Advertisement
Singapore markets open in 7 hours 56 minutes

  • Straits Times Index

    3,367.90
    +29.33 (+0.88%)
     

  • S&P 500

    5,481.64
    +6.55 (+0.12%)
     

  • Dow

    39,110.63
    -58.89 (-0.15%)
     

  • Nasdaq

    17,937.62
    +58.32 (+0.33%)
     

  • Bitcoin USD

    61,828.59
    -1,204.59 (-1.91%)
     

  • CMC Crypto 200

    1,309.42
    -35.09 (-2.61%)
     

  • FTSE 100

    8,121.20
    -45.56 (-0.56%)
     

  • Gold

    2,331.80
    -7.10 (-0.30%)
     

  • Crude Oil

    83.49
    +0.11 (+0.13%)
     

  • 10-Yr Bond

    4.4530
    -0.0260 (-0.58%)
     

  • Nikkei

    40,074.69
    +443.63 (+1.12%)
     

  • Hang Seng

    17,769.14
    +50.53 (+0.29%)
     

  • FTSE Bursa Malaysia

    1,597.96
    -0.24 (-0.02%)
     

  • Jakarta Composite Index

    7,125.14
    -14.48 (-0.20%)
     

  • PSE Index

    6,358.96
    -39.81 (-0.62%)
     

Cybersecurity matters

Desmond Chua & Sherman Soh
·7-min read

For patient investors focused on long-term growth, the sector is an unstoppable trend that must be included in portfolios.

Generative artificial intelligence (Gen AI) stocks have been all the rage, bearing the burden of markets weighed down by hawkish central banks. But another sector has been quietly edging upwards unnoticed, and that’s cybersecurity.

In fact, the case for the cybersecurity sector is in plain sight, but its scale is grossly under-appreciated.

The digital age has ushered in cybercrime and warfare targeting IT systems, as well as the information that is being created and shared everywhere. In a global population of 8.01 billion, an estimated 5.44 billion are unique mobile phone users, 5.16 billion are internet users, 4.76 billion are active social media users.

ADVERTISEMENT

Online data sharing is thus ubiquitous and necessary for our day-to-day activities. Banking details, health data, consumption data, even our photos and videos are not only stored on devices, but also on cost efficient on-demand virtual environments.

The International Data Corporation predicts that nearly 50% of the world’s stored data will reside in public cloud environments by 2025. More than 50 billion devices are forecasted to be connected globally in the same time frame.

Rising cybercrime in the digital age

Corporations list cyber incidents as the most critical risk globally for the second year in succession. According to an IBM report, the average cost of a data breach in 2022 was around US$4.35 million and the average time to identify a breach in 2021 was 277 days. The potential reputational damage and business erosion from such incidents are longer lasting.

In July 2018, Singapore's Ministry of Health experienced a cyberattack that resulted in unauthorized access to and exfiltration of sensitive personal information of 1.5 million patients, including names, addresses, and identity card numbers.

In November 2023, the Industrial and Commercial Bank of China’s (ICBC) US arm was breached by a ransomware attack — claimed by Lockbit — a Russian speaking hacking group. The severity of the breach broke its corporate email network and impeded its ability to settle US Treasuries with its counterparties. Lockbit claims that a ransom of an undisclosed sum was paid.

This is just the tip of the iceberg when you consider the greater cybersecurity implications on business continuity, human safety, public infrastructure security and national security.

In May 2021, Colonial Pipeline, one of the largest fuel pipeline operators in the US fell victim to a ransomware cyberattack. This caused widespread disruptions to the fuel distribution along the East Coast. States affected included Georgia, the Carolinas, Virginia, Maryland and New Jersey.

The rapid democratisation of Gen AI has brought on a new level of cyber threats. Bad actors are leveraging Gen AI to improve attack speed and capabilities. These include more personalised phishing, “artificially intelligent” malicious software and deepfake videos of high-profile politicians to spread dis-information and propaganda, influencing democratic processes and elections.

Investments in cybersecurity is therefore no longer optional, but essential in an expanding cycle of gamesmanship. Spending on cybersecurity is expected to hit US$250 billion in 2025 and quickly exceed those levels.

Citi Research’s survey of chief technology officers at large US firms indicate that spending on cybersecurity remains a top item in information technology budgets. Companies are also increasingly seeking out external cybersecurity vendors to substantially augment in-house capabilities.

