Cybersecurity Is Hot—But Did It Ever Cool Off?
Investors in 2020 and 2021 have become familiar with somewhat of a natural “ebb” and “flow” to the performance of different megatrends. Positive performance is always preferred, but the risk of being “too positive” is that investors begin to think they “missed it” or that a “correction is around the corner.” With broad benchmarks continually flirting with new record highs in early November 2021, these are natural concerns.
Can a Business Exist Without Cybersecurity?
A question for anyone reading this blog post: step back and think, would you do business—any business—with a firm that does not have a cybersecurity strategy of some kind in 2021?
Even with all of the advancements in technology seen across the globe, cybersecurity remains a notoriously difficult space for the more positive forces to triumph clearly over nefarious actors. Consider the case of SolarWinds:
Since May 2021, the hackers responsible for the SolarWinds attack have targeted more than 140 technology companies. It is rarely the case that such attacks have a 0% success rate—sometimes techniques as simple as guessing user passwords or phishing emails are enough to get them the access that they seek. It’s possible that Russia is seeking long-term, systematic access to a variety of points in the technology supply chain.1
It’s also important to consider that true “fixes” take time. The publicity of the SolarWinds attack was getting into full swing roughly one year ago, and yet it was only during the first week of November 2021 that the Biden Administration ordered U.S. federal agencies to patch hundreds of cybersecurity vulnerabilities. These actions covered about 200 known security flaws that were discovered between 2017 and 2020, and an additional 90 that were discovered in 2021.2
Focusing on the Future of Cybersecurity
WisdomTree benefits from working with expert partners on many of its megatrend approaches. Within cybersecurity, WisdomTree works with Team8, a venture firm with strong expertise in cybersecurity and featuring a leadership team that includes a former director of the NSA and Unit 8200.
While it’s difficult to believe that people would question the importance of cybersecurity, it is far from a certainty which companies or services will have the most growth or adoption. Team8 developed a list of seven critical themes within cybersecurity that they expect will define the types of services that should have the best chance of future success. Those seven themes are:
- Smarter Security: Investors should think of the intersection between technologies related to artificial intelligence ("AI") and machine learning, and how these technologies can be used to enhance security in digital systems.
- Resilience and Recovery: Investors should think of the fact that no security is ever 100% effective, so strategies must exist for possible recovery after a hack.
- Cloud Security: In a world where employees demand to “work from anywhere,” more people are using cloud software than ever before. If not done carefully, this creates many vulnerabilities.
- Perimeterless World: It used to be that the network was centered upon an office or a set location. The world of 2021, more and more, is location-independent with respect to software, networks and data.
- Shift-Left: The proliferation of the “app economy” has been incredible, making it more and more critical for developers to think about security at every phase of application development rather than as an afterthought after all the development is done. Developers should learn from and predict how sophisticated attacks, like SolarWinds, could be implemented, building in efforts to defend against them inside of the digital infrastructure.
- Privacy and Digital Trust: If a digital business effort loses “trust,” it could lose everything. Did the company formerly known as Facebook inspire “trust”? Does Apple? Does Amazon? Every company needs to consider this and also align with accepted practices across the globe, which are not always the same.
- Security of Things: More and more devices are becoming “software-enabled.” The car is one of the most recent examples, and many automakers are seeking to benefit from subscription revenues. Anytime there is another device that is internet-enabled, that is another point of data collection and transmission, and it must be secured.
October 2021 Was a Strong Month
As WisdomTree considers the cybersecurity space, it is clear that October 2021 was a month where many of these specific businesses broke out positively in terms of share price performance.
Quarter to date, The WisdomTree Cybersecurity Fund (WCBR) is one of WisdomTree’s top performing strategies—it has returned 17.4%, outperforming growth, tech and cybersecurity benchmark indexes including the Nasdaq 100 Index (11.3%), S&P 500 Information Technology Index (+12.5%), Nasdaq CTA Cybersecurity Index (+14.4%) and NYSE FactSet Global Cyber Security Index (+12.1%).3
The primary themes covered were “Smarter Security,” “Cloud Security,” “Perimeterless World” and “Security of Things.” Team8 refreshes their take on individual cybersecurity businesses on a semiannual basis, and one of the most interesting considerations regards which themes will evolve into more significant exposures.
We always remind investors that with the potential for outsized growth and outsized returns comes the possibility for higher risk. Focusing on the future usually means smaller or newer companies. However, we keep coming back to the fact that, thinking rationally, cybersecurity should be one of the biggest considerations for any business, globally, in 2021. It’s merely a question of which services or companies will seize on this market.
1 Source: Robert McMillan and Dustin Volz, “SolarWinds Hackers Continue to Hit Technology Companies, Says Microsoft,” The Wall Street Journal, 10/25/21.
2 Source: Dustin Volz, “Biden Administration Orders Federal Agencies to Fix Hundreds of Cyber Flaws,” The Wall Street Journal, 11/3/21.
3 Source: WisdomTree. WCBR performance at NAV. Performance for the period 9/30/21–11/8/21. You cannot invest directly in an index.
Important Risks Related to this Article
There are risks associated with investing, including possible loss of principal. The Fund invests in cybersecurity companies, which generate a meaningful part of their revenue from security protocols that prevent intrusion and attacks to systems, networks, applications, computers, and mobile devices. Cybersecurity companies are particularly vulnerable to rapid changes in technology, rapid obsolescence of products and services, the loss of patent, copyright and trademark protections, government regulation and competition, both domestically and internationally. Cybersecurity company stocks, especially those which are internet related, have experienced extreme price and volume fluctuations in the past that have often been unrelated to their operating performance. These companies may also be smaller and less experienced companies, with limited product or service lines, markets or financial resources and fewer experienced management or marketing personnel. The Fund invests in the securities included in, or representative of, its Index regardless of their investment merit and the Fund does not attempt to outperform its Index or take defensive positions in declining markets. The composition of the Index is heavily dependent on quantitative and qualitative information and data from one or more third parties, and the Index may not perform as intended. Please read the Fund’s prospectus for specific details regarding the Fund’s risk profile.
Performance is historical and does not guarantee future results. Current performance may be lower or higher than quoted. Investment returns and principal value of an investment will fluctuate so that an investor’s shares, when redeemed, may be worth more or less than their original cost. Holdings and standardized performance data for the most recent quarter and month-end is available at https://www.wisdomtree.com/etfs/megatrends/wcbr.
WisdomTree shares are bought and sold at market price (not NAV) and are not individually redeemed from the Fund. Total Returns are calculated using the daily 4:00pm EST net asset value (NAV). Market price returns reflect the midpoint of the bid/ask spread as of the close of trading on the exchange where Fund shares are listed. Market price returns do not represent the returns you would receive if you traded shares at other times.
Christopher Gannatti began at WisdomTree as a Research Analyst in December 2010, working directly with Jeremy Schwartz, CFA®, Director of Research. In January of 2014, he was promoted to Associate Director of Research where he was responsible to lead different groups of analysts and strategists within the broader Research team at WisdomTree. In February of 2018, Christopher was promoted to Head of Research, Europe, where he will be based out of WisdomTree’s London office and will be responsible for the full WisdomTree research effort within the European market, as well as supporting the UCITs platform globally. Christopher came to WisdomTree from Lord Abbett, where he worked for four and a half years as a Regional Consultant. He received his MBA in Quantitative Finance, Accounting, and Economics from NYU’s Stern School of Business in 2010, and he received his bachelor’s degree from Colgate University in Economics in 2006. Christopher is a holder of the Chartered Financial Analyst designation.