Data is the new oil, and the need to protect it from unethical prospectors has never been greater.
That’s the conviction of Raj Lala, president and CEO of Evolve ETFs, when he talks about the investment thesis behind one of his firm’s flagship products, the Evolve Cyber Security Index ETF (TSX: CYBR). The ETF invests in global companies that are involved in the cyber security industry through hardware and software development.
“Right now, there are 20 billion connected devices in the world — just over three for every human being — and that’s growing to at least 50 billion in the next decade,” he says. “That opens unprecedented access to data and information on all of us.”
Globally, information is being generated at a staggering pace. The most cited statistic says 90% of the world’s data was created just within the last two years; the total amount is expected to double every two years. Knowingly or unknowingly, people are giving out more information about themselves than ever, and a lot of that is flowing into the servers of large institutions like financial, healthcare, and pharmaceutical firms.
But according to Lala, many of these organizations are falling behind in the arms race against hackers. “Cybercriminals have more sophisticated and automated tactics than they did a decade ago,” he says. “Today, these criminals can use ransomware to hold people’s information hostage for millions of dollars. They get people to phishing sites using emails that look like they’re from Scotia, RBC, or another big bank.”
That contributes to internal risks faced by institutions. Firms that randomly test their employees to see if they’d click on an emailed scam link find that around 10% fall for it. Another internal threat comes from employees actively stealing and selling their organization’s data, which ends up on the dark web.
Lala cites last year’s Equifax hacking as an eye-opening moment. The firm lost 143 million records that included people’s social security numbers, the amount of debt they held, and other key information that made up their financial history. The stock-price plunge and reputational fallout that followed has made it a cautionary tale for others.
“That’s what a lot of CEOs at Fortune 500 companies say keeps them up at night — the potential for a breach of data,” Lala says. “You’ll never hear one of them say ‘we had a bad financial quarter, so we’re cutting our cyber security spending.’ They might say they’ll decrease headcount, defer initiatives they’d planned, scale back R&D budgets, but cyber security is a non-discretionary spend.”
The stark demand-side picture lays a compelling foundation for the Evolve Cyber Security ETF, which trades on the TSX under the ticker CYBR. Launched in September last year, the fund invests in firms that provide hardware, software, and consulting services to Fortune 500 companies. And a look at the supply side provides even more support.
“Because there’s a massive shortage in human capital in cyber security, most companies will contract it out to third-party companies rather than take it in-house,” Lala explains. “Some big organizations might have a small cyber security department, but a third party would be needed to do most of the work and bring particular areas of vulnerability to the internal team’s attention.”
And like a patient that requires a team of specialists to stay in peak health, many Fortune 500 companies don’t rely on just one cyber security provider. Depending on the level of their needs, they may work with two or three that have separate but overlapping areas of focus such as hardware solutions, cloud-based systems, and overall consulting.
CYBR is Canada’s first cyber security ETF and while the fund holds a comparatively humble $25 million in AUM, it has done remarkably well. In June, CYBR was reported as the top-performing equity exchange-traded fund on the TSX. As of August 14, the year-to-date return for the fund was 21.66%; the unhedged units, with the symbol CYBR.B, did even better with 28.06%. With that kind of performance, there can be great temptation to lump cyber security in with other tech sectors — but as Lala points out, it’s a much more resilient niche.
“Earlier this year when the Nasdaq was correcting, I believe it was down around 15% peak-to-valley, and our ETF was up within that same period,” he says. “I think the market is recognizing that cyber security isn’t about creating the next hot thing. In an economic or market pullback, people might not buy the newest iPhone right away or may cancel their Netflix subscription, but you won’t see organizations pull back on data protection.”
Online stock-trading platforms vulnerable, says cybersecurity expert
Why capex means tech is sector to overweight
More market talk: