In fact, we can think of cyber security as a huge iceberg. Its depths span everything from stopping hardware attacks to servers (ensuring foreign governments don’t have access to your national communications infrastructure), to medical and military applications. As individuals, however, most of us only interact with the annoying tip. That’s the bit that asks us to remember and change dozens of passwords.

How much cyber security does the world need?

Being so deeply rooted in electronics, the internet and the digital economy, cyber security has many growth vectors. But what is the extent of the demand for it? How much should any given country spend on it? Roughly speaking, the answers to these questions are a function of the number of ‘tech users’, how many devices they have, how much time they spend on them and how significant the implications of a security breach are. Let’s look a little more closely at these factors in turn.

We tend to use the word ‘users’ in two contexts: technology and narcotics. My nephew’s predilection for Fortnite demonstrates that linguistic coincidence is rather apt. He can, however, work a digital tablet more deftly that I ever could. Increasingly, a bigger proportion of the population will be ‘digital natives’. Meanwhile, in emerging markets, lower entry costs, the 5G roll-out and growing consumption power all point to more tech users.

I’m reminded of the last time I went to buy kitchen appliances. Having renovated a house recently, I was in the market for several. Forgive me for sounding like a luddite – but does a hob extractor hood really need to be wifi connected? What are the use-cases for being able to turn on an oven when you’re out of the house? We are still in the early days of the ‘Internet of Things’. In many cases these are solutions looking for a problem to fix. But as connectivity becomes cheaper and interfaces better, the idea of a fridge that orders milk when I run out might tempt me.

I’ve also been reflecting on my personal technology usage. When I was a child, we had a single shared family Windows ’95 PC. In my early teens I had a Nokia 3210, which was for emergencies only. Now, I have a digital device in nearly every size and format – a total of 7 that can access the internet and that’s in spite of the fact I haven’t yet seen the need for a watch that tells me what’s happening on my phone. Likewise, I now use my phone for nearly all financial transactions. I only keep cash around for rare occasions involving a broken machine or a taxi driver.

Getting better connected Does this seem like a familiar story? It’s a clear sign that on the consumer side the volume of connectivity is growing (users x devices x frequency x value). The narrative is no different for companies or governments - UK government IT projects aside, perhaps. It is rare that a week passes without mention of a state-level hack, or a breach of company security. But while plane crashes make the news, we tend to hear little of those that land. So it is with cyber security. Cyber breaches tend to remind us that cyber security can be like protecting a piece of land. While you need to have a lot of intact fencing to keep people out, they only need to find one hole to get in. To a company, the cost of that one hole can be enormous, so preventing it justifies bigger, more expensive fences.

What COVID-19 means for cyber security

We believe that the COVID-19 outbreak has accelerated existing cyber security trends. Lockdown has forced many people to start shopping online and they have grown more comfortable with the idea. Anyone who ventured out Christmas shopping will have noticed that restrictions necessarily sucked a bit of the fun out of it. Likewise, working from home (WFH) is no longer the preserve of the few. With no commuting and the ability to multi-task during meetings, many employees can now be more productive. I think my average lunch break has dropped to about 15 minutes. While we look forward to full reopening with relish, ‘lockdown risk’ and potential cost savings are likely to see WFH, workplace automation and use of technology increase. And so too will demand for cyber security.

If demand increases as we expect, we believe there are companies positioned to benefit at various points along the value chain. These include software providers, IT consultancy firms, hardware manufacturers and even telecommunications companies. In order to capture this growth within some of our multi-asset strategies, we first do a qualitative assessment. This helps us to identify the universe of potential beneficiaries. We then use quantitative methods to filter these down to a subset that we think look most appealing. Periodically, we review the basket to capture the latest news and data. This is one of several active, thematic strategies we are employing to enable our clients to access the strongest areas of growth.