By ODDO BHF AM

Cyberattacks: we are witnessing an acceleration in history

Target in 2013 (when dozens of millions of bank cards were hacked), Equifax in 2017 (three months that ruined the reputation of the US credit bureau), SolarWinds in 2020 (18,000 organisations were reported hit, including Microsoft and Cisco) and so on and so forth – the history of the 21st century had already been marked by a number of attention-grabbing cyberattacks. And yet, in this first quarter of 2022, we seem to have moved up a notch. In almost the same week, we learned that: 1) Toyota, the giant automaker, had decided to shut down its Japanese production facilities (with a total daily capacity of 13000 vehicles) when one of its subcontractors reported that it had fallen victim to a cyberattack; 2) the US semiconductor leader, Nvidia , revealed that a virus attack of unknown origin had paralysed its decision-making centre (without any apparent impact on production); and 3) from the moment the Russo-Ukrainian war broke out, Ukrainian government information systems were paralysed by cyberattacks, of which there is little doubt about the origin.

A constantly growing market

Growth by US cybersecurity companies (whose reach is actually global) is not only not slowing but, in fact, has crossed upward through several thresholds in a row. Year-on-year growth in billings by the main US cybersecurity providers has risen from a range of 15/20% in 2019 to 20/25% in 2020 and to 25%/32% in 2021, according to Morgan Stanley . Global companies are keenly aware of the importance of cybersecurity, and there is a boom in cybersecurity needs as they move parts of their IT systems into the public cloud, especially with the increased use of remote-working. We expect the next leg of growth to come from the US federal government (estimated at about USD 20bn by Morgan Stanley ) and, more generally, from governments amidst the uncertain geopolitical environment we are now facing.

The fund’s exposure to cybersecurity

Our portfolio of about 40 stocks currently includes two cybersecurity stocks: 1) Fortinet (which we have held for several years now) is a firewall leader that also managed to position itself first in SD-WAN protection (a form of private network used heavily by companies having several websites); this has earned it a long series of high-growth quarters; Fortinet is gaining market share structurally due to pricing that is attractive (in comparison to its direct competitors), given the quality of its solutions; 2) Zscaler, which we acquired more recently, is a flagship zero-trust company; zero-trust is an approach to security that addresses companies’ underlying issues in moving parts of their IT systems onto the public cloud. Zscaler is one of the few “rule of 70” US companies (i.e., the sum of its organic sales growth and its operating margin amount to at least 70). At its latest quarterly presentation, the group showed the market that its next stage of growth will be US federal government agencies, a market that it has thus far hardly penetrated.

By the way, why bring cybersecurity into an artificial intelligence fund?

Cybersecurity in all its forms (endpoint, firewall, SASE, identity management, zero-trust; etc.) is making growing use of artificial intelligence and machine learning to detect attempted intrusions, which continue to grow in number and sophistication. The ultimate stage is likely to be quantum computers or neuromorphic computation, which could probably “crack” the most solid information systems. The only defence then will be AI-based cybersecurity tools. Cybersecurity publishers such as Sentinel One (US) and DarkTrace (UK) have placed artificial intelligence at the heart of their detection systems.