With demand for next-generation security and vulnerability-management solutions climbing, sales of cybersecurity products and services are expected to grow by 9% in 2019
The race to safeguard data could generate meaningful gains for investors
Like many powerful technologies, the internet creates both tremendous benefits and daunting challenges. It offers us myriad conveniences, instant access to news and information, and it helps us communicate quickly and efficiently. It also provides criminals access to sensitive information they use to commit fraud, steal intellectual property and perpetrate other crimes.
With the number and cost of cyberattacks rising, businesses and other organizations are fighting back by continuing to invest in technologies they hope will keep their data secure. But while the spending on these safeguards could present investment opportunities in companies combating these threats, it’s a tricky space. Tools designed to safeguard sensitive data are evolving quickly, as are the tactics cyber thieves employ to steal it. The challenge for companies and investors alike is how to anticipate the future leaders and laggards in the marketplace for information security products.
To gauge the size of the opportunity available to investors, consider the scope of the threat. The annual cost of cybercrime is estimated to hit $6 trillion by 20211—that’s twice the 2016 cost, in part because the frequency and scale of the attacks are growing. In 2017, for example, the global number of high-profile data breaches—defined as those with 50,000 or more records stolen—increased by 28% year-over-year.2 The average cost of a data breach in 2017 was estimated to be just shy of $3.9 million, up 6.4% from the previous year.3
The costs leave no question why fortifying cyber defenses is high on the to-do lists of corporate executives and government officials. In a recent survey, 45% of chief information officers indicated they would be accelerating their investment in security over the next 12 months4 and that it was their highest priority in terms of spending. Where are these dollars going? Hiring cybersecurity specialists, upgrading highly manual information security platforms with automated systems, adopting artificial intelligence and other advanced technologies, to name a few.
I think the biggest vulnerability is cyber, just for about everybody. I think we have to focus on it.
As spending on cybersecurity solutions has grown, so, too, has the market for cyber defense solutions. From a few companies offering antivirus software in the 1980s, the total addressable market for cybersecurity tools is more than $40 billion today with a number of verticals, each dedicated to different aspects of the security universe (see graphic below).
With demand for next-generation security and vulnerability-management solutions climbing, sales of cybersecurity products and services are expected to grow by 9% in 2019—outpacing not only the broader market, but also the tech sector in aggregate.5
As the number of people and devices connected to the internet multiplies, so will opportunities for criminals to commit identity theft, steal data (or ransom it) and crash websites. Constant innovation will be required to counter increasingly sophisticated attacks, as will increased spending on cybersecurity by businesses and governments. That spending bodes well for the cybersecurity sector as a whole, but it could be particularly beneficial for companies focused on three potential growth areas:
Denial of access. Before the advent of smartphones, laptops, tablets and web-connected televisions and printers, hackers had limited entry points to companies’ computer networks. More connected devices give hackers more paths to those networks, especially as companies allow telecommuting and mobile employees to connect to their networks with their personal devices. To reduce the number of gateways or “endpoints” available to hackers, organizations are investing heavily in antivirus, anti-spyware, firewall and host-intrusion-prevention systems. Of course, endpoint security is just one subsector of the cybersecurity space. Others, such as networks, mobile, security management and applications, are equally ripe for innovation and present interesting investment opportunities.
Automating security protocols. Chief information officers are prioritizing the introduction of technologies that can perform routine, but time-consuming, tasks. This is boosting demand for software that incorporates artificial intelligence (AI) and machine learning. Software underpinned by these technologies processes vast amounts of data to anticipate, detect and respond to cyberattacks with little, if any, human intervention. As such, it has the potential to increase the effectiveness of cyber defenses, while lowering the cost of maintaining them. Tempering the opportunity presented by the push to automate is a lack of qualified software developers with AI or machine learning expertise. Put simply, the adoption of AI and machine learning is being slowed not by a lack of demand for these technologies, but by the scarcity of talented engineers and programmers needed to accelerate their development.
