Soner Kistak and Jade Bajai

With so many facets of our daily lives dependent upon digital infrastructures, cybercrime is a growing and considerable threat worldwide, affecting governments, corporations and individuals alike. As the rollout of 5G and successive mobile technologies further digitalise our lifestyles, enhanced digital defence systems will become increasingly indispensable. For investors, this means that cybersecurity may be an interesting and enduring investment theme which merits consideration in portfolios.

A Growing Threat

The first known cyberattack occurred all the way back in 1988, when what became known as the Morris Worm damaged approximately 6,000 computers, representing about 10% of the entire internet at the time. [1][2]

Cybercrime has evolved since then, becoming highly sophisticated and a lucrative source of income for cybercriminals. The umbrella term constitutes a range of activities whether it be intellectual property theft, the targeting of data systems of individuals or businesses for financial gain, the theft of sensitive information or orchestrated disruptions, simply to create panic and discord.

The Covid-19 pandemic and ensuing lockdowns accelerated the secular trend of digitalization, pushing millions of businesses online essentially overnight. This created fertile ground for cyber criminals to operate. 

This year, news headlines have been consumed with stories of ransomware attacks.

• In the US, the Colonial pipeline, a key oil artery, fell victim to a ransomware attack, causing fuel shortages across the east coast for days. With the assistance of the FBI, Colonial Pipeline paid the requested ransom (75 bitcoin or $4.4 million) within several hours and the hackers delivered a software application to restore their network, but it operated very slowly.
• JBS, the world’s largest meat processor, had its IT systems attacked, meaning that the majority of its plants in the US, Canada and Australia were forced to close for around three days, raising alarm about food security. The company paid a ransom of roughly $11m to end the attack. 
• Conti ransomware group reportedly asked the Irish health service for $20m (£14m) to restore services after a "catastrophic hack". In the end the Irish government said it did not pay and the systems were restored.
• Computer systems of several companies across the world, including 800 physical grocery stores of Sweden's Coop, were attacked by REvil ransomware with hackers demanding $70 million to restore the data.

More recently, a scandal broke involving Pegasus spy technology which was used to intercept the phones of prominent figures and media personnel. This event shows the vulnerability of our systems and importance of cybersecurity not only against cyberattacks but also for privacy and in countering espionage.

In acknowledging the seriousness of the threat posed by cyberattacks, the US Navy is attempting to bring back celestial navigation techniques alongside modern electronic navigational systems. [3] But broadly, digitalisation will not  retreat. Rather, individuals, companies and countries must become well-versed in cybersecurity. They must shift away from reactionary defence mechanisms in that they are perpetually on guard and secured. 

Indeed, while the threat from cybersecurity swells, the ecosystem of protective measures is rapidly expanding in tandem. This includes firewalls to keep unauthorized users from accessing private data, the rise of forensic firms that monitor traffic for intrusions and audit systems for weakness, antivirus programs that block malware and viruses, data protection through evolving forms of authentication (encryption, digital signatures, biometrics…), and so on…

More investment flows into advanced cybersecurity systems and innovation is expected as the issue rises to the top of government agendas. Policymakers are becoming increasingly concerned that critical infrastructure such as power plants and hospitals risk being compromised by hackers and are aware that securing critical national infrastructure is essential to keeping society functioning.

Recognising the potential threat, NATO leaders are seeking to modernise their alliance and toughen their response to new high-tech threats. 

In May, the US President Biden issued an Executive Order to improve the cybersecurity of federal computer networks with assistance from the private sector. The 18-page document sets deadlines for named agencies to develop requirements, standards, or guidelines on specific cybersecurity areas with emphasis on identifying, deterring, protecting against, and responding to cybercrime.

“Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.” – Extract from Biden’s Executive Order

Here in Europe, the European Commission recently announced a "Joint Cyber Unit," which would allow member states hit by cyberattacks to ask other countries and the EU for assistance, including through rapid response teams that can swoop in and fight off the threat in real time. The  plan aims to help countries fight back against increasingly sophisticated attacks by pooling national governments' cybersecurity resources.

As governments race to outsmart hackers, we could see new tailwinds for the industry and a new wave of public-private partnerships and innovation.

Investment Case

Cybersecurity threats are real and they affect everyone. As we try to build up defences, the International Data Corporation (IDC), believes that worldwide spending on security-related hardware, software and services will continue to grow, reaching an estimated $151.2 billion in 2023. 

Cybersecurity piggy-backs on the unstoppable trend of digitalization and demand for cybersecurity products looks to accelerate further as  new technologies, such as cloud computing, AI, the IoT and 5G proliferate. 

While the theme could represent a very interesting opportunity for investors, selecting an optimal way to play it is key. Within the broad theme, you will find a number of traditional companies that are adapting their business models as well as new entrants (there is a vibrant start-up industry in this field), then you have pure plays and companies that are only dipping their toes in this realm. Investors must approach the theme in a way that fits their own individual risk tolerances and preferences. 

References

[1] https://www.nasdaq.com/articles/how-the-pandemic-has-increased-the-need-for-cybersecurity-2020-10-29

[2]

[3] https://www.npr.org/2016/02/22/467210492/u-s-navy-brings-back-navigation-by-the-stars-for-officers?t=1626772083919