Evolving cybersecurity measures to fight threats 

Cybersecurity can be visualised as the employment of various layers of security measures to protect IT systems. These layers work together to create a defence against threats. These layers include network security, endpoint security, identity and access management, application security, data security, cloud security, incident response and management, security operations centre (SOC), physical security and Internet of Things (IoT) security. Many cybersecurity providers operate across these multiple layers.

While demands on cybersecurity have expanded due to Gen AI, efficiency gains are also important to consider. Cybersecurity vendors are leveraging Gen AI to elevate their capabilities and productivity by eliminating tedious manual tasks and streamlining threat intelligence to manage growing levels of attack sophistication. There are estimates that what previously took a security analyst around eight hours to accomplish in a work week can come down to 10 minutes.

The business case for cybersecurity

We acknowledge that this sector’s volatility is not for the faint of heart. But for patient investors focused on long-term growth, the sector is an unstoppable trend that must be included in portfolios.

The cybersecurity market is expected to grow at a rate of 12.6% p.a. until 2030. This growth is therefore expected to benefit providers up and down the industry value chain. Here are two examples of companies that deliver solutions in the space.

A well-regarded mega cap name is a major force in cybersecurity. Known for its ubiquitous operating system, the company integrates security products and services into its cloud computing platform to prevent, detect, investigate and respond to threats.

The second example is a pure-play cybersecurity provider known for its endpoint solutions and its cloud-delivered platform. Its solution uses artificial intelligence and machine learning to detect and respond to malware, ransomware, and other sophisticated attacks on endpoints.

Industry benchmark

As a benchmark, one could look to the Nasdaq Cybersecurity Index (NQCYBR) launched in 2011. The index plays a vital role in providing investors with insights into the performance and trends within the cybersecurity industry.

The index has returned 38.2% since a year ago [as at mid-February], far outstripping the broader performance of the S&P 500’s (SPX) 23.3% and the tech heavy Nasdaq Composite (CCMP) return of 33.4%. As we roared into 2024, that outperformance has continued with the index delivering 2.8% and 2.4% above the SPX and CCMP respectively.

Comprising a diverse array of companies spanning across various tech industries, the index includes companies specialising in cybersecurity software, hardware, services and solutions serving as a valuable benchmark for assessing the theme’s financial health, market dynamics and investment opportunities.

Notably, cybersecurity software providers make up more than half of the index comprising firms that develop and distribute software solutions for protecting against cyber threats, including antivirus programs, firewalls, intrusion detection systems, and encryption software.

Given the complexity of the cyberspace, picking out the winners necessitates a deep understanding of the field. We recommend seeking out appropriate expertise to guide investment decisions.

Cybersecurity in portfolios

Given the significant run-up in prices of cybersecurity stocks, is it too late to participate? We think not.

In Citi’s Wealth Outlook 2024, we see cybersecurity as a high conviction potential opportunity. With geopolitical risk already heightened, the world will see heightened manipulation of news, data and images as critical 2024 elections get underway across the US, Europe, India and elsewhere.

The continued growth of AI will bring with it ever-more sophisticated tools to be weaponised for pattern recognition and decryption. Thankfully, these technologies are also available for the “good guys”, with AI being deployed to improve cyber threat detection and prevention.

Earnings growth has also been promising. [As at mid-February] Nasdaq CTA Cybersecurity delivered 36% increase in earnings per share (EPS) in 2022 and 14% earnings growth as of October 31 last year. While cybersecurity stocks prices have risen in recent months, valuations are not stretched in context of the strong earnings growth.

The changing landscape of cybersecurity demands a keen understanding of the profound implications for individuals, corporations and nations. In an age where data is hailed as the “new oil”, the gravity of cyber threats becomes all too apparent. The surge in cyber incidents underscores the urgency of investing in robust cybersecurity measures.

The investment case for cybersecurity stocks remains compelling, driven by the exponential growth in data generation, cloud adoption, and the increasing interconnectivity of devices globally. Cybersecurity is no longer a discretionary expenditure but a strategic imperative for safeguarding sensitive information, ensuring business continuity and protecting human safety.


Desmond Chua and Sherman Soh are both Citigold private client portfolio counsellors.

 

See Also: