The introduction of new technologies in our everyday lives is increasing exponentially. The financial sector is no exception. Customers expect to get service anywhere, any time and on any device. In order for these new technologies to be used, they must be trustworthy. One of the conditions for being trustworthy is to be secure. The financial sector is most often targeted by criminals, loses most when breached, but underinvests in security. We believe this will change quickly, which creates investment opportunities.
Although developments in some parts of security (especially on the cyber side) are still in an early stage, valuations of companies in this area have already peaked. Many companies with exposure to the theme have rich valuations, as shown by the characteristics of security ETFs like HACK US or CIBR US. Currently it is hard to pinpoint clear winners.
In our investment analysis, we work with a corporate governance checklist to assess how far financial institutions are in terms of security. Several financials have already started to implement security solutions such as biometrics, advanced persistence threat detection and cybersecurity insurance. Although progress has been made, we see challenges for companies that are lagging behind, especially due to new regulations. Few senior executives have enough technical background to understand the underlying dynamics of security risks, and there is a more general lack of qualified personnel. Big structural changes are required, but as with many changes, it first needs to get worse before there is a feeling of urge to change.
In order for a financial institution to be well positioned it must have a strategy to be secure, vigilant and resilient with regard to security. Secure means reacting to currently known threats and making sure that the underlying application- and system security are up to date. Being vigilant implies being able to react quickly to new threats and continuously search for unfound breaches. The focus of resilience is to minimize damage once a breach has occurred and to develop a clear roadmap on how to respond to security issues. It goes without saying that we prefer financial companies with a clear strategy for being secure, vigilant and resilient.
Another way of looking at the theme from an investment perspective is to search for companies that are best positioned to supply financial institutions with the required security solutions. Within the preventive aspect it is important to have scale because of the commodity-like nature of the product offering. The products and services that are being offered are reasonably similar and price is the biggest differentiator. Within the vigilance aspect it is important to have a top-of-class product or service and price is less relevant. Offering unique solutions to deal with advanced threats is at the core of the companies in this segment, but there are no clear winners. Solutions for being resilient are still early stage. Companies that offer products and services to become resilient to security risks are no pure-plays. We see interesting developments here, but no pure-play investment opportunities, yet.
The security theme is broad and there is not just one correct way of approaching investment opportunities. Many of the companies we identified have exposure to almost all industries. Within the financial sector a lot of the basic infrastrucure to be installed is the same as in other industries, but there are also parts of the industry that require a more specialized approach. It is important to have a good understanding of the specific underlying mechanisms and risks, especially within payments.
L’information publiée dans les pages de ce site internet est plus particulièrement destinée aux investisseurs professionnels.
Certains fonds mentionnés dans le site peuvent ne pas être autorisés à la commercialisation en France par l’Autorité des Marchés Financiers. Les informations ou opinions exprimées dans les pages de ce site internet ne représentent pas une sollicitation, une offre ou une recommandation à l’achat ou à la vente de titres ou produits financiers. Elles n’ont pas pour objectif d’inciter à des transactions ou de fournir des conseils ou service en investissement. Avant tout investissement dans un produit Robeco, il est nécessaire d’avoir lu au préalable les documents légaux tels que le document d’information clé pour l’investisseur (DICI), le prospectus complet, les rapports annuels et semi-annuels, qui sont disponibles sur ce site internet ou qui peuvent être obtenus gratuitement, sur simple demande auprès de Robeco France.