Cybersecurity is National Security

Please note: This article was originally published on www.wisdomtree.com.

Cyber risk is one of few tangible threats that we experience on an individual, national, and global level all at once. The WisdomTree Cybersecurity Fund (WCBR) provides investors with targeted exposure to the businesses at the forefront of fortifying our networks and system. It is based on the WisdomTree Team8 Cybersecurity Index, a first-of-its-kind index geared towards tracking innovations in cyber security made by public companies which it does by leveraging data from cybersecurity experts and global venture group, Team8. The fund just completed its April 2021 rebalance (done semi-annually) with six additions at this rebalance cycle, and an average year-over-year growth rate of 43%.

Commenting on the growth in cyber security and the importance of being able to differentiate between solutions, Admiral Michael Rogers, Operating Partner, Team8, explains: “Cyber security has been catapulted to the top of mind for the executive suite in recent years, accelerated by the pandemic. The cost of security for organizations contrasts with the relative low costs for cyber attackers. As such, firms that are prioritizing cybersecurity solutions that provide smart, cost-effective ways to reduce, mitigate, or even prevent cyber attacks is key. Inevitably, as we move to an increasingly digital world, these options are game-changers in safeguarding our society and digital future.”

The changes made to the portfolio reflect the latest trends in cybersecurity, including the continued focus and evolution in the Security of Things, greater attention to injecting security throughout the development lifecycle, and growth in ransomware protection.

WCBR Turnover and Fundamentals

WCBR had 6 additions at this rebalance cycle, with an average year-over-year growth rate of 43%. This subset of companies is internationally listed (across the United States, Canada, and the United Kingdom) with focuses on data protection and management or network and endpoint security.

The fund had three removals, including Proofpoint, McAfee, and FireEye. Proofpoint was acquired by private equity firm Thoma Bravo at a 34% acquisition premium.^[1] Meanwhile, McAfee and FireEye were removed after their trailing revenue growth fell below the necessary threshold for current constituents of 5%.

Approximately 25% of the fund’s weight was turned over with no single current constituent experiencing a weight change significantly above 2%.

These changes brought the constituent count of the fund up to 28 companies from 25. The weighting mechanism behind WCBR assigns overweight exposure to companies that are exhibiting both fast revenue growth and involvement in an array of cybersecurity themes, which helped drive an increase in the weighted average trailing-twelve-month growth rate to 32.4% from 28.1%.

Major cyber security attacks can bring about the greatest cybersecurity innovations, and we expect the last 6 months of cybersecurity to be no different.  We leverage Team8’s cybersecurity industry knowledge, our cyber domain experts, our diverse community of C-level executives and CISOs from Fortune 1000’s, and the latest market and technology developments to track the evolution of cybersecurity themes driving growth in the industry.  Several developments we’ve been seeing include:

• Security of Things – The endpoint, though perhaps one of the oldest security categories, continues to evolve with better behavioral anomaly detection, across more environments, and with more context from richer threat intelligence. Beyond traditional endpoints such aslaptops and servers, lately there is also an increased focus on the security of physical supply chains and critical infrastructure such as oil, transportation, or food companies, as recent attacks have demonstrated just how brittle some of our most important infrastructure can be and the consequences they can have on our broader supply chain.
• Shift-Left – With the rise in software supply chain attacks in particular, we’re seeing even greater attention go into injecting security throughout the development lifecycle, further bridging the gap between developers and security professionals. This can be seen with an increased focus on container/workload and application security solutions or solutions that help automate and orchestrate the SDLC and patch management; static application security testing (SAST), which analyzes source code to identify vulnerabilities; and an overall deeper integration of security into the CI/CD pipeline. As more security professionals learn to code, and more developers learn to implement security functionality, we will see the barriers between these team structures break down and the security bottlenecks shift with it.
• Resilience & Recovery – Ransomware has become a household word as cyber attackers fundamentally evolve their strategies from just stealing data or manipulating systems to business disruption and data extortion, which can sometimes be even more devastating for the victim and even easier for the attacker to monetize their crimes. This has led to the introduction of new government security directives and has spurred an increased focus on ransomware protection, data backup and disaster recovery, and business continuity solutions that can help companies get back to business in the face of a total system lockout or mission-critical system downtime. As the resilience “playbook” continues to develop, so too will the regulation and the various components of the toolbox to support it.

