With cybersecurity challenges set to keep mounting, investing into the area seems a sensible move, not least because it offers asset owners a potential inside track to protecting themselves.

But Asia-based investors looking to do so face several hurdles, in addition to the high current valuations, something Singapore state investor Temasek is well aware of.

One issue is simply a deluge of possibilities; there are just too many products in the marketplace.

Yeoh Keat Chuan, managing director with the enterprise development group at Temasek, said the cybersecurity product space is especially crowded, and many companies “all claim to be able to do the same thing”.

Yeoh Keat Chuan, Temasek

“Every cybersecurity company claims to have AI [artificial intelligence] and ML [machine learning] capabilities, but what’s the differentiation?” Yeoh added.

This also translates to a fragmented industry, in which investors have trouble identifying which companies have the most sophisticated security technologies, said Stephen Seow, the founder of Singapore Consultancy.

Another issue that could trouble institutional investors stems from data sensitivity.

Richard Tan, a portfolio specialist for Asia at investment consultancy Mercer, said: “I would imagine more thoughtful asset owners would weigh beforehand any potential implications that may arise should the targeted cybersecurity firm they invest in transact with end-consumers who may be considered sensitive, such as the military."

In an industry that processes sensitive information daily, it’s not unheard of to see private equity deals that have political implications.

US-based BlackRock Private Equity Partners took additional stakes in phishing defence solutions company Cofence in August from former investor Pamplona, a reportedly Russia-linked private equity firm. 

According to anonymous sources, the deal aimed to “strip Pamplona’s foreign backers of any ability to influence Cofense or gain access to sensitive information held by the company”, reported Private Equity News. On that and other AsianInvestor queries, BlackRock declined to comment.

CYBER INSIGHTS

Despite the investment challenges, cybersecurity assets can play a multi-pronged role in portfolios.

For Temasek, they serve to generate more than just investment returns. Having cybersecurity solutions and intelligence readily available allows the government institution to assess such risks in its due diligence processes for future investments.

“As an asset owner, we wanted to make sure that our portfolio companies have access to the high-quality cybersecurity solutions that they need,” Yeoh said. “As we look at new investment opportunities, we think that cybersecurity is a risk factor that should be evaluated and taken into consideration."

Through investing in cybersecurity companies in the US and Israel, Temasek has also been able to draw on talents outside of Singapore, and has gathered further insights into the industry by committing to cybersecurity-focused venture capital funds.

“The [venture capital] funds give us insights into what are the latest technology trends, what are promising products companies, [and] whether we should be combining and integrating them into our cybersecurity platform,” Yeoh said. 

Two companies that are on the platform that it has built, Sygnia and Claroty, were established with the help of cybersecurity venture firm Team8, he told AsianInvestor

A PERENNIAL CHALLENGE 

For asset owners in Asia and other parts of the world, investing in cybersecurity offers a helpful way of getting up to speed on how to implement it. 

It certainly makes sense to do so. The cost of such crimes amounted to $13 million on average last year, a 12% increase from 2017, according to consultancy Accenture’s 2019 Cost of Cybercrime Study.

And the problem is likely to get worse. 

Hank Thomas,
Strategic Cyber Ventures

“There’s no other industry out there for institutional investors where there’s a global network of people, mostly criminal and spies, constantly working to defeat the products that currently exist,” said Hank Thomas, co-founder and chief executive of US investment firm Strategic Cyber Ventures.

Worse still, digital integrity in Asia Pacific is generally weak. According to a report by cybersecurity firm FireEye, the median number of days for breaches to go undetected last year was 204. That’s almost three times the 71 days for the Americas. That’s bad for asset owners, be it directly or for the Asian companies into which they invest. 

With a gaping workforce gap that’s set to widen to 1.5 million job openings by 2019, the world’s cybersecurity industry is facing challenges that will stick around for the foreseeable future. Cyber attackers are only likely to grow bolder and smarter.

Temasek aside, few Asian asset owners show signs of taking these issues sufficiently seriously. They should seek to change that – to improve their protection and, potentially, their returns.

This article was adapted from a feature on cybersecurity that appeared in AsianInvestor's Autumn 2019 edition.