Understanding the Growing Investment Opportunity in Cyber Security

Introduction

It is hard to overstate the growing importance of cyber security. In 2023, American companies collectively invested approximately $188 billion in information security and risk management products and services.¹  In July of 2023, the White House published the National Cybersecurity Strategy Implementation Plan, which highlighted 65 high-impact Federal initiatives, ranging from combating cyber crimes to building a skilled cyber workforce.² The pace of change will likely accelerate given the recent advancements in artificial intelligence, creating opportunities for companies that can deliver solutions to individuals, corporations, and government agencies.

Defining Cyber Security and its Importance

Broadly speaking, cyber security refers to the efforts made to protect networks, systems, devices, and data from theft, damage, unauthorized access, and criminal use.³ It is important because cyber risks are continuously present in our modern-day technology driven world. On a personal level, we are all familiar with the risks associated with phishing scams and identity theft. The organizations we work with face threats from hackers and ransomware, and governments around the world worry about cyber-attacks from terrorists and extortionists. These risks are now part of everyday life, and they ebb and flow as solutions are developed and new threats appear. The cyber security industry is very dynamic as highlighted by looking at past and anticipated future trends.  

In recent years, there has been a growing interdependence between cyber security and cloud technologies, and as more businesses move to the cloud, this will continue to grow. The Gartner Group estimated cloud-related cyber security revenue grew 26.8% in 2023.⁴

In 2024, Zero Trust Network Access (ZTNA) is expected to be one of the fastest growing segments in network security according to Gartner, following 31% growth in 2023. ZTNA requires every user and device attempting to access resources to be verified, regardless of their location. Artificial intelligence presents a potential powerful tool to combat cyber risks, but as noted by Forbes, “artificial intelligence and machine learning will play an increasingly prominent role in cyber-attacks in 2024. Expect cybercriminals to leverage AI and ML to automate their capabilities, making attacks more sophisticated and adaptive.”^[5]

The cyber security industry’s reach continues to expand as a vast number of devices need to be protected with hardware, software, and services needed by consumers, businesses, and governments. To capture this opportunity set, the Syntax Cyber Security Index was developed to identify companies that provide exposure to companies involved in cyber security software development, hardware manufacturing, and services.

A unique feature of the Index is that exposures to the cyber security industry are measured at the product line level using Syntax's proprietary Functional Information System (FIS)®.  This industry classification system draws primarily from audited annual reports (e.g., 10-K filings) and secondarily from unaudited documents (e.g., news articles, company websites). To provide insight into how FIS® structures data, Exhibit 2 highlights the business exposure of Fortinet Inc., one of the ten largest holdings of the Index, with a weight of 4.4% as of February 29th, 2024.

Fortinet can be considered a cyber security “pure-play” given 100% of its revenue is tied to cyber security, with roughly 60% of its revenue tied to Software (AI-Enabled Cloud Security Software for Business and Government) and 40% to Hardware (Security Equipment for Cloud Networks, Outsourced, Sold Through Distributor). This level of detail supports index construction and transparency into the underlying index constituents. As an additional benefit, this enables Syntax to group companies into thematic lenses that provide another level of understanding beyond traditional sectors.

Exhibit 2: Fortinet Inc. Revenue By Sector and Product Line

‍

‍

Syntax Cyber Security Index Construction

The Index is constructed from the Syntax 3000 universe, which is representative of the broad U.S. domestic equity market. The Index presently holds 40 publicly traded companies, though up to 50 companies are permitted under the index construction rules. The Index applies screens for purity of exposure to cyber security revenues, liquidity, and size. Eligible securities are designed as either pure-play (at least 50% of revenue from cyber security-related activities) or as diversified. Pure-play companies are allocated 80% of the weight of the Index, with each pure-play constituent weighted by thematic exposure-modified equal-weight. Diversified companies are allocated 20% of the weight of the Index, with each diversified company equally weighted. The result is an index that allocates larger weight to companies that earn more of their revenues from cyber security-related themes while including larger conglomerates that may have a large volume of cyber security business despite being diversified.

‍

Business Exposures

The primary goal of the Index is to provide exposure to the three main segments of the cyber security industry: software, hardware, and services. To do this, we have created a Cyber Security Lens which aggregates the product line weights of the constituents of the Index into these categories. Exhibit 3 shows as of February 29th, the Index has 74% of its weight in business activities directly related to cyber security.

While 74% of the Index is dedicated to cyber security, the non-cyber security exposure comes in large part from cyber security-adjacent activities offered by conglomerates.  Of the remaining 26%, 15.9% is allocated to the Information Tools sector, which consists of software, hardware and integrated circuits (excluding cyber security-related activities in these segments, which count toward the 74% cyber security alignment). The Information sector is the next largest at 7.3%, including business activities in Commercial Information Services (such as consulting and IT service firms) and firms who have business lines in Internet Services and Websites. There is a small amount of exposure (2.9%) to companies that have product lines that are classified in the Industrial Sector.

‍

Components of Syntax’s Cyber Security Lens

‍

Exhibit 3: Syntax Cyber Security Index Sector Exposures as of 2.29.2024

‍

When looking at the entire Index, roughly 65% is invested in Software, with 53% related specifically to cyber security. The rest of the Index is largely a balanced mix of cyber security hardware and services, and other adjacent technology.