Defending the cloud. Not long ago, companies housed data and applications solely on internal networks. Today, many companies are migrating sensitive information and “mission-critical” functions to the cloud, which has made cloud security a priority for both cloud services companies and their customers. Indeed, concern about the threat of data breaches has been cited as the main reason for slower adoption of the public cloud. The use of web-based tools that allow globally scattered work teams to collaborate with each other also puts a premium on cloud security.
Amazon, Microsoft and other cloud enterprises are bolstering their cyber defenses both by developing proprietary security solutions and by partnering with independent providers with the expertise and technology to address arcane and sometimes customer-specific security challenges. To the latter point, a financial services firm typically requires more robust security protocols than, say, a film production company, so an Amazon or Microsoft might task a company to address threats specific to banks or brokerage firms. Demand for these should grow as businesses across diverse industries become more comfortable shifting critical functions to the cloud.
While the large legacy technology companies continue to pioneer cybersecurity tools, some smaller, more innovative companies have been gaining ground and may be a threat to incumbent players. Smaller businesses typically deal with less corporate bureaucracy and thus, often are quick to market with innovative solutions. Many legacy companies, on the other hand, have been slow to respond to the changing landscape of threats, which is one reason about half of all attacks go undetected.6
The growth potential of the nimble, non-listed companies in the cybersecurity space has not gone unnoticed by investors. So far in 2018, there has been about $2 billion of financing across 165 transactions, and 84 M&A deals worth $3.8 billion.7 Much of that activity has involved the smaller, private companies that constitute the vast majority of the 3,000 companies in the cybersecurity sector. In addition, more of the funding referenced above has been directed at companies in the expansion stage rather than to startups in need of seed capital.8 This reflects a gradual maturing of the sector and a wider opportunity set for private investors.
Because the cybersecurity sector is inhabited largely by private companies, it is difficult for most individual investors to gain exposure. There are exchange-traded funds focused on cybersecurity, but they have little-to-no access to the unlisted firms that dominate the space. To invest in up-and-coming players, qualified investors can invest in venture capital firms that provide capital for early-stage cybersecurity businesses. Another option is to take a stake in a private growth fund, which invests in more established, expansion-minded enterprises.
As investors consider the opportunities presented by the burgeoning cybersecurity market, they should know that the potential to achieve solid, long-term profits likely would come with the higher volatility endemic to rapidly evolving sectors.
For ideas on how to incorporate these views in a way that is suitable for you, we invite you to contact your J.P. Morgan representative.
2Gemalto and Privacy Rights Clearing House data, 2018.
4Goldman Sachs Global Investment Research, December 2017.
5FactSet, October 2018.
6J.P. Morgan North America Equity Research, May 2018.
7J.P. Morgan Securities LLC, July 2018.
8PwC, CB Insights Money Tree Report, Q2 2018.
Learn more about becoming a J.P. Morgan Private Bank client.
Please tell us about yourself, and our team will contact you.
This material is for information purposes only, and may inform you of certain products and services offered by J.P. Morgan’s wealth management businesses, part of JPMorgan Chase & Co. (“JPM”). Please read all Important Information.
General risks and considerations
Any views, strategies or products discussed in this material may not be appropriate for all individuals and are subject to risks. Investors may get back less than they invested, and past performance is not a reliable indicator of future results. Asset allocation does not guarantee a profit or protect against loss. Nothing in this material should be relied upon in isolation for the purpose of making an investment decision. You are urged to consider carefully whether the services, products, asset classes (e.g. equities, fixed income, alternative investments, commodities, etc.) or strategies discussed are suitable to your needs. You must also consider the objectives, risks, charges, and expenses associated with an investment service, product or strategy prior to making an investment decision. For this and more complete information, including discussion of your goals/situation, contact your J.P. Morgan representative.
