Unlocking the cybersecurity boom

In the final weeks of December, the US Government announced it had been the victim of the worst-ever cyber attack in the nation's history. Forensic research revealed hackers had access to sensitive government networks since March, the most widespread breaches coming through a hack into the SolarWinds Orion network monitoring system. 

The hack was so large in scope that national security experts are still struggling to understand the breadth of the intrusion. 

This groundbreaking revelation bookends a year filled with cybercrime. Only last month Australian hedge fund Levitas Capital was forced to shut its doors after a fake Zoom link resulted in the approval of $8.7 million in fraudulent invoices.  And in June the Australian Federal Government warned that it, too, had been the subject of attacks, and urged all Australians to take action to protect themselves from "ongoing and constant threats" of state-based hackers.

The threat of cybercrime can no longer be ignored. Accenture's 2019 Cost of Cybercrime Study showed cybersecurity attacks rose 67% since 2014, and, of the 300 global companies studied, there was an average cost of US$13 million per breach. AustCyber found this figure rose by 33% in the first half of 2020 alone.

Cybersecurity is now at the forefront of the investment community's greatest minds. Giselle Roux, speaking to Livewire's own James Marlay,  said the next 'COVID' will be a massively disruptive online virus and that investors will be chasing cybersecurity just as they chase healthcare stocks now.

In this wire, I will demonstrate why this theme is worth your attention.

Industry landscape

The cybersecurity sector in Australia is broad but generally speaking, companies in this space offer the following to protect clients from hacks, data breaches and disruptions to online functions: 

• Antivirus software: Made to prevent and remove viruses or other dangerous software from computer systems. It is the oldest and simplest form of cybersecurity.
• VPN services: These create a secure connection with another network over the internet. They mask and encrypt users' data allowing them to access sensitive information from remote locations.
• Authentication and data protection services: These focus on encrypting sensitive information through complex code and verifying the identity of those who try to access the information. 
• Other services provided in this industry include managed security and incident response services, often taken on by larger businesses. IT security consulting in Australia is also increasing in popularity, expected to grow in the next five years at an annualised rate of 6.2%.

These four core services are provided by all major players in the industry, with Data#3 (ASX: DTL) leading in market share. The split between the major and minor players is close to 50% leaving a large portion of the market untapped by the largest companies.

Data#3 has had an impressive run over the last five years returning 464.7% and quickly recovered from its March lows. Since that low, the company has beaten its February high by 22.6%.

Overall, industry revenue has grown at an annualised 10.7% over the past five years. This rate is anticipated to ramp up to an annual 15.2% from FY21 - 26. 

As seen in the graph below, the cybersecurity industry has continued to grow at a blinding rate while the Australian tech average and economy remain stable (see graph and click to enlarge).

However, the high growth rate of the industry also brings about a rapid explosion of new companies in the field. The number of new cybersecurity businesses is growing at 9.1%. Only four industries in Australia have a higher rate of new market entrants, being:

1. Beer manufacturing
2. Taxi and limousine transport
3. Wireless telco carriers
4. Spirit manufacturing 

Tailwinds

The accelerated shift to a digital world this year has brought forward demand for cybersecurity services but there are strong tailwinds for this industry which mean it's here to stay.

• Software as a service (SaaS) and the Internet of Things (IoT). Trends favouring SaaS increasing in popularity and subscription-based models will benefit the cybersecurity industry creating consistent revenue streams. Additionally, with the rollout of 5G technology and increasing levels of interconnectedness, cybersecurity firms are projected to provide services to protect consumers' suite of devices.
  
• Constant innovation of tech. The volume and sophistication of cyberattacks are also anticipated to increase as more advanced computing technology allows cyber criminals to develop more powerful techniques and methods to exploit security vulnerabilities. Cybersecurity firms must be developing their product consistently to monitor new operating systems and defend against new threats, driving sustained demand.
• Remote work demand. Even as the effects of the pandemic fade, demand for remote working is anticipated to remain significantly higher than before. Consequently, businesses will need to spend more on services such as VPNs and authentication systems to ensure the integrity of their data and networks.

Headwinds

While it may be easy to be wooed by high-growth rates, investors in this industry should keep a few factors in mind.

• The high rate of new entrants. The average age of companies in this industry is 8.5 years with 40% of firms founded in the last five years. This makes it much harder to pick a clear winner as a large number of firms fight for market share. Additionally, the rate of new entrants and lack of consolidation presents ample opportunity for a market disrupter to arrive and rapidly win market share.
• High levels of technology change. While constantly updating systems provides consistent demand for firms who can remain innovative, some providers may be unable to remain ahead of cyberthreats. Firms who fail to keep up with the rapid rate of technology change will become obsolete.
  
• Regulation developments. The Telecommunications and Legislation Amendment (Assistance and Access) Act 2018 has caused concern for cybersecurity firms. The legislation requires telcos to assist where possible to intercept and unencrypt communications on their systems. While a request cannot require a provider to introduce a systematic weakness into their network or software, the law does not explicitly outline what constitutes a systematic weakness.

Conclusion

While it is clear that the cybersecurity industry is set to outperform the broader market considerably, picking a clear winner is not so easy. And though structural tailwinds are developing, the growth runway does present some obstacles. 

In the next instalment of this collection, I ask the experts for their outlook on the cybersecurity industry, and their best pick for a stock to outperform. Ensure you're following my profile by clicking FOLLOW to be updated when new wires are posted.

Not already a Livewire member? Sign up today to get free access to investment ideas and strategies from Australia’s leading investors. Enjoy this wire? Hit the 'like' button to let us know.