Top 10 Holdings

The top 10 holdings represent approximately 43% of the Index. Exhibit 4 identifies these constituents, their weight in the Index, and the percentage of total revenue represented by each company’s largest product line.

‍

Exhibit 4: Top 10 Holdings of the Syntax Cyber Security Index with % of Revenue from Largest Product Line

Performance

The  Index is designed to provide long-term capital appreciation tied to the growth of the cyber security industry. To assess the effectiveness of the Index, we conducted a backtest from March 2013 through the Index’s December 16, 2022, inception date. Including live performance from inception through February 29, 2024, Exhibit 4 shows the growth of a hypothetical $1,000 investment in the Index and the S&P 500.

‍

Exhibit 5: Hypothetical Growth of $1,000 Investment

The Index posted an annualized since inception return of 19.62% vs 13.53% for the S&P 500. This 6.09 annual percentage point out performance produces an ending value of the Index of $7,122 compared to $4,017 for the S&P 500, a 77% cumulative difference.

Conclusion

This paper highlights the growing importance of the cyber security industry as companies seek to apply technology to combat the evolving nature of cyber risk. Syntax uses company product line data to construct an index that provides exposure to companies involved with cyber security software, hardware, and services, prioritizing companies that earn more revenue from cybersecurity activities. As of February 29th, the Index had 72% of its holdings dedicated to cyber security, and 97% of the Index was in technology focused sectors (inclusive of the 72% cyber security allocation). The performance analysis highlighted the Index’s strong performance relative to the S&P 500, reflecting the growth in cyber security relative to the broad market. In summary, the cyber security industry, poised for substantial growth fueled by technological advancements, increasing cyber threats, and the need for robust protection across various sectors, presents a great opportunity for investors.

‍

¹ Cybersecuritydive.com: security-spending-balloons

² Carahsoft: National Cybersecurity Strategy Implementation Plan

³ Cybersecurity Explained: What It Is & 12 Reasons Cybersecurity is Important (secureframe.com)

⁴ Venturebeat.com: 2023-cybersecurity-forecasts-zero-trust-cloud-security-will-top-spending

⁵ Forbes.com: navigating-the-cybersecurity-landscape-in-2024

‍

About Syntax

Syntax LLC is a financial data and technology company that codifies business models. Syntax operates through three segments: Company Data, Wealth Technology, and Financial Indices. Using its patented FIS® technology inspired by systems sciences, the Company Data segment offers the most comprehensive, granular, and accurate product line revenue data available on the market. The Wealth Technology segment then uses this abundance of data to facilitate the instantaneous creation and ongoing management of direct indexing solutions and rules-based equity portfolios through a fully automated platform. The Financial Indices segment enables Syntax to deliver customized and proprietary indices, including core global benchmarks and micro- and macro-thematic, smart beta, defined outcome, and target volatility indices. These indices are foundational for a range of financial products, such as ETFs, UITs, and structured products. Learn more at www.syntaxdata.com.

Important Disclaimers

This document is for informational purposes only and is not intended to be, nor should it be construed or used as an offer to sell, or a solicitation of any offer to buy, any security. Additionally, the information herein is not intended to provide, and should not be relied upon for, legal advice or investment recommendations. You should make an independent investigation of the matters described herein, including consulting your own advisors on the matters discussed herein. In addition, certain information contained in this informational piece has been obtained from published and non-published sources prepared by other parties, which in certain cases have not been updated through the date hereof. While such information is believed to be reliable for the purpose used in this informational piece, such information has not been independently verified by Syntax and Syntax does not assume any responsibility for the accuracy or completeness of such information. Syntax LLC, its affiliates and their independent providers are not liable for any informational errors, incompleteness, or delays, or for any actions taken in reliance on information contained herein. Charts and graphs are provided for illustrative purposes only. Syntax®, Stratified®, Stratified Indices®, Stratified-Weight™, Stratified Benchmark Indices™, Stratified Sector Indices™, Stratified Thematic Indices™, Affinity® and Locus® are trademarks or registered trademarks of Syntax, LLC and its affiliate Locus LP.

Past performance is no guarantee of future results. All performance presented prior to the inception date is backtested performance. Backtested performance is not actual performance but is hypothetical. The inception date of the Syntax Cyber Security Index was December 16, 2022. The backtest calculations for Index is based on the same methodology that was in effect when the index was officially launched. Back-tested data may reflect the application of the index methodology with the benefit of hindsight, and the historic calculations of an index may change from month to month based on revisions to the underlying economic data used in the calculation of the index.

Index performance does not represent actual fund or portfolio performance and such performance does not reflect the actual investment experience of any investor. An investor cannot invest directly in an index. In addition, the results actual investors might have achieved would have differed from those shown because of differences in the timing, amounts of their investments, and fees and expenses associated with an investment in a portfolio invested in accordance with an index. None of the Syntax Indices or the benchmark indices portrayed herein charge management fees or incur brokerage expenses, and no such fees or expenses were deducted from the performance shown; provided, however, that the returns of any investment portfolio invested in accordance with such indices would be net of such fees and expenses. Additionally, none of such indices lend securities, and no revenues from securities lending were added to the performance shown.

This presentation and the information herein may not be reproduced (in whole or in part), distributed or transmitted to any other person without the prior written consent of Syntax. Distribution of Syntax data and the use of Syntax indices to create financial products requires a license with Syntax and/or its licensors. Investments are not FDIC insured, may lose value and have no bank guarantee.