Why Cybersecurity is an Evergreen Investment Opportunity


Sometimes I talk with an investor who has the opinion that consumers’ increasing complacence around their online privacy and security means that cybersecurity is an industry with relatively muted upside compared with other areas of tech. However, the primary customers of the cybersecurity industry are businesses, not individuals, and the number of high-profile cyber incidents in 2021 has been noteworthy (e.g. the Colonial Pipeline ransomware attack, the log4j vulnerability, and a $600 million theft from the crypto platform “Poly Network”, to name just a few). This motivates the question: is cybersecurity a good investment?

Legal compliance, brand image, and theft prevention motivate almost every medium and large company to purchase cybersecurity services. Every technology advancement results in more complex systems that generate a need for even more advanced cybersecurity tools, which means cybersecurity is a good long-term investment.

Consider the situation from first principles. Cybersecurity is security for software systems. Software systems are built using modular design. Every module in a software system has the potential to compromise the entire system’s security if the module is itself insecure or if it is incorporated into the system via an insecure attachment method. That means that a software system’s potential to have a security flaw might scale roughly linearly with the size of the system’s codebase. However, that is the smaller problem. The larger problem is that every module or composite piece of software has the potential to interact with other modules or pieces of software, even if the two aren’t really intended to be used together. The number of interactions between pairs of modules grows polynomially with the number of modules, and the number of joint interactions among arbitrary sets of modules grows exponentially with the number of modules. In non-math terms, this essentially means the number of ways a security flaw can be introduced into a software system grows even faster than the size of the system itself.

The essential conclusion of this reasoning is that as long as we have continuing technology innovation, there will be a need for more innovative cybersecurity services that grows at least as quickly. And as long as we have capitalist markets, that dynamic will translate into an opportunity to profitably invest in the future of cybersecurity.

Ricky Nave

In college, Ricky studied physics & math, won a prestigious research competition hosted by Oak Ridge National Laboratory, started several small businesses including an energy chewing gum business and a computer repair business, and graduated with a thesis in algebraic topology. After graduating, Ricky attended grad school at Duke University in the mathematics PhD program where he worked on quantum algorithms & non-Euclidean geometry models for flexible proteins. He also worked in cybersecurity at Los Alamos during this time before eventually dropping out of grad school to join a startup working on formal semantic modeling for legal documents. Finally, he left that startup to start his own in the finance & crypto space. Now, he helps entrepreneurs pay less capital gains tax.

Recent Posts