Three years of Atonra Cybersecurity - what worked, what's next?

What happened

In January 2023, we launched Cybersecurity as a standalone product, as a carve-out from our Security & Space strategy. While valuations were already compelling, the decisive factor was structural maturity: sufficient breadth, scale, and diversification to support an independent strategy.

More importantly, we believed the sector was entering an investment supercycle. A convergence of technological shifts was creating space for a new generation of challengers to disrupt entrenched incumbents and capture meaningful market share. Three years on, this proved a timely inflection point. It is thus  time to reassess both what worked and what lies ahead.

Impact on our Investment Case

A Successful Positioning

At launch, cybersecurity stood at a crossroads. High-profile breaches of U.S. federal agencies had exposed systemic vulnerabilities, while years of underinvestment left enterprises dangerously unprepared for the sudden shift to remote work triggered by Covid-19. A new wave of technologies, developed by ambitious, cloud-native players, emerged as a structural solution. The conditions for a sectoral reshuffle were firmly in place.

Our conviction was simple and strong: data and artificial intelligence would become central growth enablers. Cyber incidents were no longer isolated IT issues but full-scale operational crises, leading to serious wake-up calls and prompting governments and corporations alike to accelerate modernization. Incumbents, in our view, were structurally ill-equipped, leaving challengers best positioned to lead.

This thesis translated directly into portfolio construction. At launch, our top three holdings were CrowdStrike, Cloudflare Inc, and Zscaler Inc. Their average performance since then stands at approximately +280%. Measured just before the mid-November 2025 correction, that figure approaches +600%. The positioning has been unequivocally validated.

If It Ain’t Broke, Don’t Fix It

The sector’s evolution does not warrant a strategic overhaul, though it does demand active refinement.

The technology transition accelerated by Covid remains incomplete. Many enterprises still rely on legacy, on-premise infrastructure, and adoption of critical frameworks such as Zero Trust remains insufficient. High-profile incidents continue to underscore this gap: the recent Jaguar Land Rover breach severely disrupted production and generated astronomical costs.

At the same time, the threat landscape is expanding. AI has thus far acted as a defensive force multiplier, but generative AI has dramatically lowered the barrier to sophisticated malware creation. Fully autonomous AI-driven attacks may still be nascent, but the trajectory is clear. Moreover, AI’s insatiable demand for differentiated training data has renewed incentives for data theft, materially raising the value (and vulnerability) of corporate datasets.

In short, in this environment, technological edge is not optional: it is decisive.

Valuations: Not A Cause For Concern

Quality has a price, and cybersecurity qualifies. The sector’s blend of growth, margins, and visibility places it firmly in the “quality” category. This translates into elevated multiples. Today, our universe trades at ~29x forward earnings, while the portfolio stands at ~37x.

However, as shown in the charts above, history shows that such multiples are neither unusual nor prohibitive for returns. Quality can remain expensive for extended periods. Importantly, the recent rotation toward AI hardware has triggered a valuation reset: both P/E and PEG multiples now sit comfortably within historical norms. Notably, portfolio valuations are near their (admittedly short) historical lows, i.e., levels that previously preceded a sharp rerating and a ~40% gain within six months.

A Gradual Shift To Capture The Next Opportunities

Execution increasingly hinges on identifying platforms capable of scaling these technologies. Over the past three years, customer behavior has shifted: enterprises now favor integrated, transversal platforms over fragmented best-of-breed solutions, something that we have repeatedly covered.

This structural pivot toward “platformization” informs our positioning. We favor either next-generation players that have successfully expanded into adjacent verticals (e.g., CrowdStrike) or incumbents that have meaningfully reinvented themselves (e.g., Palo Alto Networks). We also expect the rise of AI agents to trigger a powerful new investment cycle in identity and access management, and are positioned accordingly.

Geopolitics adds another layer. Escalating tensions, particularly between the U.S. and China, have reshaped market access. China has effectively excluded U.S. and Israeli cybersecurity vendors, reinforcing the case for domestic champions. With 16% exposure to Chinese cybersecurity, we view this as a durable differentiator, supported by China’s stringent data-sovereignty framework.

Our Takeaway

Three years on, the cybersecurity supercycle remains firmly intact. The digital transformation that powered the first leg of growth is unfinished, and the next cycle, driven by AI, is already emerging. The challenge lies not in identifying the opportunity, but in navigating a complex and fast-moving competitive landscape in a sector that can appear nebulous even to specialists. We believe our sector expertise, disciplined process, and early positioning leave us well placed to do so. The best time to invest in our strategy would have been on launch, but now is the time to make up for the lost opportunity.