Cybersecurity: Industry Report & Investment Case

Cybersecurity focuses on protecting computers, networks, programs, and data from unauthorized and/or unintended access. Cybersecurity has become increasingly important recently as governments, corporations, and people collect, process, and store vast amounts of confidential information and transmit that data across networks. Data breaches have become almost commonplace in recent years. Over the last few years, high-profile cases of cyber hacks have increased the demand for sophisticated software and security products. Companies across the globe are growing more aware of the potential threat which is leading to a greater allocation of resources towards companies that help mitigate such risks.

The table below highlights the variety of ways in which industries were affected by different types of incidents. While certain industries experience cyberattacks from specific incidents (e.g. about 95% of incidents in 2015 in the Accommodation industry were because of Point-of-Sale)1, this table shows that all industries are prone to cybercrime in numerous ways. As such, with the sophistication of cyberattacks, there has been an increased demand for cybersecurity services.

A couple of ways in which investors can get exposure to the cybersecurity industry are through the PureFunds ISE Cyber Security ETF (HACK) and the ETFS ISE Cyber Security GO UCITS ETF (ISPY). The underlying index for HACK is the Nasdaq ISE Cyber Security Index (HXR) and the underlying index for ISPY is a UCITS compliant version of HXR, the Nasdaq ISE Cyber Security UCITS Index (HUR). In order to adequately understand the reasons as to why cybersecurity is important from an investment perspective, it is first vital to understand the growth drivers for cybersecurity as well as the industry outlook. The following research will discuss the growth drivers and industry outlook for cybersecurity and then show the ways in which the cybersecurity index above is poised to capture these positive trends in the cybersecurity industry.


The growth in cybersecurity is primarily driven by the necessary measures needed to counteract the increasing number of cybercrimes that people, businesses, and governments face on a daily basis. As the chart below shows, the total number of major/publicized attacks worldwide that make it in the news increased month-over-month for 11 out of the 12 months from 2014 to 20152.

In addition, the two charts below break down the attacks to highlight to whom the attacks are targeted towards as well as which industries are affected the most. The charts illustrate that industries, governments, individuals, and organizations are the most affected by cyberattacks, and Video Games, Hotels & Hospitality, and Software were some of the largest affected industries in August 20163.

The impact of cyberattacks has grabbed the attention of the White House; President Obama has deemed cybercrime one of the biggest issues facing national security. In addition, the President’s 2017 Budget is proposing to allocate $19 billion in spending to fund critical initiatives and research in the cybersecurity space, a 35% increase from the 2016 budget4.

Aside from the growing number of targeted attacks that is driving the growth in cybersecurity, the number of cybersecurity venture deals also highlights the growth in this space. The chart below shows that venture capital firms have invested about $8 billion into cybersecurity companies since 20145.

This explicitly demonstrates that the increasing number of targeted attacks and cybercrimes is driving the growth in cybersecurity and is continuing to augment the demand for these services, as venture capital firms have continued to pour money into this space. The above also shows that the increasing cybersecurity measures taken by governments, organizations, and corporations bode well for the cybersecurity industry from an investment perspective.


In addition to the increasing cyberattacks that is driving the growth in cybersecurity, the overall industry outlook for cybersecurity from an investment perspective is also positive.

A report from Business Insider Intelligence estimated that $655 billion will be spent on cybersecurity initiatives to protect PCs, mobile devices, and Internet of Things (IoT) devices by 2020, of which $386 billion will be spent on securing PCs, $172 billion on securing IoT devices, and $113 billion will be spent on securing mobile devices6. According to Bloomberg and IDC, the largest areas of growth within cybersecurity are mobile security, Internet of Things (IoT) security, and specialized threat analysis and protection7. The chart below reveals that while the three aforementioned growth areas are dwarfed by the overall IT Security market by size, their projected compound annual growth rates are expected to be significantly higher than that of the IT Security market. For instance, while the Specialized Threat Analysis and Protection segment is only about $1.5 billion in size (minuscule compared to the $35 billion IT Security segment), its projected compound annual growth rate is about 28%, much higher than the 5% projected growth rate for the IT Security segment7. This reveals that these three growth areas will continue to propel and expand the cybersecurity industry going forward.

Research conducted by Morgan Stanley suggests that the cybersecurity market could grow by more than four times the overall information technology spending by 20208. In addition, as the chart below illustrates, cybercrime costs for organizations continue to rise as the average cost of cybercrime per organization was $7.72 million in 2015, up from $7.57 million in 20148.

This suggests that, as cybercrime costs continue to rise for corporations, so will overall spending for cybersecurity measures, thus positively impacting the cybersecurity industry. Other research from Morgan Stanley (this surveyed from Chief Information Officers of major corporations) highlight that most of the executives surveyed planned to buy more than 15 different security technologies, showing the vast layers of security that are undertaken in many organizations and further highlighting the continued spending on cybersecurity services8.

While on-premise cybersecurity solutions will continue to increase, cloud-based security, which represented roughly 12% of total spending on cybersecurity in 2015, is expected to grow to 20% of total spending on cybersecurity by 20198. This will be, as mentioned above, in large part due to the proliferation of the Internet of Things, or connected devices such as household appliances, medical devices, cars, and more, which could all be vulnerable to cyberattacks. This expected growth in cloud-based security solutions for connected devices will continue to drive the overall growth for the cybersecurity industry.

