The cybersecurity market is expected to grow to around US$350 billion by 2029, according to Global X.

With increasing reliance on digital ecosystems making people, businesses and governments vulnerable to exponential growth in cyber threats, investment strategist Billy Leung highlighted the growing appeal of this megatrend.

“If you look at the last 12 months or even the last 24 months, technology has clearly been one of the key drivers of the US global indices,” Leung told InvestorDaily.

So far, however, semiconductors and hardware have largely underpinned technology's market dominance – software, on the other hand, has lagged global indices.

"After a year or two of mega-dominance on the technology side, I think right now there might be some opportunistic spin to the laggards, which is software," he said, with cybersecurity a significant part of that market.

Global X's proprietary cybersecurity ETF, BUGG, has returned 32.9 percent over the past 12 months.

At the launch of the ETF, CEO Evan Metcalfe said cyber security is a matter of personal, organizational and national security.

"Australians saw first-hand during the major Medibank and Optus data breaches how devastating cyber-attacks and hacking can be," Metcalfe said.

And now that global economies are headed for, or pointing to, a lower interest rate environment, Leung believes the theme is poised to gain even more.

"As we enter a cycle of interest rate cuts, it also means that we are very likely to enter a cycle of low growth," the investment strategist told InvestorDaily.

“What we've found empirically and historically is that this is actually good for companies with more consistent earnings. If you look at the software names, they tend to have much more consistent revenue, mainly because a lot of their earnings are recurring.”

Furthermore, cybersecurity is likely to remain insulated from growing geopolitical risks.

"When there are tariffs or trade wars, this is a segment that doesn't interfere ... no tariffs, no sanctions on software," Leung said.

“They mostly benefit from domestic or even domestic growth in the US. So that's something that's going to be very resilient to US geopolitics and politics.

But beyond the macro view, Leung opined that the rapidly growing awareness of the role cybersecurity plays in our society makes a compelling case in itself.

Namely, of the five largest security breaches in history, based on estimated financial damage, three of them occurred in the last three years, according to data from Global X.

"We're seeing more breaches and we're seeing bigger ones, so I think there's a growing awareness," Leung said, adding that increased data traffic and activity from e-commerce and social media are exacerbating the risk.

He noted that the moment is especially ripe for the cybersecurity sector as it is about to go through a "refresh cycle." Just as mobile devices need to be replaced every few years, the investment strategist explained, cybersecurity software also requires regular updates.

"We're now entering a period or close to entering a refresh cycle or a replacement cycle and that's where the key players will typically benefit."

"I'm looking at Authonet, CrowdStrike, Checkpoints in Palo Alto -- that's the longer-term theme," Leung said.

Approaching the 'tipping point'

Earlier this year, Leung explained that the cumulative impact of numerous small incidents and breakthrough innovations is poised to catalyze significant growth for cybersecurity, creating a "thousand pieces of paper" effect.

“What is happening now is that there is a lack of awareness or inaction on both the corporate and investment side. These are global numbers, but in terms of ransomware attacks, they actually increased by 70 percent in 2023. and this is one of the highest increases in the past,” he said in July.

"If you look at the average cost of each cybersecurity breach, it's actually gone from $3 million per breach to over $4 million over the last eight years, and yet global cybersecurity spending has remained at about 6 percent of total IT spending." "

In this context, Leung believes that firms are fast approaching the "tipping point" before they start raising investment towards this burgeoning technology trend.

“I always say that, especially in terms of subject matter and innovation, we're waiting for the thousandth paper cut. One paper cut doesn't hurt, but when you get that thousandth paper cut, it really starts to hurt,” he said.

Cybersecurity investments have also been affected on the policy front, he pointed out, with the US Securities and Exchange Commission now requiring public companies to disclose material cybersecurity incidents they experience and, on an annual basis, material information about managing cybersecurity risk , strategy and management.

"I think this is a really big step in terms of encouraging and incentivizing companies to spend more on cybersecurity."