Back in 2012, FBI Director Robert Mueller made a great point…

There are only two types of companies: those that have been hacked and those that will be.

Interestingly, Mr. Mueller didn’t mention individuals, referring instead to “companies.” The fact is, though, that individuals play a much more important role than organizations when it comes to cybersecurity.

In a recent conversation about the issue, my brother also made a great point. He said that our usage of the Internet and online services and apps is now 20 years ahead of where anyone would have expected at the turn of the century while our understanding of cybersecurity is 10 years behind.

We really like to invest in secular trends. Secular trends differ from normal trends in that they grow consistently as a result of some fundamental, long-term change in market conditions.

Normal trends tend to be temporary and, therefore, problematic for long-term investment. Secular trends tend to include the 1,000x winners, such as Amazon, Microsoft, and Apple.

There are a few ways to identify a secular trend, including consistent total addressable market (TAM) growth and association with other secular trends (for instance, e-commerce is benefitting from a secular trend toward increased security for online transactions). Notably, a secular trend often disrupts a previous state or norm; an example is the trend from physical security locks, house cams, and firearms toward antivirus and ransomware protection.

Three Reasons to Expect Continued Growth in the Cybersecurity Sector

Here are three reasons:

1. Security standards have not caught up with the fact that people are living increasingly digital lives.

If you were online in the early 2000s, you maybe popped in once or twice a day, checked your email, watched a few funny videos, visited a chat room, and that was it. You didn’t really need much security because you weren’t inputting anything sensitive.

How many cyberattacks did you hear about back then?

Hardly any, because hackers had no incentive to target individuals and were more inclined to hack government sites for the challenge. That was it; there was no money and no data worth targeting.

Today, by contrast, people are doing their taxes online, signing mortgage applications through email, and participating in live therapy sessions using conference platforms. There is a great deal of sensitive information on the Internet now, and a significant portion of it is hacked daily. In just the past two years, the email services of companies such as Microsoft (which is used by the US government) have been hacked, and there have been other major cybersecurity breaches of SolarWinds, Twitter (the account of the company’s CEO was even compromised), and Zoom (which has been the big benefactor of the Covid pandemic).

Since many of these companies are in the tech field, you might expect better security, but clearly this has not been the case.

The scary part is that many government systems have even less security, including water supplies, gas pipelines, and local government services. As a result, there is a pressing need for further investment in cybersecurity by corporations and government agencies. Customers are unlikely to trust firms that are repeatedly hacked. Do you want to change your Microsoft password every two months or worry about your private emails getting seen by someone else?

2. Transactions, money, and assets are increasingly digital.

We talked about what the Internet was like at the turn of the century. Just think: who actually had their credit card saved online then?

No one did, except for a few people with Amazon accounts. Now, you can probably count at least four or five services or companies that have your physical address and your credit card information on file. Online banking is increasingly the main way in which people around the world handle their finances. This means that trillions of dollars, pounds, euros, and yen are located and accessed digitally—giving hackers a point of entry and more incentive than ever before to target companies.

People are now trading stocks on their phones with apps such as Robinhood, El Toro, and Wealthsimple. And then there’s cryptocurrency, which represents another step in digitalization. If crypto becomes the norm, you will need even more security because your money will have no physical security unless you are using USBs.

These circumstances are great for cybersecurity firms because all of the world’s wealth is taking a digital form, and corporations will go to any lengths to protect themselves and their customers. This trend is still in its early stages, and many companies have not yet realized how weak their security protocols are.

3. The TAM for cybersecurity is growing by double-digits, and this trend is predicted to accelerate.

In a recent survey of 5,050 CEOs of large companies around the world, cybersecurity was the area that most identified as the main target for investment in their firms. Business leaders are recognizing the importance of an effective security system for protecting their customers’ data and, in turn, their own reputations. This coming wave of investment is only the beginning, for CEOs have neglected cybersecurity for years, dealing with it in the limited context of IT. The cybersecurity firm Secure Anchor has done research indicating that the TAM for the sector will increase to $192 billion in 2021 from $167 billion in 2020, which is the double-digit growth that we are looking for from year to year as an indicator that this trend is indeed robust.

Here is a quick comparison of the coverage of the Colonial Pipeline cyberattack with the coverage of 9/11 in two major US newspapers.

As you can see, the pipeline hack received considerably less coverage. This is only a rough comparison, but you get the point: the cyber threat is real and it is here.

Now that the reasons for the coming increase in cybersecurity spending are clear, it is also clear that this is a good time to invest in the sector.

There are two main ways to do so.

On the one hand, you could do technical research on the individual cybersecurity companies. Normally, to assess the complex software involved, some technical expertise is necessary. For instance, it’s important to know how to distinguish end-point security, cloud security, mid-point security, and ransomware detection. You need at least some familiarity with the various aspects of the field to understand the issues involved and do the work of comparing the various companies, going through the reviews, company histories, and records of the CEOs. That’s a lot of effort.

On the other hand, you can invest in secular trends without this specific knowledge by targeting the obvious leaders in the sector—in this case, $ZS, $CRWD, and $OKTA—and/or putting your money in a cybersecurity exchange-traded fund (ETF). The leading firms offer relatively more in the way of risk/reward, but you should consider your options.

We recommend investing in an ETF.

We have gone through numerous cybersecurity ETFs and found that $BUG (Global X Cybersecurity ETF) is the most promising because of its holdings.

Other ETFs tend to include companies that aren’t necessarily focused on cybersecurity, such as Cisco or Microsoft.

Our preference is for funds that include only companies that make at least half of their total revenue from cybersecurity-related products and services—which is exactly what $BUG offers.

***Disclaimer: Nothing you read in this article is in any way, shape or form to be construed as investment advice. ExDiogenesResearch may hold positions in any/all names mentioned during the writing of this piece. This is not investment advice and investors should always conduct personal due diligence before investing in any security. Past performance of any funds mentioned are not indicative of future returns.***