Business is booming for this secular industry

Sara Allen

Livewire Markets

Cybercrime has dominated the headlines for the past few weeks. Most Australians were hit by the recent Optus breach or knew someone who was. Barely a week later, both Telstra and NAB had staff data breached through third-party providers. Medibank has been the latest addition to the list. Such is the age we live in and the high value of our data that barely a day goes by without a company experiencing attempted or successful hacks on their systems. Cybersecurity is an essential, rather than a nice-to-have service.

To put it all into perspective, the average number of cyber-attacks per company annually is 270, with just over 10% of these successful breaches (Source: Accenture State of Cybersecurity Resilience 2021). It’s a number that grows annually.

The growing number of average attacks that individual companies experience. Source: Accenture State of Cybersecurity Report 2022
Realistically, anyone who uses the internet in some form should assume they’ve had their data hacked at least once before. 

The Optus hack exposed around 40% of the Australian population. Back when Facebook had a leak in 2019, 500 million people globally were exposed.

I’ll bet you might not even know if you’ve been hit – in fact, it’s only been more recently that companies have been pressured into contacting their customers directly about breaches. A quick way to check your data is the website Have I been pwned?

Breaches are hugely expensive to companies too. According to a 2022 report by IBM and the Ponemon Institute, the average cost of a data breach to a company is $US4.35 million covering legal, regulatory, and technical costs, brand reputational damage, customer turnover, and impact on employee productivity. That’s before you think of individual costs to customers exposed in a breach – replacing identification or credit cards, or even facing scammers committing identity fraud.

The new essential service

From this perspective, it all makes sense that cybersecurity has, to an extent, escaped some of the recent falls in the broader tech sector.

Cameron Gleeson, Senior Investment Strategist at BetaShares says it has been largely resilient to the return of inflation and accompanying rising interest rates.
“Cybersecurity has become one of the most durable spending categories in corporate IT budgets, due in part to the growth in digital data and environments, and an increasing number of corporates concluding that investing in their cyber defences is a necessity”.

He points to a range of secular trends driving the industry including:

  1. Accelerating consumer and corporate spend on data protection.
  2. The increasing number of cyberattacks (it’s the fastest-growing crime in the US).
  3. Growing costs from cyberattacks.

Clearly, cybersecurity is a growing and highly lucrative industry – and yet, how many companies in this space can an investor name off the top of their head? 

I’m betting not many. And I’ll take a further stab that asking for an Australian name will draw a complete blank. In fact, the Australian industry is so small that when I asked some of our valued partners for their insights, many told me that it is largely start-ups and microcaps. Not areas they typically cover.

The US industry on the other hand is massive. In fact, Gleeson says that only five holdings in the BetaShares Global CyberSecurity ETF (ASX: HACK) are domiciled outside of the US. The 19 biggest holdings are US based.

But even the US names might not be top of mind to the average investor.

Why is this? Why are cybersecurity companies not household names?

Part of this comes down to the fact it is a growing industry that changes rapidly. In fact, I’m informed that everything we do on the cybersecurity front will be obsolete in a matter of years courtesy of the power of quantum computing. If we think it’s scary that hackers can create algorithms to hack our passwords in a matter of minutes today, take it to the next level when you consider the power of quantum computing.

There are a lot of small players in this space at this stage so it’s also fair that we don’t know the names of many cybersecurity companies. In the coming years, some of these companies will rise and flourish, while others will vanish as quietly as they appeared. On the flip side, the good news is that some cybersecurity companies are already big-name brands – you just didn’t realise they worked in this space.

The household names you know and love… in a different way

You might not think security if I say Microsoft (NASDAQ: MSFT) or IBM (NYSE: IBM) but both companies have flourishing cybersecurity offers.

In January, Microsoft revealed its security business was up more than 40% year on year earlier this year and had generated $15bn in revenue over 2021. It offers security within its product sets and via security solutions offered. As part of this, it has made a number of strategic acquisitions, with the most recent being Miburo, a cyber threat analysis and research company.

IBM offers free IBM Cybersecurity training for professionals interested in pursuing jobs in that field ranging from basic training, a foundation course, and an analyst program. It has also committed to university programs for training cybersecurity specialists. From a product and service perspective, it offers a range of enterprise security solutions backed by the research of its IBM Security X-Force. It launched a data security solution called Guardium Insights late last year and acquired ReaQta which uses AI and machine learning in the fight against cyber threats. So far the IBM Security business growth has lagged industry growth, which is concerning at a time when its competitors are rising.

Amazon (NASDAQ: AMZN) is also growing on this front too with its Amazon Website Services (AWS) including cyber offers like AWS Security Hub to automate security checks and centralise alerts, Amazon Detective to investigate threats and issues, and Amazon GuardDuty to detect issues. It has partnered with FireEye Network Security across its products and services.

And the names you already think of when you think security…

If I say CISCO (NASDAQ: CSCO), Symantec (now known as NortonLifeLock (NASDAQ: NLOK)), McAfee (now private), Oracle (NASDAQ: ORCL), and Palo Alto Networks (NASDAQ: PANW), chances are you’ve heard of them, if not already used them in some way. Palo Alto and McAfee are also part of the Cyber Threat Alliance which includes Fortinet (NASDAQ: FTNT) and Symantec. The Cyber Threat Alliance is an agreement between these companies to share details on the latest threats and managing them. That’s right – a genuine corporate effort to act in the global best interests in improving methods of managing cyber threats.

