In the early days of cybersecurity, before the term was known by many, there was little awareness about how important protecting digital infrastructure was for business continuity. Then there were a slew of attacks so devastating that they crippled key parts of the Internet and as a result caused disruptions and worse, including one called SQL Slammer in 2003.
The awakening begins
After such attacks there was a slow, but steadily increasing awareness by larger companies, particularly network providers and large corporations, that perhaps security was something to take more seriously. But that awareness was still in its very, very early stages.
It wasn't until the last decade that we started to see cybersecurity taken more seriously, especially in the last several years. Now we're witnessing a transformation.
For the longest time cybersecurity was thought of as a 'nice to have' rather than a necessity by many companies and even government bureaucracies. As a result it tended to be part of discretionary budgeting. Exceptions included more closely regulated industries and those who may've fallen victim to a known attack. I use the word known carefully because many are attacked and may not realize it for some time, if ever at all.
Security becomes paramount
Fast forward to the present and we can see that compulsory cybersecurity has become a standard which is being driven by several key factors:
Increased regulation targeting a large group of industries: including both privacy and security laws from state and national governments
More clients and vendors demanding cybersecurity as a result of business engagements: examples include clients that will not do business with companies that do not have basic to advanced cybersecurity protocols as well as insurance companies that won't honor policies if their clients do not adhere to cybersecurity best practices
Increased hacking attacks demonstrating to decision-makers that cybersecurity is key to business survival
A fast growing services market
While cybersecurity software and hardware decidedly have a bright future, it is the services sector where the majority of growth is likely to occur. Cybersecurity services consist of offerings like SECaaS (security as a service), subscription-driven automated testing and protection, and other related areas.
Cybersecurity services are growing in popularity both because of the SaaS model's success as well as the ever increasing complexity and importance of cybersecurity causing businesses to be more likely to outsource to independent third parties.
After all, there is still a deficit of skilled cybersecurity professionals. According to Cybersecurity Ventures the number of unfilled cybersecurity jobs worldwide grew by 350% between 2013 and 2021, from 1 million to 3.5 million.
This deficit of skilled labor also encourages innovation, because with less than the needed boots on the ground, we see a stronger inclination to improve artificial intelligence and automation that can help to scale the number of assets which can be secured by a smaller group of people. A tailwind for cybersecurity services companies that have an edge in their research and development of such capabilities.
Cybersecurity among the top trends in 2022
In the above Gartner top tech trends chart we can see that cybersecurity mesh, privacy-enhancing computing and hyperautomation all made the list. These areas all go hand-in-hand as we need greater automation, meshed approaches, and privacy as a component of improving cybersecurity across the board.
Cybersecurity is likely to remain within the top tech trends for many years to come as attacks become more sophisticated and dangerous, compliance requirements increase, and companies still grapple with a deficit of skilled labor, encouraging more technological advancement to fill the void.
2022 is a big year for the industry
During 2022 we've seen some of the most sophisticated cybersecurity attacks unfold across a wide variety of companies and networks. In addition, we've seen the importance of both offensive and defensive cybersecurity in Russia-Ukraine war, where both Russia and Ukraine have seen significant hacking attacks, but Ukraine has had reasonably strong defenses, and for a smaller less equipped country, was able to leverage an asymmetrical advantage against Russia by crippling key infrastructure numerous times.
These top trends will continue to evolve, but what's key here is that cybersecurity itself will remain a focal point of technological progress. It has to be, because if we don't have a secure digital infrastructure the very foundations of modern society could be rattled to their core.
Don't get lost in the hype, though
All of this sounds very promising for cybersecurity, right? It largely is, but that doesn't mean there isn't a lot of exaggeration and some not so savory players trying to take advantage of this growing industry. That's why it pays to be careful.
With any sort of investment into technology, it is important to focus on where the leadership is occurring and why it may be defensible.
For example, I would much rather invest in a company like Palo Alto Networks (PANW) than one of their smaller or less evolved competitors because I know they are the best managed and most advanced player in the network firewall space, with a large market share that is expanding at a healthy clip.
There's a bright future ahead
As we approach what is likely to be a very bright future for the industry, we can see that there are a number of core areas where industry trends will take shape. In 2023 privacy is likely to be a key area because we're seeing a large number of US states as well as countries around the world put a much greater focus on privacy rights.
Privacy is inextricably bound to cybersecurity because it requires the same focus on detail to protect information from being misused, and most of those best practices have parallels to keeping that information secure rather than just private.
As a result, the privacy-centric legislation we see evolve globally will be another tailwind for cybersecurity services as companies look toward existing solutions they can utilize to segment and protect data rather than reinventing the wheel in-house.
In closing
Cybersecurity is an industry that is likely to become more 'utility-like' because we are seeing a transformation. Spend on cybersecurity is becoming requisite rather than being seen as optional. This is likely to provide more durable cash flows even during tougher times for the global economy.
That doesn't mean it's time to go all-in on cybersecurity stocks, though. Instead it may be a good time to make a watch list, begin to research the companies on it, separating them for each of the areas of cybersecurity that they address as there are a lot of differentiated segments.
Look for the best players in their space. Gartner's Magic Quadrant can help with this research. Then get to know their management, their fundamentals, their products and services. Start to read their earnings transcripts to get a better feel for how they execute and operate, what they're guiding for, and how it may matter for their stock.
Be patient. We have plenty of time to identify opportunities as we remain in a bear market that could very well worsen significantly before we see a sustainable bottom.