Playing defense with cybersecurity stocks
Businesses are woefully underprepared for the increasing frequency and sophistication of cyber-attacks. The total cost of these across the world is expected to reach $10.5 trillion by 2025, more than three times greater than the $3 trillion estimate for 2015 and more than the economic damage done by natural disasters.[1]
Organizations around the world appear to underestimate the problem. Companies spend around $150 billion a year to protect themselves from the cyber menace, but they should be spending closer to $1.5 trillion to $2 trillion to cover all their vulnerabilities, according to consultancy McKinsey.[2]
Meanwhile, insurer Swiss Re believes businesses are only covered for about 10% of the likely losses from cyber-attacks.[3] These include a variety of factors, ranging from direct theft of money, data and intellectual property to service disruption and lost productivity, along with the need to repair and restore compromised systems.
Concerns for equity investors
Investment-decision makers at the world’s major financial institutions are acutely aware of these risks. In an authoritative study on the outlook for global equities, conducted by EquitiesFirst in collaboration with Institutional Investor, a majority of those polled highlighted rogue cyber-attacks on companies and governments as one of the biggest current geopolitical worries, ranking cybersecurity risks just behind climate change and war in Europe.
Image source: https://equitiesfirst.com/int/ii-partnership/
This finding is especially notable for individual investors who may not fully appreciate the true extent of the risks. There are two main reasons why this is often the case.
First, apart from high-profile attacks such as the Colonial Pipeline ransomware attack or massive social media data breaches, we tend not to hear much about them. Yet they are pervasive, with around 2,200 cyber-attacks occurring each day.[4] According to the US Department of Justice, only one in seven cyber-crimes is reported, presumably owing to embarrassment, fear of reputational harm, or the belief that law enforcement will not be able to help.[5]
Second, the impact of data leaks and breaches may not be felt for months or even years after they take place. Chances are, your data has been compromised – consider that recent data breaches of Facebook and LinkedIn compromised well over a half billion accounts each, while the mother of all breaches – suffered by Yahoo in 2013 – compromised 3 billion accounts.[6] The full cost of these breaches will perhaps never be determined.
The risk from cyber-attacks weighs on investors focused on all the markets covered in the study, in North America, Europe and Asia.
Investors focused on North American markets – where the most high-profile cyber-security solutions providers, including CrowdStrike, Palo Alto Networks, Datadog, Okta and Splunk,[7] are listed – are significantly more concerned about cyber-attacks than the global average.
More systemic risks
Along with the rise in cyber-crime affecting businesses and individuals, the World Economic Forum warns that attempts to disrupt critical technology-enabled resources and services will become more common, with attacks anticipated against agriculture and water, financial systems, public security, transport, energy and domestic, space-based and undersea communication infrastructure.[8]
Already, concerted attacks of these sorts have been evident in the Russia-Ukraine war, showing how vulnerable the critical functioning of whole economies have become to cyber-attacks.
Those vulnerabilities are multiplying as a consequence of an ever-expanding “attack surface.”[9] There are now more than three times as many networked devices on earth than there are people,[10] and the number of networked sensors embedded around us is set to balloon from 1 trillion to 45 trillion over the next 15 years.
The cybersecurity landscape is further complicated by continued advances in artificial intelligence, which can be used by both attackers and defenders. Moreover, many fear that the advent of quantum computing – which threatens to destabilize virtually all current encryption systems – could tip the balance towards the attackers in the unending arms race between the two sides.
Riding the defensive wave
Faced with the chilling prospect of cyber criminals gaining the upper hand, and as they become more aware of the risks, businesses are likely to ramp up their spending on cybersecurity considerably in coming years.
This could benefit cybersecurity stocks, which appear to have lagged the overall tech sector so far in 2023.[11] With a recession looming, they may also benefit from their defensive nature, given the need to guard against cyber risks in both good times and bad.
Individuals wishing to access liquidity to either invest in cybersecurity stocks or shore up their own cyber defenses could consider securities-backed financing. By using their equity or crypto as collateral, they can obtain non-recourse, non-purpose capital at competitive terms, while retaining all beneficial ownership and upside from the underlying assets upon completion of the financing term.
It is always wise to have a good defense. But given the heightened uncertainty in equity markets and the scale of the threat posed by cyber crime, investors would do well to be prepared.
[1] https://www.forbes.com/sites/rajindertumber/2019/01/05/cyber-attacks-igniting-the-next-recession/?sh=1c3747eddbe4
[2] https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/new-survey-reveals-2-trillion-dollar-market-opportunity-for-cybersecurity-technology-and-service-providers
[3] https://www.swissre.com/institute/research/topics-and-risk-dialogues/digital-business-model-and-cyber-risk/cyber-insurance-strengthening-resilience.html
[4] https://www.cobalt.io/blog/cybersecurity-statistics-2023
[5] https://www.anapaya.net/blog/the-unseen-problem-of-unreported-cybercrime
[6] https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
[7] https://www.fool.com/investing/stock-market/market-sectors/information-technology/cybersecurity-stocks/
[8] https://www.weforum.org/reports/global-risks-report-2023/digest/
[9] https://www.ibm.com/topics/attack-surface
[10] https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html
[11] https://www.investors.com/news/technology/cybersecurity-stocks/
Businesses are woefully underprepared for the increasing frequency and sophistication of cyber-attacks. The total cost of these across the world is expected to reach $10.5 trillion by 2025, more than three times greater than the $3 trillion estimate for 2015 and more than the economic damage done by natural disasters.[1]
Organizations around the world appear to underestimate the problem. Companies spend around $150 billion a year to protect themselves from the cyber menace, but they should be spending closer to $1.5 trillion to $2 trillion to cover all their vulnerabilities, according to consultancy McKinsey.[2]
Meanwhile, insurer Swiss Re believes businesses are only covered for about 10% of the likely losses from cyber-attacks.[3] These include a variety of factors, ranging from direct theft of money, data and intellectual property to service disruption and lost productivity, along with the need to repair and restore compromised systems.