Certain information contained in this material is believed to be reliable; however, JPM does not represent or warrant its accuracy, reliability or completeness, or accept any liability for any loss or damage (whether direct or indirect) arising out of the use of all or any part of this material. No representation or warranty should be made with regard to any computations, graphs, tables, diagrams or commentary in this material, which are provided for illustration/reference purposes only. The views, opinions, estimates and strategies expressed in this material constitute our judgment based on current market conditions and are subject to change without notice. JPM assumes no duty to update any information in this material in the event that such information changes. Views, opinions, estimates and strategies expressed herein may differ from those expressed by other areas of JPM, views expressed for other purposes or in other contexts, and this material should not be regarded as a research report. Any projected results and risks are based solely on hypothetical examples cited, and actual results and risks will vary depending on specific circumstances. Forward-looking statements should not be considered as guarantees or predictions of future events.
Nothing in this document shall be construed as giving rise to any duty of care owed to, or advisory relationship with, you or any third party. Nothing in this document shall be regarded as an offer, solicitation, recommendation or advice (whether financial, accounting, legal, tax or other) given by J.P. Morgan and/or its officers or employees, irrespective of whether or not such communication was given at your request. J.P. Morgan and its affiliates and employees do not provide tax, legal or accounting advice. You should consult your own tax, legal and accounting advisors before engaging in any financial transactions.
IMPORTANT INFORMATION ABOUT YOUR INVESTMENTS AND POTENTIAL CONFLICTS OF INTEREST
Conflicts of interest will arise whenever JPMorgan Chase Bank, N.A. or any of its affiliates (together, “J.P. Morgan”) have an actual or perceived economic or other incentive in its management of our clients’ portfolios to act in a way that benefits
J.P. Morgan. Conflicts will result, for example (to the extent the following activities are permitted in your account): (1) when J.P. Morgan invests in an investment product, such as a mutual fund, structured product, separately managed account or hedge fund issued or managed by JPMorgan Chase Bank, N.A. or an affiliate, such as
J.P. Morgan Investment Management Inc.; (2) when a J.P. Morgan entity obtains services, including trade execution and trade clearing, from an affiliate; (3) when J.P. Morgan receives payment as a result of purchasing an investment product for a client’s account; or (4) when J.P. Morgan receives payment for providing services (including shareholder servicing, recordkeeping or custody) with respect to investment products purchased for a client’s portfolio. Other conflicts will result because of relationships that J.P. Morgan has with other clients or when J.P. Morgan acts for its own account.
Investment strategies are selected from both J.P. Morgan and third-party asset managers and are subject to a review process by our manager research teams. From this pool of strategies, our portfolio construction teams select those strategies we believe fit our asset allocation goals and forward-looking views in order to meet the portfolio's investment objective.
As a general matter, we prefer J.P. Morgan managed strategies. We expect the proportion of J.P. Morgan managed strategies will be high (in fact, up to 100 percent) in strategies such as, for example, cash and high-quality fixed income, subject to applicable law and any account-specific considerations.
While our internally managed strategies generally align well with our forward-looking views, and we are familiar with the investment processes as well as the risk and compliance philosophy of the firm, it is important to note that J.P. Morgan receives more overall fees when internally managed strategies are included. We offer the option of choosing to exclude J.P. Morgan managed strategies (other than cash and liquidity products) in certain portfolios.
Legal entity, brand and regulatory information
In the United States, bank deposit accounts and related services, such as checking, savings and bank lending, are offered by JPMorgan Chase Bank, N.A. Member FDIC.
JPMorgan Chase Bank, N.A. and its affiliates (collectively “JPMCB”) offer investment products, which may include bank-managed investment accounts and custody, as part of its trust and fiduciary services. Other investment products and services, such as brokerage and advisory accounts, are offered through J.P. Morgan Securities LLC (“JPMS”), a member of FINRA and SIPC. JPMCB and JPMS are affiliated companies under the common control of JPM. Products not available in all states.
In the United Kingdom, this material is issued by J.P. Morgan International Bank Limited (“JPMIB”) with the registered office located at 25 Bank Street, Canary Wharf, London E14 5JP, registered in England No. 03838766. JPMIB is authorized by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. In addition, this material may be distributed by JPMorgan Chase Bank, N.A. (“JPMCB”), Paris branch, which is regulated by the French banking authorities Autorité de Contrôle Prudentiel et de Résolution and Autorité des Marchés Financiers or by J.P. Morgan (Suisse) SA, which is regulated in Switzerland by the Swiss Financial Market Supervisory Authority (FINMA).
