As much more of our lives are carried out online, protecting personal or corporate data from theft continues to offer opportunities for investment.
Several businesses are finding possible ways to safeguard this growing area of the economy and Enhancing digital security is a key theme across our Sustainable Future funds for many years. This theme has become ever-more important with a number of high-profile breaches recently resulting in growing concerns about how private data is managed and the new European General Data Protection Regulation coming into force on 25 May this year. This involves companies to prove they do know where information is held and who has access to it, as well as introduces stricter rules on security and processing.
From a scale perspective, it is important to note this regulation does not just apply to EU businesses but to the company holding European data – and also the penalties for non-compliance are considerable, with fines up to EUR20bn or 4% of revenue, whichever is higher.
| Key requirements under GDPR: |
| Increased rights for data subjects, the authority to “be forgotten” and data portability |
| Software developed with security in mind |
| Pseudonymisation or encryption of private data |
| Secure processing of data |
Initial research from Ernst & Young suggests that 1 / 2 of relevant companies won't be fully compliant with requirements by the deadline, suggesting the regulation ought to be a catalyst for higher IT spending in Europe within the long-term.
Areas set to benefit include vulnerability management, security analytics, identity and data protection technologies, and storage software.
Although we have seen many organisations allocating additional spending to comply with GDPR, a great proportion of the money looks set to become channelled towards external advisory services, benefiting companies with greater involvement in this area. But when half of companies are not yet prepared, we believe there may be also an increase in demand for cyber security products.
Our GDPR focus is twofold: we keep looking for businesses benefiting from the Enhancing digital security trend but because most of the companies within our Funds have to adhere to the regulations, it's also become a key engagement issue.
Initial research this past year showed corporate disclosure on this issue was limited and that we continue to measure the level of preparedness among our holdings. Smaller companies with fewer resources could be at significant risk, for example, given the potential fines and lack of consumer trust.
In charge as much as the GDPR deadline, we've been investigating other opportunities one of the growing number of companies innovating in the digital security space. This spans a broad range of businesses, involving analysis of vendors, master data management companies and larger systems integrators and consultants with a high percentage of revenues coming from products exposed to digital security growth.
Current holdings with exposure to this include pure-play security software providers for example Sophos in the united kingdom and Splunk in the US.
Sophos provides it security and knowledge protection products, offering protection against viruses, malware, spyware, intrusions, unwanted applications, spam, policy abuse and data leakage. Splunk develops web-based application software that collects and analyses data generated by websites, applications, servers, networks and cellular devices and it is products can be used alongside traditional digital security products to better assess threats, incidents and responses.