Attack versus defence ‒ of the digital kind

“And this is the new world that we live in. We are going to be under relentless cyber-attack, especially from here on in.”

These are the words of Australian cybersecurity minister Clare O’Neil following a major cyber-attack on Australian private health insurer Medibank on 19 October.

The attack forced the company to halt trading, with sensitive data from thousands of customers being exposed to hackers.

O’Neil’s remarks perfectly sum up the growing issue of cyber-attacks, facilitated by an increasingly digitised and integrated world economy, and encouraged by the Covid-19 pandemic.

In fact, according to Cybersecurity Ventures a cyber-attack happened every 11 seconds on average last year.

Before going any further, it’s important to understand what a cyber-attack actually is.

What is a cyber-attack?

A cyber-attack is an attempt to gain unauthorised access to a computer network, with intent to cause harm and damage.

It can come in several different forms, the most common being malware, phishing and ransomware.

For example, phishing is when attackers entice victims into clicking a disguised email link, where they input personal information and inadvertently download malware to their device.

These can often appear in your junk email folder, so it’s important to watch out for them. Generally, if a message looks too good to be true, it probably is.

As outlined above, cyber-attacks can have disastrous consequences for consumers and businesses, and huge financial, psychological and reputational costs can result.

In fact, cyber-attacks are set to cost the global economy a whopping $10.5 trillion annually by 2025, up from $6 trillion (and counting) for this year.

This has placed greater emphasis on the need for resilient cybersecurity systems, which can protect against attacks.

However, it appears that companies are still taking the issue of cyber-attacks lightly.

On average, only 14% of small businesses have adequate cyber protection in place to deal with such attacks.

What’s more, around 68% of companies currently don’t have any form of cyber insurance against them.

Given the hard numbers, this is hugely alarming, and in our view leaves huge upside potential for cybersecurity adoption that will inevitably come as the problem worsens.

Crucially, policymakers are starting to recognise the importance of cyber protections, and are enforcing legally binding cybersecurity requirements.

Earlier this year, the UK government introduced the NIS cybersecurity regulations.

Under the terms of the new rules, “digital service providers” are required to register with the authorities, meet a baseline level of cybersecurity requirements, and report any incident that has a significant impact on the operations of the service.

The legislation should help sustain the recent impressive growth the cybersecurity market has been experiencing.

In 2021, the UK cybersecurity market grew 14%. This was double the growth in 2020 . The UK cyber market is worth £10.1 billion.

From an investment perspective, the cybersecurity market has outperformed other major indices.

For example, a useful metric of the state of the cybersecurity market is the Global X Cybersecurity ETF.

The ETF tracks a basket of stocks across the cybersecurity industry, with holdings residing from the United States, the UK, and Japan.

This year, the ETF has produced a return of -20.69%, which is hardly surprising given the wretched stock market, and particularly, the conditions for technology-related stocks. However, the Nasdaq’s yearly return is -33.9%, so the performance of the ETF has provided some respite for its shareholders.

How to invest in cybersecurity

As technology has advanced, so, too, have the sophistication and variety of cyber-attacks.

As a result, there is now a plethora of different cyber-defence systems being made by cybersecurity companies.

The three main types of cybersecurity are network, application, and cloud security.

Network security stops cyber-attacks from breaching tech-based infrastructure, largely via the use of firewalls, which can block and intercept harmful traffic.

Application security protects sensitive information at app level, and is largely consumer facing. It includes security measures such as two-step authentications, face ID, and password settings.

Finally, cloud security refers to measures that protect data stored virtually.

The cloud is becoming increasingly used by consumers and businesses to store data, with popular programmes including Apple iCloud and Google Drive.

Providers of this kind of cybersecurity, amongst much else, are therefore a good entry place to start.

One of the larger players in the cybersecurity space is CrowdStrike Holdings. The company provides cloud-based network security for devices such as laptops, PCs and servers.

Interestingly, it also uses artificial intelligence (otherwise known as “machine learning”) to detect security breaches. As cyber-attacks become more advanced, companies that have the technology to counteract them will be invaluable.

Another cybersecurity company is Fortinet. The company provides several types of cybersecurity solutions, including cloud security and firewalls. It has a commercial partnership with Telefónica, one of Europe’s leading telecommunications providers.

Closer to home, NCC Group may provide good exposure to the cybersecurity trend. This company leaves no cybersecurity stone unturned, providing cloud, application-security and cryptography solutions. Its customers include NatWest and Marks & Spencer.

To recap, there’s no escaping the fact that the world is under siege from cyber-attacks and, with the cost to the world in the trillions, surely it’s time to take cybersecurity seriously.

Until next time,

Elliott Playle
Contributing Editor, Exponential Investor