity companies surpassed a record £1 billion in 2021 – an increase of 25% on the previous year.9
A wave of expenditure should be approaching the global cybersecurity sector over the coming years. And it’ll be the quality providers best equipped to meet both the growing quantity and growing diversity of demand who will be best placed to benefit.
We’re already seeing a swell in cybersecurity M&A as some of the sector’s larger constituents leverage their bountiful resources to shore up their offerings in preparation for growth. Perhaps the most high-profile example recently was Google’s acquisition of Madiant in September for $5.4 billion.
Likewise, we are seeing prominent private equity players rush to secure cybersecurity exposure. Both Thoma Bravo10 and Turn/River Capital11 recently completed multi-billion acquisitions of innovative smaller players in the space.
The threat of cybercrime is only becoming more prevalent and that means the cybersecurity sector is rising to meet the challenge. This clearly presents an interesting investment opportunity and one which doesn’t appear to show any signs of slowing down.