FTA: What excites you most in this space as an investor?
CG: If companies expand their cybersecurity spending to something like 5-10 per cent of their cloud computing spending, it will imply massive growth for the space.
The typical business today is not spending anything close to 5-10 per cent of their cloud budget on cybersecurity.
FTA: How do you ensure you time thematic investments properly given this is a rapidly developing space?
CG: If you are thinking about the total peak today, then you are not talking about a mega-trend, in that a mega-trend is something that occurs over the space of more than 10 years.
Some years will be like 2020, where thematic investors are ecstatic, and some years will be like the start of 2022, where thematic investors might be disillusioned.
FTA: How do you screen companies in this sector, what are the risks?
CG: If you are investing in newer, less established companies, they may not yet have achieved scale in their operations. They may not yet be profitable.
We tend to look at the focus on pure-play cybersecurity and also on the capability to generate revenue growth. We don’t believe there is a way to mitigate all risk if part of the goal is to find the newer opportunities.
FTA: What do advisers need to know about cybersecurity? What are the real tangible threats to their business and their clients?
CG: It is not possible to pay zero attention to cybersecurity in today’s world. Advisers should be familiar with things like phishing emails, two-factor authentication and better passwords.
Advisers should also recognise that everyone should have a recovery strategy in place because ransomware can spread and infect almost any computer.
The bottom line is that no system connected to the internet is 100 per cent safe from all attacks.
FTA: Where is the industry currently failing on cybersecurity and what are the perils of ignoring this potential threat?
CG: The true failures are only seen after a major hack – almost by definition it is difficult to know where you are failing without it being called out starkly.
Solar Winds was a big example of a supply chain attack where a type of software used by many different entities was broken and access was given across many distinct entities, many of them associated with the US government.
The banking system is based on trust, so the hope is that the largest banks are taking the threats seriously and preparing appropriately.