Targeting the Human Element: The Vanguard of Cyber Defense
Insight by Shaul Eyal and Hugh Cunningham, CFA, CAIA
THE COWEN INSIGHT
The Human Element causes at least 75% of cyber breaches, according to a new study by Cowen Research and Boston Consulting Group. Protecting this vulnerability is a priority for cybersecurity & information security, a $161B market growing at 10% annually. Cowen reviewed leading technologies deployed to thwart Human Element exploits and believes this space warrants greater investor attention.
Human Element Vulnerabilities in Cybersecurity
We believe effective cybersecurity & information security capabilities constitute the core requirement for modern computing. Human Element vulnerabilities are those rooted in human characteristics, such as being prone to deceptive communications or to typing errors. We believe that by monitoring Human Element technology developments, investors may uncover promising investment opportunities.
Cowen worked with the Head of the Cybersecurity Practice at Boston Consulting Group to better understand cyber technology, cyber risks, and available solutions. Solutions include, for example, email protection (email is the most common attack vector), and security training (often underfunded). Leading technologies deployed include zero trust network architecture, secure access service edge, artificial intelligence, and machine learning.
Cybersecurity & Information Security Market
Cybersecurity & Information Security generate $161B in annual revenue, growing at 10%, on pace to reach $194B by 2024E. We believe the proportion of revenue/earnings growth from the Human Element will expand over the next few years.
During 2021, this space drove ~$53B in M&A activity and ~$22B in venture funding. We expect the proportion of M&A and venture funding generated by Human Element players to increase. Absent a significant transformation in computing, we see no potential downside related to Human Element trends
Key Catalysts to Monitor
Catalysts to monitor can be categorized into two primary groups. The first includes threat environment factors: Human Element involvement in aggregate malicious Internet activity, in high-profile breaches, and in thwarted major attacks. The second includes development/funding activities: Human Element related new product introductions, corporate deal-making, and private funding activity.