In Hong Kong, this material is distributed by JPMCB, Hong Kong branch. JPMCB, Hong Kong branch is regulated by the Hong Kong Monetary Authority and the Securities and Futures Commission of Hong Kong. In Hong Kong, we will cease to use your personal data for our marketing purposes without charge if you so request. In Singapore, this material is distributed by JPMCB, Singapore branch. JPMCB, Singapore branch is regulated by the Monetary Authority of Singapore. Dealing and advisory services and discretionary investment management services are provided to you by JPMCB, Hong Kong/Singapore branch (as notified to you). Banking and custody services are provided to you by JPMCB Singapore Branch. The contents of this document have not been reviewed by any regulatory authority in Hong Kong, Singapore or any other jurisdictions. You are advised to exercise caution in relation to this document. If you are in any doubt about any of the contents of this document, you should obtain independent professional advice.
With respect to countries in Latin America, the distribution of this material may be restricted in certain jurisdictions. Receipt of this material does not constitute an offer or solicitation to any person in any jurisdiction in which such offer or solicitation is not authorized or to any person to whom it would be unlawful to make such offer or solicitation. To the extent this content makes reference to a fund, the Fund may not be publicly offered in any Latin American country, without previous registration of such fund´s securities in compliance with the laws of the corresponding jurisdiction. Public offering of any security, including the shares of the Fund, without previous registration at Brazilian Securities and Exchange Commission—CVM is completely prohibited. Some products or services contained in the materials might not be currently provided by the Brazilian and Mexican platforms.
In Australia, J.P. Morgan Chase Bank, N.A. (JPMCBNA) (ABN 43 074 112 011/AFS Licence No: 238367) is regulated by the Australian Securities and Investment Commission and the Australian Prudential Regulation Authority. J.P. Morgan Securities LLC (JPMS) is a registered foreign company (overseas) (ARBN 109293610) incorporated in Delaware, U.S.A. Under Australian financial services licensing requirements, carrying on a financial services business in Australia requires a financial service provider, such as JPMCBNA and JPMS, to hold an Australian Financial Services Licence (AFSL), unless an exemption applies. JPMS is exempt from the requirement to hold an AFSL under the Corporations Act 2001 (Cth) (Act) in respect of financial services it provides to you, and is regulated by the SEC, FINRA and CFTC under US laws, which differ from Australian laws. Material provided by JPMCBNA and/or JPMS in Australia is to “wholesale clients” only. The information provided in this material is not intended to be, and must not be, distributed or passed on, directly or indirectly, to any other class of persons in Australia. For the purposes of this paragraph the term “wholesale client” has the meaning given in section 761G of the Act. Please inform us immediately if you are not a Wholesale Client now or if you cease to be a Wholesale Client at any time in the future.
References to “J.P. Morgan” are to JPM, its subsidiaries and affiliates worldwide.
“J.P. Morgan Private Bank” is the brand name for the private banking business conducted by JPM.
This material is intended for your personal use and should not be circulated to or used by any other person, or duplicated for non-personal use, without our permission. If you have any questions or no longer wish to receive these communications, please contact your J.P. Morgan representative.
© 2018 JPMorgan Chase & Co. All rights reserved. PB-18-DE-2297
INVESTMENT PRODUCTS ARE: • NOT FDIC INSURED • NOT A DEPOSIT OR OTHER OBLIGATION OF, OR GUARANTEED BY, JPMORGAN CHASE BANK, N.A. OR ANY OF ITS AFFILIATES • SUBJECT TO INVESTMENT RISKS, INCLUDING POSSIBLE LOSS OF THE PRINCIPAL AMOUNT INVESTED
Bank deposit products, such as checking, savings and bank lending and related services are offered by JPMorgan Chase Bank, N.A. Member FDIC. Not a commitment to lend. All extensions of credit are subject to credit approval.