Uber, the ride sharing company, was caught out last week after it was discovered they had paid US$100,000 to cybercriminals in October 2016, following the theft of 57 million customer and driver records worldwide. This has caused significant reputational damage to the company and clearly shows no company is safe from the ever increasing threat of cyber-attacks. This latest breach reinforces the belief that it is not an ‘if’ but ‘when’ in the battle for cybersecurity, and is another example of the frequency with which criminals appear to be winning.
No longer does it matter whether a company is considered “old world”, for example specialising in energy, or a service company dealing with sensitive client data such as a bank or insurance company, or a company involved in new technologies such as Artificial Intelligence or Crypto assets. The commonality between most businesses nowadays is that they are moving online and, as such, are vulnerable to the ever increasing threat of cybercrime.
Why is Cybersecurity important?
Increasing threats – The number of cybersecurity attacks have been increasing year after year. It was reported that the cost of cybercrime was approximately $400-500 billion during 2013 – 2015. By 2021, a Cybersecurity Ventures report estimates the cost of cyber threats will rise to $6 trillion annually.
Severity of attacks – Along with the number of cybersecurity attacks increasing, so is the severity of those attacks, according to a PWC report. The attacks are “becoming progressively destructive and target a broadening array of information and attack vectors.”
Future Outlook – According to David Burg, Global Cybersecurity and Privacy Advisory Leader at PwC, “We’re seeing more and more that cybersecurity can actually become a remarkable way to help a company innovate and move faster. In certain kinds of digital innovation, the security considerations, controls and capabilities, alongside a frictionless means of authentication, are essential to the design and development of these new products and services”.
Failing to act has consequences
Impact on share value – A company’s stock price will usually fall after an attack is publically disclosed, which may only be short-term. However, the longer-term consequences of spending to improve systems and court settlements can last years and impact the bottom line. KPMG estimated that the U.S retailer Target spent over $200m on systems upgrades and court settlements after a 2013 theft of data from some 40 million credit cards.
Reputational Risk – Fear of reputational damage to an organisation is the biggest motivator to take security measures seriously, according to a study that RAND Europe conducted on investments in Cybersecurity. As the recent Uber example shows, failing to disclose an attack – or worse, covering it up – can lead to significant consumer mistrust that may be difficult to regain.
Obligation to report breaches – Transparency about cyber security breaches will be strengthened due to much anticipated legislative change. An amendment to the Privacy Act 1988 takes effect in 2018. The change will require the majority of Australian companies to notify customers and the privacy watchdog (OAIC) when serious data breaches have occurred. The amendment addresses concerns that data breaches could be exploited, without the customer being aware their data was at risk and being given the opportunity to take their own mitigating action.
Market growth and outlook in Cybersecurity
It is estimated that over US$1 Trillion will be spent on products to fight cybercrime between now and 2021 and global spending on security awareness training for employees will reach US$10 billion by 2027, according to the Cybersecurity Ventures report. This compares to just $3.5 billion in 2004 and more than $120 billion in 2017.
This increase in the level of investment clearly shows that cybercrime is a significant threat which is being taken seriously. With no company safe from cybercriminals the hardest hit sectors overall have been:
One consequence of this increase in cybercrime is the increasing levels of interest and projected growth in the cybersecurity services industry. As governments and companies strive to protect themselves from the online threat, they continue to invest in and drive spending across the entire cybersecurity sector. This presents a particularly compelling investment opportunity.
For investors looking to gain exposure to the growing cybersecurity sector, BetaShares offers the Global Cybersecurity ETF (ASX Code: HACK). HACK currently has exposure to the 36 largest companies in the Cybersecurity sector from around the world, all of whom are working to beat the cyber-criminals at their own game! And while past results should never be used as a guide for the future, the performance of these companies so far has indicated the potential associated with this investment theme, with the performance of the fund since inception in August 2016 to end October 2017 being approximately 13% p.a.
Past performance is not an indicator of future performance. Returns are calculated in Australian dollars using net asset value per unit at the start and end of the specified period and do not reflect brokerage or the bid ask spread that investors incur when buying and selling units on the ASX. Returns are after fund management costs, assume reinvestment of any distributions and do not take into account tax paid as an investor in the Fund.