Concerns for equity investors
Investment-decision makers at the world’s major financial institutions are acutely aware of these risks. In an authoritative study on the outlook for global equities, conducted by EquitiesFirst in collaboration with Institutional Investor, a majority of those polled highlighted rogue cyber-attacks on companies and governments as one of the biggest current geopolitical worries, ranking cybersecurity risks just behind climate change and war in Europe.
Image source: https://equitiesfirst.com/int/ii-partnership/
This finding is especially notable for individual investors who may not fully appreciate the true extent of the risks. There are two main reasons why this is often the case.
First, apart from high-profile attacks such as the Colonial Pipeline ransomware attack or massive social media data breaches, we tend not to hear much about them. Yet they are pervasive, with around 2,200 cyber-attacks occurring each day.[4] According to the US Department of Justice, only one in seven cyber-crimes is reported, presumably owing to embarrassment, fear of reputational harm, or the belief that law enforcement will not be able to help.[5]
Second, the impact of data leaks and breaches may not be felt for months or even years after they take place. Chances are, your data has been compromised – consider that recent data breaches of Facebook and LinkedIn compromised well over a half billion accounts each, while the mother of all breaches – suffered by Yahoo in 2013 – compromised 3 billion accounts.[6] The full cost of these breaches will perhaps never be determined.
The risk from cyber-attacks weighs on investors focused on all the markets covered in the study, in North America, Europe and Asia.
Investors focused on North American markets – where the most high-profile cyber-security solutions providers, including CrowdStrike, Palo Alto Networks, Datadog, Okta and Splunk,[7] are listed – are significantly more concerned about cyber-attacks than the global average.
More systemic risks
Along with the rise in cyber-crime affecting businesses and individuals, the World Economic Forum warns that attempts to disrupt critical technology-enabled resources and services will become more common, with attacks anticipated against agriculture and water, financial systems, public security, transport, energy and domestic, space-based and undersea communication infrastructure.[8]
Already, concerted attacks of these sorts have been evident in the Russia-Ukraine war, showing how vulnerable the critical functioning of whole economies have become to cyber-attacks.
Those vulnerabilities are multiplying as a consequence of an ever-expanding “attack surface.”[9] There are now more than three times as many networked devices on earth than there are people,[10] and the number of networked sensors embedded around us is set to balloon from 1 trillion to 45 trillion over the next 15 years.
The cybersecurity landscape is further complicated by continued advances in artificial intelligence, which can be used by both attackers and defenders. Moreover, many fear that the advent of quantum computing – which threatens to destabilize virtually all current encryption systems – could tip the balance towards the attackers in the unending arms race between the two sides.
Riding the defensive wave
Faced with the chilling prospect of cyber criminals gaining the upper hand, and as they become more aware of the risks, businesses are likely to ramp up their spending on cybersecurity considerably in coming years.
This could benefit cybersecurity stocks, which appear to have lagged the overall tech sector so far in 2023.[11] With a recession looming, they may also benefit from their defensive nature, given the need to guard against cyber risks in both good times and bad.
Individuals wishing to access liquidity to either invest in cybersecurity stocks or shore up their own cyber defenses could consider securities-backed financing. By using their equity or crypto as collateral, they can obtain non-recourse, non-purpose capital at competitive terms, while retaining all beneficial ownership and upside from the underlying assets upon completion of the financing term.
It is always wise to have a good defense. But given the heightened uncertainty in equity markets and the scale of the threat posed by cyber crime, investors would do well to be prepared.
[1] https://www.forbes.com/sites/rajindertumber/2019/01/05/cyber-attacks-igniting-the-next-recession/?sh=1c3747eddbe4
[2] https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/new-survey-reveals-2-trillion-dollar-market-opportunity-for-cybersecurity-technology-and-service-providers
[3] https://www.swissre.com/institute/research/topics-and-risk-dialogues/digital-business-model-and-cyber-risk/cyber-insurance-strengthening-resilience.html
[4] https://www.cobalt.io/blog/cybersecurity-statistics-2023
[5] https://www.anapaya.net/blog/the-unseen-problem-of-unreported-cybercrime
[6] https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
[7] https://www.fool.com/investing/stock-market/market-sectors/information-technology/cybersecurity-stocks/
[8] https://www.weforum.org/reports/global-risks-report-2023/digest/
[9] https://www.ibm.com/topics/attack-surface
[10] https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html
[11] https://www.investors.com/news/technology/cybersecurity-stocks/
