Cybersecurity has become a growing issue over the past decade but has experienced renewed vigour since Russia's invasion on Ukraine in February.
Western businesses have been told to brace themselves for increased attacks amid the possibility that Russia will seek to up the ante as it struggles to cope with tough economic sanctions following its ongoing assault on its neighbouring country.
But cybersecurity also offers investment opportunities as part of a wider so-called 'mega-trend' in a world that is becoming ever more digital.
Christopher Gannatti, global head of research at Wisdom Tree, speaks to FTAdviser In Focus about the developments he is observing in this space, where the investment opportunities lie, and what advisers need to know for their own business's cybersecurity.
FTA: What investment trends are you seeing around cybersecurity and what are they driven by?
CG: We see three major shifts that impact how people interact with data transmission.
One is the uptake of cloud computing. Second is the 'internet of things', meaning that it’s no longer just the phone or the laptop that connects to the internet. Third is the advent of 5G, which encourages more data transmission because of its higher speed.
Investments in cybersecurity therefore need to address each of these things.
It is not possible to pay zero attention to cybersecurity in today’s world.
FTA: How would you describe the mega-trend around cybersecurity?
CG: We have seen the terms ‘theme’ and ‘mega-trend’ used interchangeably in certain circumstances, so in some cases this depends on context.
In contexts where these are not the same, a mega-trend tends to refer to a bigger behavioural shift, but a theme might be a more concentrated component.
Within a broader mega-trend focused on how people transmit and consume data, you might have artificial intelligence, cybersecurity, the internet of things, 5G and cloud computing as underlying themes.
FTA: Covid has had a big impact on cybersecurity, but has the Ukraine conflict further shifted the parameters in this space?
CG: There have been significant hacks during the Covid-19 pandemic period, such as Solar Winds and the Colonial Pipeline.
Fear is a great motivator; if people see a negative event, they might be inspired to make an investment to lower their future risk.
Ukraine and Russia have associations with cybersecurity, so it makes sense that there is some fear and preparation centred on these concerns.
FTA: It's impossible to predict the future but it pays to spot opportunities early – what are the opportunities in this space and to what extent are they future-proof?
CG: Securing the ways in which companies and customers access their cloud computing resources is a big area of focus.
You don’t know for sure the exact companies that will do this well over the next five or 10 years, but the data would suggest the growth in this area should be there and should be strong.
FTA: What excites you most in this space as an investor?
CG: If companies expand their cybersecurity spending to something like 5-10 per cent of their cloud computing spending, it will imply massive growth for the space.
The typical business today is not spending anything close to 5-10 per cent of their cloud budget on cybersecurity.
FTA: How do you ensure you time thematic investments properly given this is a rapidly developing space?
CG: If you are thinking about the total peak today, then you are not talking about a mega-trend, in that a mega-trend is something that occurs over the space of more than 10 years.
Advisers should recognise that everyone should have a recovery strategy in place because ransomware can spread and infect almost any computer.Some years will be like 2020, where thematic investors are ecstatic, and some years will be like the start of 2022, where thematic investors might be disillusioned.
FTA: How do you screen companies in this sector, what are the risks?
CG: If you are investing in newer, less established companies, they may not yet have achieved scale in their operations. They may not yet be profitable.
We tend to look at the focus on pure-play cybersecurity and also on the capability to generate revenue growth. We don’t believe there is a way to mitigate all risk if part of the goal is to find the newer opportunities.
FTA: What do advisers need to know about cybersecurity? What are the real tangible threats to their business and their clients?
CG: It is not possible to pay zero attention to cybersecurity in today’s world. Advisers should be familiar with things like phishing emails, two-factor authentication and better passwords.
Every adviser will be more familiar with block chains five years from now than they are today.
Advisers should also recognise that everyone should have a recovery strategy in place because ransomware can spread and infect almost any computer.
The bottom line is that no system connected to the internet is 100 per cent safe from all attacks.
FTA: Where is the industry currently failing on cybersecurity and what are the perils of ignoring this potential threat?
CG: The true failures are only seen after a major hack – almost by definition it is difficult to know where you are failing without it being called out starkly.
Solar Winds was a big example of a supply chain attack where a type of software used by many different entities was broken and access was given across many distinct entities, many of them associated with the US government.
The banking system is based on trust, so the hope is that the largest banks are taking the threats seriously and preparing appropriately.
FTA: What is the one thing every adviser will be doing differently in five year’s time when it comes to cybersecurity?
CG: It is a difficult question because each adviser – really each person – today is starting from a different place.
Some already may use two-factor authentication whereas others may not. It’s also true that in five years' time, maybe something better or more secure than two-factor authentication will have been invented.
One prediction we can make is this: every adviser will be more familiar with block chains five years from now than they are today.
Certain block chains have interesting security characteristics and other properties.
carmen.reichman@ft.com