Palo Alto Network is arguably one of the biggest cybersecurity companies globally. It services over 85,000 customers worldwide with cloud-based offers and advanced firewalls. One of its innovative products is ‘Cortex’, a continuous AI platform that learns from changing methods of attack and evolves to defend against them. It is a dominant name in the business world, much like CISCO and Oracle.

By contrast, NortonLifeLock and McAfee are better known as consumer brands. You probably know them for their anti-virus software though their offers have extended far beyond this today. Slintel’s data tracking places Symantec’s global market share at 55.59% and McAfee at 24.78%.

A nice little stat on the value of this protection. McAfee claims to block 29,500 threats A MINUTE.

The other names you should know about

Gleeson says the cybersecurity industry is a build-up of both leading and emerging companies and you can’t always predict tomorrow’s leader.

Some of the other companies held in the HACK portfolio he finds interesting are:

  1. CyberArk (NASDAQ: CYBR) – an information security company focused on Privileged Account Management. The company’s technology is deployed worldwide – primarily in the financial services, energy, retail, and healthcare markets. Over 2,700 global businesses trust CyberArk to protect their highest-value assets, enabling them to master audit and IT compliance requirements.
  2. Okta (NASDAQ: OKTA) – is a global leader in Identity and Access Management. It provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website web services, and devices. The company has solidified its competitive position through product breadth and innovation, as well as its customers increasing focus on enterprise security and digital transformation.
  3. Varonis Systems (NASDAQ: VRNS) - an American software company, who are responsible for developing a security software platform to let organisations track, visualise, analyse, and protect their unstructured data. Varonis performs User Behaviour Analytics to identify abnormal behaviour and defend enterprise data from cyberattacks. Their software gives organisations more visibility into their data and protects their critical and sensitive information. Varonis’ customers include Coca-Cola, Toyota, L’Oréal, and SanDisk.
  4. Crowdstrike (NASDAQ: CRWD) – provides cloud workload and endpoint security, threat intelligence, and cyberattack response services. The company has been a beneficiary of the acceleration of organisations switching from legacy antivirus-related platforms in favor of next-gen Endpoint platforms like Crowdstrike. The company has been involved in investigations of several high-profile cyberattacks, such as the 2015–16 Democratic National Committee attack.

Where does Australia stand?

As mentioned earlier, our cyber-security industry is tiny. There are a lot of start-ups out there. However… should you want a few listed small-cap names that are doing some interesting work, here are a few I uncovered.

  • Tesserent (ASX: TNT)
    Tesserent is Australia’s largest listed cybersecurity company (still a small cap though) and has 1200 clients across small and medium enterprises, government, and critical infrastructure. It is a full-service cyber solution company offering protection services and monitoring, along with consulting and advice.
  • Whitehawk (ASX: WHK)
    Whitehawk is known for offering online global platforms and software for end-to-end risk identification and mitigation – they are the world’s first cybersecurity exchange. It has won a key US federal government contract worth $5.9m back in 2020.
  • Prophecy International Holdings (ASX: PRO)
    Prophecy is a software company known for its flagship cybersecurity product Snare which was developed with the Australian military and defense. It is a tool for logging and managing security events and is used globally.

What’s next in the world of cybersecurity?

According to Gleeson, one of the more interesting trends in this space is the growth in attacks on small and medium enterprises.

“Criminals are increasingly turning their focus to smaller businesses and individuals as these targets often generate less attention and tend to be easier targets.”

He notes that ACCC’s Scamwatch found a particular increase in hacks of property developers and real estate agents where buyers were convinced to transfer deposits and stamp duty payments.

Further to this, insurance is failing to cover cyberattacks – an opportunity perhaps for some providers but Gleeson says proper cybersecurity investment to prevent breaches is a surer bet.

The cybersecurity industry was valued at $US139.77 bn in 2021. It’s tipped to reach $US376.32bn by 2029. There’s a lot of growth coming, and a lot of opportunity for companies hungry for a slice of that pie.

Question to readers - who are you backing to lead the cybersecurity industry in the coming year?
Livewire gives readers access to information and educational content provided by financial services professionals and companies ("Livewire Contributors"). Livewire does not operate under an Australian financial services licence and relies on the exemption available under section 911A(2)(eb) of the Corporations Act 2001 (Cth) in respect of any advice given. Any advice on this site is general in nature and does not take into consideration your objectives, financial situation or needs. Before making a decision please consider these and any relevant Product Disclosure Statement. Livewire has commercial relationships with some Livewire Contributors.

1 contributor mentioned

Sara Allen
Content Editor
Livewire Markets

Sara is a Content Editor at Livewire Markets. She is a passionate writer and reader with more than a decade of experience specific to finance and investments. Sara's background has included working at ETF Securities, BT Financial Group and...

I would like to

Only to be used for sending genuine email enquiries to the Contributor. Livewire Markets Pty Ltd reserves its right to take any legal or other appropriate action in relation to misuse of this service.

Personal Information Collection Statement
Your personal information will be passed to the Contributor and/or its authorised service provider to assist the Contributor to contact you about your investment enquiry. They are required not to use your information for any other purpose. Our privacy policy explains how we store personal information and how you may access, correct or complain about the handling of personal information.


Please sign in to comment on this wire.