Cyber security as a government priority

Cybersecurity is an escalating and complex challenge requiring an equally robust and coordinated defense, which is why cybersecurity is one of the U.S. administration’s highest priorities. President Biden recently held a cybersecurity summit with a range of private sector companies as a call-to-action to establish a public-private partnership to protect against malicious cyber activity.

Representatives from technology, insurance, education, and critical infrastructure were present at the summit, including some of the nation’s largest companies like Google, Amazon, Apple, Microsoft, IBM, ADP, JP Morgan, Bank of America, and Travelers.

The meeting covered a range of topics focused on fortifying our critical infrastructure, driving better cybersecurity practices, and increasing the cybersecurity workforce. The key outcome from the meeting was the announcement of substantial commitments and initiatives aimed at bolstering the nation’s cybersecurity, a few of which we highlight below:

• Microsoft committed to invest $20bn over 5 years to accelerate efforts to integrate cybersecurity in product design. The company made $150mn immediately available in technical services to help federal, state, and local governments upgrade their security protection, and is expanding partnerships with community colleges and non-profits for cybersecurity training.
• Google is investing $10bn over 5 years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security. The company will also help 100,000 Americans earn industry-recognized digital skills certificates.
• Apple is establishing a new program to drive continuous security improvements throughout the technology supply chain. The program will help drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.
• IBM will train 150,000 people in cybersecurity skills over the next three years, and will partner with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers to grow a more diverse cyber workforce.
• Amazon will make available to the public at no charge the security awareness training it offers its employees. Amazon will also make available to all Amazon Web Services account holders at no additional cost, a multi-factor authentication device to protect against cybersecurity threats like phishing and password theft.

A Historic Opportunity for the Cybersecurity Industry

“Cybersecurity is a national security and economic security imperative for the Biden Administration and we are prioritizing and elevating cybersecurity like never before.”^[2]

This statement from the White House and the commitments from the private sector signify the important role that the cybersecurity industry will play in both the public and private sectors going forward.

Fortifying Your Portfolio with Differentiated Cybersecurity Exposure

Investors may not have any exposure to companies captured in WCBR – the fund provides differentiated exposures relative to broad-based benchmark indexes, which allocate at most 1% of their weight to the companies held in WCBR.^[3]

To gain targeted exposure to the companies we view as having the highest exposure to critical cybersecurity trends, with the greatest potential for future growth we recommend investors consider adding WCBR to their portfolio.

[1] https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-enters-definitive-agreement-be-acquired-thoma-bravo-123-billion

[2] https://www.whitehouse.gov/briefing-room/statements-releases/2021/08/25/fact-sheet-biden-administration-and-private-sector-leaders-announce-ambitious-initiatives-to-bolster-the-nations-cybersecurity/

[3] Source: WisdomTree, FactSet, S&P Global, FTSE Russell, Nasdaq. As of 6/31/2021 the S&P 500, S&P 500 Growth, Nasdaq 100, Russell 1000 Growth, and S&P 500 Information Technology Indexes held 0.1%, 0.2%, 0.4%, 1.1%, and 0.5% of their weight in the companies held in WCBR.

This article represents the opinions of Team8 Labs Inc. (“Team8”) and is for informational purposes only. You should not treat any opinion expressed by Team8 as a specific inducement to make an investment in any security, but only as an expression of Team8’s opinions. Team8’s statements and opinions are subject to change without notice. Team8 is not registered as an investment adviser under the Investment Advisers Act of 1940, as amended (the “Advisers Act”), and relies upon the “publishers’ exclusion” from the definition of investment adviser under Section 202(a)(11) of the Advisers Act. As such, the information contained in this article does not take into account any particular investment objectives, financial situation or needs and is not intended to be, and should not be construed in any manner whatsoever as, personalized investment advice.  The information in this article is provided for informational and discussion purposes only and is not intended to be, and shall not be regarded or construed as, a recommendation for a transaction or investment or financial, tax, investment or other advice of any kind by Team8. You should determine on your own whether you agree with the information contained in this article. Certain of the securities referenced in this article may currently, or from time to time, be constituents of an index developed and maintained by WisdomTree Investments, Inc. using data provided by Team8, which has been or will be licensed for a fee to [one or more] investment funds. In addition, certain officers or employees of Team8 or funds or other persons or entities affiliated or associated with Team8 may hold shares of, be officers or directors of, or otherwise be associated with some or all of the issuers of the securities referenced in this article or included in such index. Team8 expressly disclaims all liability with respect to any act or omission taken based on, and makes no warranty or representation regarding, any of the information included in this article.