Hugh Lam
5 minutes reading time
Cybersecurity remains a strong, structural investment thematic as ongoing geopolitical tensions creates a backdrop of uncertainty among businesses, governments and individuals all across the world.
This has only been accelerated by the rise of advanced technologies like AI, which while has the potential to unlock major productivity benefits, is also being exploited by adversaries to attack critical network systems and infrastructure. For example, the Czech Republic’s National Cyber and Information Security Agency (NUKIB) attributed a cyberattack targeting its critical infrastructure to a China-linked cyberespionage group APT31 earlier in May this year1.
Together, these developments are driving organisations globally to develop more robust and advanced defence measures. Worldwide cybersecurity spending is expected to see sustained growth, reaching US$373 billion by 2028 according to the International Data Corporation (IDC).
Source: IDC Worldwide Security Spending Guide (July 2024), Gartner Worldwide IT Spending (October 2024). Actual results may differ materially from forecasts.
This amount is not only large in magnitude but is highly defensible in nature with Chief Information Officers surveyed by Morgan Stanley viewing security as the category least likely to get cut in an economic downturn.
Source: Morgan Stanley 2Q25 CIO Survey. Percentage of total responses.
Beyond AI, we are seeing this supportive spending backdrop driving a pickup in dealmaking activity within the cybersecurity industry including Palo Alto’s US$25 billion acquisition of CyberArk in late July, and Google’s US$32 billion all-cash acquisition of Wiz in March earlier this year.
Private equity firms also have a lot of dry powder to deploy with reports2 from S&P Global Market Intelligence estimating that amount to be around $2.62 trillion USD (as at July 2024).
These firms are becoming increasingly attracted to the cybersecurity industry given its growth potential and recurring revenue models which tend to be sticky in nature (i.e., firms are unlikely to cut spending on security even during market downturns).
Looking forward, we continue to monitor the evolving M&A environment, particularly as enterprises look to streamline their operations and consolidate the number of security software licenses they have with various vendors.
Businesses are simplifying the management of their security infrastructure by reducing the number of software licenses they have with various vendors. The goal here is to centralise data from different sources, allowing for enhanced visibility, accuracy and speed in identifying threats.
This consolidation theme will likely support the larger cybersecurity companies, a number of which have been acquiring smaller companies that offer specialised solutions which they can then integrate on existing platforms.
Source: Bloomberg and Tradar. As at 27 June 2025. Merger and acquisitions of companies in the Nasdaq Consumer Technology Association Cybersecurity Index.
Finally, we see the cybersecurity theme remaining supported by rising national defence budgets, reflecting its importance in modern warfare and national security.
For example, the US National Defence Authorisation ACT (NDAA) has allocated approximately $30 billion to cybersecurity initiatives in FY20253. And as part of NATO’s total defence spending target of 5%, 1.5% of that would be related to “defence-related outlays” which includes spending on cybersecurity.
All of these factors together have helped drive substantial acquisition activity over the last year, including:
- Google’s US$32 billion acquisition of cloud security startup Wiz (March 2025)
- Cisco’s US$28 billion acquisition of Splunk (March 2024)
- Thoma Bravo’s US$5.3 billion acquisition of Darktrace (October 2024)
- Mastercard’s US$2.65 billion acquisition of Recorded Future (December 2024)
- CyberArk’s US$1.54 billion acquisition of Venafi (October 2024)
Investment Implications
In a world mired by rising geopolitical tensions and uncertainty, HACK Global Cybersecurity ETF provides a simple way for Australian investors to gain exposure to the growing global cybersecurity sector.
HACK has benefited from strong M&A activity occurring in the cybersecurity industry with 28 portfolio companies having been taken over since the fund’s inception.
Over the 5 year period to 29 August 2025, HACK has returned 18.0% p.a. * and includes key holdings such as Broadcom, CrowdStrike, Palo Alto Networks, Cisco and Infosys4.
Future results are inherently uncertain. The information above may include opinions, views, estimates, projections, assumptions and other forward-looking statements which are, by their very nature, subject to various risks and uncertainties. Actual events or results may differ materially, positively or negatively, from those reflected or contemplated in such forward-looking statements. Forward-looking statements are based on certain assumptions which may not be correct. You should therefore not place undue reliance on such statements. Betashares does not undertake any obligation to update forward-looking statements to reflect events or circumstances after the date such statements are made or to reflect the occurrence of unanticipated events.
There are risks associated with an investment in HACK, including market risk, cybersecurity companies risk, concentration risk and currency risk. Investment value can go up and down. The Fund’s returns can be expected to be more volatile (ie vary up and down) than a broad global exposure. An investment in the Fund should only be considered as a part of a broader portfolio, taking into account your particular circumstances, including your tolerance for risk. For more information on risks and other features of the Fund, please see the Product Disclosure Statement and Target Market Determination, both available on this website.
* Past performance is not an indicator of future performance. See the Fund’s webpage at www.betashares.com.au for further performance information.
Sources:
1. https://securityaffairs.com/181976/intelligence/czech-cyber-agency-nukib-flags-chinese-espionage-risks-to-critical-infrastructure.html ↑
2. https://www.spglobal.com/market-intelligence/en/news-insights/articles/2024/7/private-equity-dry-powder-growth-accelerated-in-h1-2024-82385822 ↑
3. https://www.csoonline.com/article/3632164/us-military-allocated-about-30-billion-to-spend-on-cybersecurity-in-2025.html ↑
4. No assurance is given that these companies will remain in HACK’s portfolio or will be profitable investments. ↑
