Within the vast panorama of social factors that are considered as part of environmental, social and governance (ESG) analysis sits cybersecurity: headline-grabbing and potentially ruinous for the reputation of companies that have chosen to ignore it. Society increasingly treats cybersecurity as a ‘black box’ of technology, with security experts viewed as wizards dealing in the dark arts of data encryption.
The sector’s credentials are attractive: worldwide IT security spending is expected to total $120bn in 2020 and grow at c.10% per annum to reach $158bn in 2023 according to a recent Jefferies report, representing double the growth rate of total IT spending.1 It is enough to read about the recent high-profile travails of some major companies in this area, not to mention the purported Russian interference in the US election process in 2016, to appreciate that the stakes are high when hackers are lurking in the shadows.
Despite the appealing growth profile of the cybersecurity industry, it is challenging to gain direct investment exposure to this relatively new sub-sector in public equity markets. Returns have been mixed, and many investors have preferred to take a ‘basket’ approach.
Perhaps the most pertinent way to view cybersecurity is as a risk that can affect and undermine businesses in any sector, including IT platforms themselves. However thriving and well-insulated a company may be against an economic slowdown or competitive pressures, the threat of a cyber-attack is ever present (mitigated to varying degrees by judicious investment at the corporate level), with the potential to unravel years of consumer trust and brand equity. A thorough analysis of a security’s ESG profile can highlight such a risk as well as the mitigation steps taken by companies, and can enable thoughtful investors to embed such considerations in their analysis.
Catherine Doyle, investment specialist, Real Return team, Newton Investment Management.
1 Deep Dive into Security 101: Distilling the Murky Waters of Enterprise Security, Jefferies, 27 July 2020