The introduction of new technologies in our everyday lives is increasing exponentially. The financial sector is no exception. Customers expect to get service anywhere, any time and on any device. In order for these new technologies to be used, they must be trustworthy. One of the conditions for being trustworthy is to be secure. The financial sector is most often targeted by criminals, loses most when breached, but underinvests in security. We believe this will change quickly, which creates investment opportunities.
Although developments in some parts of security (especially on the cyber side) are still in an early stage, valuations of companies in this area have already peaked. Many companies with exposure to the theme have rich valuations, as shown by the characteristics of security ETFs like HACK US or CIBR US. Currently it is hard to pinpoint clear winners.
In our investment analysis, we work with a corporate governance checklist to assess how far financial institutions are in terms of security. Several financials have already started to implement security solutions such as biometrics, advanced persistence threat detection and cybersecurity insurance. Although progress has been made, we see challenges for companies that are lagging behind, especially due to new regulations. Few senior executives have enough technical background to understand the underlying dynamics of security risks, and there is a more general lack of qualified personnel. Big structural changes are required, but as with many changes, it first needs to get worse before there is a feeling of urge to change.
In order for a financial institution to be well positioned it must have a strategy to be secure, vigilant and resilient with regard to security. Secure means reacting to currently known threats and making sure that the underlying application- and system security are up to date. Being vigilant implies being able to react quickly to new threats and continuously search for unfound breaches. The focus of resilience is to minimize damage once a breach has occurred and to develop a clear roadmap on how to respond to security issues. It goes without saying that we prefer financial companies with a clear strategy for being secure, vigilant and resilient.
Another way of looking at the theme from an investment perspective is to search for companies that are best positioned to supply financial institutions with the required security solutions. Within the preventive aspect it is important to have scale because of the commodity-like nature of the product offering. The products and services that are being offered are reasonably similar and price is the biggest differentiator. Within the vigilance aspect it is important to have a top-of-class product or service and price is less relevant. Offering unique solutions to deal with advanced threats is at the core of the companies in this segment, but there are no clear winners. Solutions for being resilient are still early stage. Companies that offer products and services to become resilient to security risks are no pure-plays. We see interesting developments here, but no pure-play investment opportunities, yet.
The security theme is broad and there is not just one correct way of approaching investment opportunities. Many of the companies we identified have exposure to almost all industries. Within the financial sector a lot of the basic infrastrucure to be installed is the same as in other industries, but there are also parts of the industry that require a more specialized approach. It is important to have a good understanding of the specific underlying mechanisms and risks, especially within payments.
Please read this important information before proceeding further. It contains legal and regulatory notices relevant to the information contained on this website.
The information contained in the Website is NOT FOR RETAIL CLIENTS - The information contained in the Website is solely intended for professional investors, defined as investors which (1) qualify as professional clients within the meaning of the Markets in Financial Instruments Directive (MiFID), (2) have requested to be treated as professional clients within the meaning of the MiFID or (3) are authorized to receive such information under any other applicable laws. The value of the investments may fluctuate. Past performance is no guarantee of future results. Investors may not get back the amount originally invested. Neither Robeco Institutional Asset Management B.V. nor any of its affiliates guarantees the performance or the future returns of any investments. If the currency in which the past performance is displayed differs from the currency of the country in which you reside, then you should be aware that due to exchange rate fluctuations the performance shown may increase or decrease if converted into your local currency.
In the UK, Robeco Institutional Asset Management B.V. (“ROBECO”) only markets its funds to institutional clients and professional investors. Private investors seeking information about ROBECO should visit our corporate website www.robeco.com or contact their financial adviser. ROBECO will not be liable for any damages or losses suffered by private investors accessing these areas.
In the UK, ROBECO Funds has marketing approval for the funds listed on this website, all of which are UCITS funds. ROBECO is authorized by the AFM and subject to limited regulation by the Financial Conduct Authority. Details about the extent of our regulation by the Financial Conduct Authority are available from us on request.
Many of the protections provided by the United Kingdom regulatory framework may not apply to investments in ROBECO Funds, including access to the Financial Services Compensation Scheme and the Financial Ombudsman Service. No representation, warranty or undertaking is given as to the accuracy or completeness of the information on this website.
If you are not an institutional client or professional investor you should therefore not proceed. By proceeding please note that we will be treating you as a professional client for regulatory purposes and you agree to be bound by our terms and conditions.