How to invest in firms profiting from the growth of cyber attacks – Telegraph.co.uk

The list of high-profile cyber-security breaches has been growing rapidly, and the firms that aim to stop such attacks are growing impressively.

The recent attack on Parliament and the “ransomware” demands that affected the NHS in May are among the latest in a string of assaults.

Businesses that could benefit from increased awareness of the dangers include those that provide hardware and software to keep information secure and those that consult on where organisations may be at risk.

These fledgling sectors of the economy are growing rapidly. Their revenues are estimated to be rising by about 11pc a year, and between 2017 and 2021 global spending on cyber security is expected to exceed $1 trillion (£780bn).

For investors who want to buy a slice of this potential, there are several options.

An exchange-traded fund (ETF) exists that invests solely in these companies. The ETFS ISE Cyber Security Go ETF was floated in September 2015 and since then has returned 33.4pc.

Although impressive, this is some way shy of both global stocks, which have risen by 49.2pc, and the global technology sector, which has gained an astonishing 67.9pc.

So far this year the ETF, whose annual charge is 0.75pc, has risen by 10.6pc. Unsurprisingly, the fund has attracted a great deal of interest from investors, who have put £128m into it so far this year, including £70m since the ransomware attack in May.

Given that the ETF has assets of only £200m in total, it’s fair to say that it’s a hot investment right now. Most of the money has come from professionals such as wealth managers.

Howie Li, the head of Canvas, an ETF provider, said those who were investing now were buying into a very long-term growth story: “Technology is transforming the way we live and operate in our daily lives and the risk to our identity and online profile is only going to increase.”

On top of these trends, EU legislation that comes into force next year (called the “General Data Protection Regulation”) is driving companies’ investment in cyber security. 

The regulation gives firms 72 hours to disclose that they have been subject to a data breach once they have discovered it, a move that brings Europe into line with the United States. 

The penalties for negligence in protecting personal information are severe: fines of up to 4pc of annual global turnover or €20m (£17.5m), whichever is larger.

Mr Li said the new EU law was a “huge stick” that would motivate companies.

“I believe that there are a lot more unreported than reported hacks and attacks. What you don’t want as a listed company are concerns around data protection, particularly given how damaging it can be for a company’s reputation,” he said.

Given how new this industry is, most of the companies in the ETF are small: 43pc of the holdings are smaller companies, while 38pc are medium-sized, and the remaining 19pc are larger players.

Mr Li said the smaller firms in particular were ripe for takeovers by technology firms that hadn’t established their own presence in the cyber-security market.

America is in the vanguard of the broader technology sector and it is no different here, with around 70pc of cyber-security companies based there. The US is followed by Israel (10.4pc), Japan (6.5pc) and Britain (5.9pc).

However, the ETF’s largest holding is London-listed Sophos, which accounts for 5.5pc of the fund.

The company, based in Oxfordshire, is one of the global leaders in security software. It lists the NHS as one of its biggest accounts.

Its share price has soared since the cyber attack on the health service, rising by more than 30pc since the beginning of May.

One risk of investing in these firms is that they, as well as the organisations under attack, can be embarrassed when a cyber-security breach happens.

After the NHS attack Sophos quickly changed the boast on its website that “the NHS is totally protected with Sophos” to “Sophos understands the security needs of the NHS”. 

Nick Evans, the manager of the £1.3bn Polar Capital Technology investment trust and £1.2bn Polar Capital Global Technology fund and one of the world’s leading active investors in technology, said he believed in the dynamics driving growth in the sector.


Three investment philosophies for buying and selling shares


Three investment philosophies for buying and selling shares


02:34


“Cyber and physical security remains a top spending priority for businesses,” he said. “We are seeing benefits from combining the adoption of ‘cloud computing’ and an increased focus on data security.”

However, he highlighted the risks of investing too narrowly.

He said: “When investing in a single sector there will always be a trade-off between potential returns and the risk of big losses. Technology is a fast-moving sector and new technologies often wipe out existing and legacy companies.”

This has been reflected in the volatility of the Cyber Security Go ETF. It has been around 30pc more volatile than the global technology index, which in turn has been 16pc more volatile than the UK stock market as a whole.

The ETF is quoted on the London Stock Exchange under the rather appropriate ticker symbol ISPY.

Although the shares are quoted in sterling, many of the underlying holdings are denominated in dollars, so investors are exposed to exchange rate movements; there is no currency “hedging”.