In most instances, corporations are hesitant to reveal breaches and cyberattacks that they’ve been exposed to, primarily for fear of reputational damage. As such, Cybersecurity Ventures is predicting slightly higher growth rates, at about 12-15% year-over-year through 2021, which is higher than the 8-10% being predicted by other industry analysts9. As a result, the actual spending on cybersecurity may be far more than what’s revealed publicly, as companies may be understating their cybersecurity budgets in order to protect their reputation.

Overall, the above shows that the industry outlook for cybersecurity is very positive. Due to the increasing number of cyberattacks, as described in the previous section, the growth expectations for cybersecurity spending going forward are very high. Some of the key growth areas within cybersecurity, such as IoT security and cloud security, will help drive the growth of this industry. In addition, the rising costs of cybercrime and corporations’ willingness to spend large amounts on cybersecurity is further justifying these growth expectations for the industry. As a result, continued growth and increased spending in this space strongly shows that the cybersecurity industry will be a profitable investment for the foreseeable future.


As mentioned above, a couple of ways investors can gain access to the cybersecurity space is through the PureFunds ISE Cyber Security ETF (HACK) and the ETFS ISE Cyber Security GO UCITS ETF (ISPY), where the underlying indexes for these are the Nasdaq ISE Cyber Security Index (HXR) and the Nasdaq ISE Cyber Security UCITS Index (HUR).

The methodology for HXR is as follows:

Nasdaq ISE Cyber Security Index: Provides investors with a product allowing them to quickly take advantage of both event-driven news and long term economic trends as the market for cyber security technology continues to evolve. It includes companies that are service providers (hardware/ software developers) for cybersecurity and for which cybersecurity business activities are a key driver of the business. Each component in the index must have a market capitalization of at least $100 million10.

In looking at the ICB sub-sector breakdown of HXR, one can see the focus on technology companies, specifically in the Software and Computer Services sub-sectors. This illustrates that investors are getting strong exposure to technology companies when they invest in the products tied to this index.

The components in this index are very small, on average, than those in the S&P 500 Information Technology Index, which indicates that they are up-and-coming cybersecurity companies that may experience high growth in the future.

In fact, as the chart below shows, components in this index have experienced higher sales growth over the last 3 years, on average, when compared to the S&P 500 Information Technology Index.

Since the components in this index are small and have experienced high sales growth, it is imperative to ensure that these companies are adequately investing their earnings into research and development to remain competitive in the fast-evolving cybersecurity landscape. This is, in fact, the case, as components in HXR are, on average, investing more of their sales into R&D than those components in the S&P 500 Information Technology Index.

In addition, because cybercrimes affect people, governments, and organizations worldwide, it is vital that the components in this index capture the demand for cybersecurity services globally. In order to show that the revenue for the cybersecurity companies in HXR is expanding globally, due to the demand for cybersecurity services internationally, one can look at the proportion of sales derived internationally of the companies in this index.

It is clear, then, from the chart above that the average foreign revenue of the components within this index is higher than it was three years ago, suggesting that the demand for cybersecurity has been expanding globally and that these companies have taken advantage of that demand (note: foreign revenue is referring to revenue derived from countries in which the company is not domiciled in).

This clearly shows that HXR offers technology-focused exposure to investors looking to invest in cybersecurity. It also illustrates that, when compared to the broader S&P 500 Information Technology Index, the components in this index are relatively smaller but have experienced higher average sales growth thus far as well as spent a higher percentage of their revenue on research and development. In addition to this, the companies in this index have increased their proportion of sales internationally, on average. This shows that the components in HXR are up-and-coming companies poised to capture the strong projected growth in the cybersecurity industry.


In summary, the above analysis illustrates that cybercrimes have increasingly affected multiple industries in numerous ways, thereby boosting the demand for cybersecurity services. The continuingly increasing number of targeted attacks is driving the growth in cybersecurity services as major governments and venture capital firms have continued to invest money into cybersecurity companies. In addition to the high projected growth rates by various industry research firms and analysts, IoT security, cloud security, and increasing cybercrime costs are going to continue to drive the spending in this industry moving forward. The Nasdaq ISE Cyber Security Index offers investors technology-focused exposure to the cybersecurity industry. The index is composed of components that have experienced high sales growth and have increased their proportion of sales derived internationally, showing that they have adequately captured the demand for cybersecurity services thus far. More importantly, the components in this index are continuing to invest their revenue into research and development, which will help drive their revenue growth going forward, as the cybersecurity industry continues to evolve. In order to capture these positive trends for the cybersecurity industry, investors can invest in the products tied to the Nasdaq ISE Cyber Security Index.

Nasdaq® is a registered trademark of Nasdaq, Inc. The information contained above is provided for informational and educational purposes only, and nothing contained herein should be construed as investment advice, either on behalf of a particular security or an overall investment strategy. Neither Nasdaq, Inc. nor any of its affiliates makes any recommendation to buy or sell any security or any representation about the financial condition of any company. Statements regarding Nasdaq-listed companies or Nasdaq proprietary indexes are not guarantees of future performance. Actual results may differ materially from those expressed or implied. Past performance is not indicative of future results. Investors should undertake their own due diligence and carefully evaluate companies before investing. ADVICE FROM A SECURITIES PROFESSIONAL IS STRONGLY ADVISED. © 2016. 2236-Q16 Nasdaq, Inc. All Rights Reserved.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Other Topics