Reading time: 4 minutes
The online age has heralded a new era of warfare, which pits not only sovereign nations against one another, but also cyber criminals against businesses, individuals, and their intellectual property.
Cybersecurity incidents soared in Australia during the past financial year, according to the recent Australian Cyber Security Centre’s (ACSC) second annual threat report. Whilst we are aware that cybercrime exists, and many of us may have been touched by a cybersecurity breach, it is possible we have underestimated the prevalence and severity of these incidents within society at large.
New data shows cybercrime is now reported every eight minutes in Australia1 with foreign agents and criminals taking advantage of large numbers of people working from home during COVID-19 lockdowns. In its second annual threat report, the ACSC revealed over 67,500 cybercrime reports were made in the last financial year, up 13%2 from the previous year, indicating that the online threat is fast becoming a national security emergency.
About one-quarter of cyber incidents reported to the ACSC last year were associated with Australia’s critical infrastructure or essential services, including education, communications, electricity, water, and transport.
The report warns that business email compromise – which includes when companies are targeted with fake invoices that appear to be for genuine services, continues to present a major threat to Australian businesses and government enterprises, especially as more Australians work remotely. The average loss associated with such incidents was over $50,000, more than 50% higher than the previous financial year3.
However, the threat isn’t just to business. During the past year, cybersecurity officials working with Telstra and Services Australia helped to take down over 110 malicious COVID-194 themed websites aimed at targeting vulnerable citizens who were looking to obtain government grants, and other vital pandemic-related information.
It is estimated that cybercrime has cost Australian businesses and individuals A$33 billion over the past year5.
State secrets are becoming more vulnerable
The crisis extends to state-sponsored espionage that is targeting our national data and intellectual property, and has the potential to create security chaos at an international level.
Last year, the Australian government identified that a sophisticated state-based hacking program had continually targeted Australian businesses and the government – believed to be primarily from China and Russia6.
International espionage is nothing new, but with more data being stored online, confidential national information remains vulnerable to the presence of nefarious state-based hackers.
To highlight the severity of these incidents, staff from the Australian Signals Directorate have been embedded in the Federal Health Department to protect the country’s COVID-19 response from cyber-attacks.
Any corruption of medical data would be a huge issue for the federal government as it continues to combat the effects of the virus as well as handling the weary public. The health sector reported the second-highest number of ransomware incidents in the country, which grew as COVID-19 vaccines were developed and rolled out.
A breakdown of the severity of cyber incidents in 2020-21 shows there were 14 cases in which federal government entities or nationally significant infrastructure suffered the removal or damage of sensitive data or intellectual property, indicating that even with cybersecurity resourcing, the risk is ever present.
Looking internationally, last year a major cyber-attack by a group with suspected backing by the Russian government penetrated thousands of organisations globally including multiple parts of the U.S. federal government, leading to a series of data breaches7.
The attack and subsequent data breaches were among the worst cyber-espionage incidents ever suffered by the U.S. due to the sensitivity and high-profile nature of the targets, who were using a popular software program which had been compromised. 200 organisations including the UN, NATO and the UK government were reportedly affected by the attack, and some of these may have suffered critical data breaches8.
It is becoming increasingly clear that in the future of espionage and conflict, the role that the internet plays in the transfer of data and connectivity represents a front in the battle to keep our information safe.
Global spending on cybersecurity is booming
According to the annual Cybersecurity Ventures report, cyber-attacks are the fastest growing crime in the U.S. and sustained growth into the future is forecast. The firm expects global cybercrime costs to grow by 15% p.a. over the next five years, reaching US$10.5 trillion annually by 2025, an increase from US$3 trillion in 20159.
The U.S. is a bellwether when discussing global cybersecurity, given it is not only the nexus for global geopolitics, but also the epicentre for technology ventures globally. Given the large financial footprint cyberattacks are leaving on the U.S. economy, there is little doubt that instances of cyberattacks will continue to increase globally.
The Cybersecurity Ventures report argues that this growth in cyberattacks represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined10.
Evidently, the market for protecting private data and state secrets is moving in lock-step, with demand for cybersecurity booming.
At a sovereign level, the U.S. government has budgeted US$19 billion11 on Cybersecurity for 2021.
Locally, Australians spent ~A$5.6 billion on cybersecurity in 2020, with demand forecast to reach A$7.6 billion by 202412.
Projections that the global cybersecurity market is set to grow to US$300 billion by the end of 202413 might not make this sector a global panacea for cyber-attacks, but it does represent an investment opportunity with the potential for significant and sustainable growth as the digital era matures. Indeed, cybersecurity echoes the wider investment thesis that is presented by technological innovation – as society becomes more interconnected, there is a greater propensity for criminal actors to seek to benefit from this global integration.
The BetaShares Global Cybersecurity ETF (ASX: HACK) is a simple and cost-effective way to gain exposure to the world’s leading cybersecurity companies in a single ASX trade. The table below shows performance to 30 September 2021.
Source: Bloomberg (NAV Total Returns)
Past performance is not indicative of future returns.
Investment risks associated with HACK include market risk, cybersecurity companies risk, concentration risk and currency risk. For more information on risks and other features of the Fund, please see the Product Disclosure Statement, available at www.betashares.com.au.