Cybersecurity Is Hot—But Did It Ever Cool Off?

Investors in 2020 and 2021 have become familiar with somewhat of a natural “ebb” and “flow” to the performance of different megatrends. Positive performance is always preferred, but the risk of being “too positive” is that investors begin to think they “missed it” or that a “correction is around the corner.” With broad benchmarks continually flirting with new record highs in early November 2021, these are natural concerns. 

Can a Business Exist Without Cybersecurity?

A question for anyone reading this blog post: step back and think, would you do business—any business—with a firm that does not have a cybersecurity strategy of some kind in 2021? 

Even with all of the advancements in technology seen across the globe, cybersecurity remains a notoriously difficult space for the more positive forces to triumph clearly over nefarious actors. Consider the case of SolarWinds:

Since May 2021, the hackers responsible for the SolarWinds attack have targeted more than 140 technology companies. It is rarely the case that such attacks have a 0% success rate—sometimes techniques as simple as guessing user passwords or phishing emails are enough to get them the access that they seek. It’s possible that Russia is seeking long-term, systematic access to a variety of points in the technology supply chain.¹ 

It’s also important to consider that true “fixes” take time. The publicity of the SolarWinds attack was getting into full swing roughly one year ago, and yet it was only during the first week of November 2021 that the Biden Administration ordered U.S. federal agencies to patch hundreds of cybersecurity vulnerabilities. These actions covered about 200 known security flaws that were discovered between 2017 and 2020, and an additional 90 that were discovered in 2021.²

Focusing on the Future of Cybersecurity

WisdomTree benefits from working with expert partners on many of its megatrend approaches. Within cybersecurity, WisdomTree works with Team8, a venture firm with strong expertise in cybersecurity and featuring a leadership team that includes a former director of the NSA and Unit 8200. 

While it’s difficult to believe that people would question the importance of cybersecurity, it is far from a certainty which companies or services will have the most growth or adoption. Team8 developed a list of seven critical themes within cybersecurity that they expect will define the types of services that should have the best chance of future success. Those seven themes are:

• Smarter Security: Investors should think of the intersection between technologies related to artificial intelligence ("AI") and machine learning, and how these technologies can be used to enhance security in digital systems.
  
  
• Resilience and Recovery: Investors should think of the fact that no security is ever 100% effective, so strategies must exist for possible recovery after a hack.
  
  
• Cloud Security: In a world where employees demand to “work from anywhere,” more people are using cloud software than ever before. If not done carefully, this creates many vulnerabilities.
  
  
• Perimeterless World: It used to be that the network was centered upon an office or a set location. The world of 2021, more and more, is location-independent with respect to software, networks and data.
  
  
• Shift-Left: The proliferation of the “app economy” has been incredible, making it more and more critical for developers to think about security at every phase of application development rather than as an afterthought after all the development is done. Developers should learn from and predict how sophisticated attacks, like SolarWinds, could be implemented, building in efforts to defend against them inside of the digital infrastructure.
  
  
• Privacy and Digital Trust: If a digital business effort loses “trust,” it could lose everything. Did the company formerly known as Facebook inspire “trust”? Does Apple? Does Amazon? Every company needs to consider this and also align with accepted practices across the globe, which are not always the same. 
  
  
• Security of Things: More and more devices are becoming “software-enabled.” The car is one of the most recent examples, and many automakers are seeking to benefit from subscription revenues. Anytime there is another device that is internet-enabled, that is another point of data collection and transmission, and it must be secured. 

October 2021 Was a Strong Month

As WisdomTree considers the cybersecurity space, it is clear that October 2021 was a month where many of these specific businesses broke out positively in terms of share price performance. 

Quarter to date, The WisdomTree Cybersecurity Fund (WCBR) is one of WisdomTree’s top performing strategies—it has returned 17.4%, outperforming growth, tech and cybersecurity benchmark indexes including the Nasdaq 100 Index (11.3%), S&P 500 Information Technology Index (+12.5%), Nasdaq CTA Cybersecurity Index (+14.4%) and NYSE FactSet Global Cyber Security Index (+12.1%).³ 

The primary themes covered were “Smarter Security,” “Cloud Security,” “Perimeterless World” and “Security of Things.” Team8 refreshes their take on individual cybersecurity businesses on a semiannual basis, and one of the most interesting considerations regards which themes will evolve into more significant exposures. 

We always remind investors that with the potential for outsized growth and outsized returns comes the possibility for higher risk. Focusing on the future usually means smaller or newer companies. However, we keep coming back to the fact that, thinking rationally, cybersecurity should be one of the biggest considerations for any business, globally, in 2021. It’s merely a question of which services or companies will seize on this market.  

¹ Source: Robert McMillan and Dustin Volz, “SolarWinds Hackers Continue to Hit Technology Companies, Says Microsoft,” The Wall Street Journal, 10/25/21. 
² Source: Dustin Volz, “Biden Administration Orders Federal Agencies to Fix Hundreds of Cyber Flaws,” The Wall Street Journal, 11/3/21. 
³ Source: WisdomTree. WCBR performance at NAV. Performance for the period 9/30/21–11/8/21. You cannot invest directly in an index.