Cybersecurity has been described as a new type of insurance for businesses. In the same way that people purchase car insurance to help prevent having to pay large expenses in the event of an accident, businesses purchase cybersecurity products and services for a similar reason. Cybersecurity attacks can be very costly for a business, both financially and reputationally.

The average cost of a single business-related data breach in 2006 was $3.6 million. In 2022, the cost jumped to $9.44 million. When combining all these breach costs together, Cybersecurity Ventures estimates that the global cost of cybercrimes will increase at a compound annual growth rate of 15% over the next few years and total nearly $10.5 trillion by 2025. It's no wonder cybersecurity has become indispensable for so many businesses.

Where there's huge demand, there's money to be made for companies and their investors. But which company should you invest in? That's a question not easily answered. The easy answer may, in fact, be to just invest in cybersecurity broadly instead of focusing on individual companies. A great way to do that is through the Vanguard Information Technology ETF (VGT -0.72%).

An investor can cover a lot of ground with one ETF

The Vanguard Information Technology ETF isn't as concentrated as other cybersecurity ETFs, but it has advantages for investors. While some cybersecurity ETFs invest in around 30 or so companies, this ETF has holdings in 368 companies covering all aspects of the sector. It contains large-cap, mid-cap, and small-cap companies, so you'll get access to titans like Apple and Microsoft (yes, these tech giants have cybersecurity segments to their businesses), as well as younger, faster-growing companies like CrowdStrike.

Here's how the ETF is broken down by industry:

  • Application software: 11.1%
  • Communications equipment: 3.2%
  • Data processing and outsourced services: 11.9%
  • Electronic components: 1%
  • Electronic equipment and instruments: 1.3%
  • Electronic manufacturing services: 0.8%
  • Internet services and infrastructure: 1.4%
  • IT consulting and other services: 3.9%
  • Semiconductor equipment: 3.2%
  • Semiconductors: 17%
  • Systems software: 21.4%
  • Technology distributors: 0.5%
  • Technology hardware, storage, and peripherals: 23.2%

Even with a tech-concentrated ETF like this, it's good to have diversification within it. Cybersecurity is a fairly wide umbrella that covers many segments. Investing in companies that operate in more niche technology industries can give investors exposure while limiting some of the risks of investing in individual companies (especially smaller ones).

The results have historically been there

Since its formation in January 2004, the Vanguard Information Technology ETF has averaged 11.6% annual returns. In the past 10 years, average returns have been over 18.6%, outperforming the tech-heavy Nasdaq Composite by a decent margin.

VGT Chart

Data by YCharts.

Past results don't guarantee future performance, but it's reassuring to know the ETF has had sustained success over the years -- especially considering that many of the companies it contains operate in a relatively young industry.

Where the cybersecurity industry may be headed

Although the cybersecurity industry has grown considerably in the past few years, research by McKinsey suggests that only around 10% of digital security solutions have been penetrated. That would put the total addressable market (TAM) around $1.5 trillion to $2 trillion.

For perspective, here are some cybersecurity segments, their TAM, and penetration as of the end of 2021:

Segment Total Addressable Market Current Penetration
Security and operations management $400 billion to $500 billion 1% to 5%
Application security $100 billion to $200 billion 1% to 5%
Endpoint security $100 billion to $200 billion 5% to 10%
Web security $100 billion to $200 billion 5% to 10%
Cloud security $50 billion to $100 billion 1% to 5%

Data source: McKinsey.

The cybersecurity market isn't likely to cross the $1 trillion threshold anytime soon, but this shows just how much long-term potential there is. As companies progressively see the importance of cybersecurity and begin to fund it more in line with industry expectations, cybersecurity products and services should see penetration at much higher rates.

Given the diversity of the Vanguard Information Technology ETF, investors can get wider exposure to the specific segments within the broader cybersecurity umbrella. As the industry grows long-term, so should the value it returns to investors.