COVID-19 and The Cybersecurity Investment Case

COVID-19 has had a devastating effect on the world. The virus has debilitated regions, and decimated sectors with an unparalleled level of speed and ferocity. Its impact on companies and business models has been indiscriminate, hurting particularly those companies with weaker or under-developed digital underpinnings. Stronger players have had to shock themselves into emergency measures designed to prevent discontinuity. Companies have had to learn how to operate remotely, and virtually. And billions of people are now working from home and adjusting to virtual workplaces thanks to teleconferencing services like Zoom and Microsoft Teams. Incredibly, this has also led to a worrying level of dependence on good and stable internet connections. It has led to an expectation on today’s digital infrastructure to remain functional, resilient and impervious at a time when it’s most under stress – from not only overuse and data loads but also cyber-attacks.

While it may not be obvious to the general public, with warnings from the WHO, FBI and European Central Bank, cybersecurity is now once again at the centre-stage globally. The coronavirus-led meltdown, shutdown and lockdown has exposed new risks and vulnerabilities in our technological substructures. These have been both unprecedented and unpredictable, arising from our sudden shift to “everything digital”. Cybercrime shows no signs of abatement. According to Chris Versace, CIO and thematic strategist at Tematica Research, “It is exactly these types of structural changes and pain points that give rise to innovation and new business models that create thematic opportunities for investors.” In this piece, we look at how the coronavirus has begun reshaping current templates for cybersecurity.

We are living through an infodemic that has exposed gaps in our security templates

Since the beginning of 2020, over 50,000 coronavirus-related domains have been registered on the web.[1] According to the World Health Organisation, the pandemic has created an “infodemic” in which people are being bombarded with an overabundance of both accurate and inaccurate information about the coronavirus.[2] This has led to unprecedented levels of impulse-clicking.

Many of these misinformation campaigns have been craftily put together by criminals looking to exploit the COVID-19 outbreak for personal gain – launching cyber-attacks in the form of phishing emails disguised as corporate communication, smishing (phishing using SMS) messages disguised as bank notices, and vishing (phishing using voice) calls disguised as food deliveries, to use just a few examples.

What’s more, mass working over remote connections has led to an enormous spike in remote login activity. This activity has been mostly over private, insecure machines and networks with user accounts that have been recently setup. As such, these remote login credentials have become easy targets for cyber-attackers. Further, with most people using more than one device, cybercriminals have gained access to an even greater number of attack vectors to carry out their nefarious activities.

Which countries have been worst hit?

Certain countries appear to have been targeted more than others. As of March 27^th, 2020, Statista found that the UK was experiencing the highest global share of malicious emails with ‘coronavirus’ in the subject title, with France and US coming in at second and third place.

 

How has this changed the threat landscape?

According to Check Point Software (CPS), a major US cybersecurity company, the total number of globally reported cyber-attacks relating to the coronavirus rose from 200 a day on March 14^th, 2020 to 5,000 a day by March 28^th, 2020.[3] What started as a physical security problem for the world has morphed into a cybersecurity problem for IT professionals.

The chart above from Check Point Research reflects the total number of coronavirus-related attacks that have been detected by CPS. As many as 84% of the attacks detected were triggered from phishing activity, whereas only 2% involved victims accessing malicious channels using their mobile device.[4]

The Netflix effect

While it is not surprising that the pandemic has resulted in Netflix’s subscriber growth, the brand has been used as part of various web-based fraud schemes. CPS observed a 2x growth in the number of phishing attacks by websites posing as Netflix sites.[5] And most of these have been registered in the last few months.

But the outlook from cybersecurity professionals is positive

George Kurtz, CEO of Crowdstrike, a US cybersecurity firm that listed on the Nasdaq in June 2019, recently commented in his blog:

“The widespread health and economic impact of the coronavirus has not deterred cyber adversaries. In fact, quite the opposite is occurring. In times of crisis, adversaries often try to exploit the situation, prey on the public’s fear and escalate attacks. I know it is difficult to imagine, but we have already seen nation-state adversaries and e-criminals launch phishing campaigns using the coronavirus as bait. We expect this to escalate and we are actually tracking the spread of these malicious campaigns as they follow the same patterns as the infection itself.”[6] – George Kurtz, CEO of Crowdstrike

According to global investment bank Jefferies, on March 20^th, 2020, cybersecurity can be expected to continue to remain mission critical for businesses, particularly as companies look to protect endpoints and workloads in a more distributed remote workforce.[7]

What are the prospects for the cybersecurity market?

COVID-19 has served to remind us of the hard truth that there is no compromising our safety. This includes our security and privacy online. Cybersecurity is expected to remain a necessary expense at a time when digital business models are gaining newfound support.

 

Here are some gripping facts:

• According to Statista, current corporate spending on cybersecurity lies at around $184 billion, and is predicted to grow to around $250 billion by 2023.[8] The caveats to this are that Gartner have traditionally been conservative with their predictions and these forecasts were made before the onset of the coronavirus.
• According to Tematica Research, as many as one in three people in the US have had their data compromised. This is a significant number when you consider that we had 2.5 billion global internet users at the turn of the century, which has grown to 4.5 billion today. The figure is expected to reach 7.5 billion by 2030.[9]
• According to Accenture, 68% of business leaders feel that their cybersecurity risks are increasing.[10]
• According to Varonis Systems, only 5% of companies’ folders are adequately protected.[11]
• According to Cybersecurity Media, by the end of 2020, the total estimated number of passwords used by human machines worldwide will reach 300 billion.[12]

According to Tematica’s Versace, “As the number of connected users and devices grow, in part due to new technologies ranging from artificial intelligence, cloud computing and the internet of things, and in part due to people naturally embracing a digital lifestyle, cybercriminals will have access to an ever-increasing digital surface that will need to be secured and defended.” According to Cybersecurity Ventures, damages relating to cybercrime are predicted to cost up to $6 trillion annually by the end of 2021.[13] This will keep the companies that are fighting cybercrime very busy.

The investment opportunity

Cybersecurity is still a relatively new industry. While it has been and continues to be catalysed time and time again by major events, new technologies and privacy regulation, what has become clearer in the recent period that the industry has a much bigger role to play in a world that is becoming more digitised. While cybersecurity used to be just about security, today, it is also about safety and privacy. Individuals, companies and even governments have now accepted that they can no longer underestimate the nefarious cybercriminal, and must proactively seek to protect their most valuable assets and infrastructure, much of which is now virtual, digital and remote.

And this is where the cybersecurity industry has been stepping in. The industry is expected to grow rapidly in the years ahead, and this presents an exciting opportunity for investors who want to participate in the industry’s growth. With our lives, our work and even our identities now all online, for many investors this is no longer just about making a financial investment, but also an investment in protecting who we are.

Conclusion

Cybersecurity is likely to be one of biggest beneficiaries from the shift to digital that is occurring as a result of the coronavirus outbreak. The shift is testing our technological substructures, while at the same time catalysing innovation and forcing change through new technologies such as machine learning, 5G and the cloud. As the world adopts even smarter technologies, cybercriminals will be looking for vulnerabilities to exploit in the same way as cybersecurity professionals will be looking to remedy them. Cybersecurity is not just a consideration for today, but rather represents a long-term theme and growth story that will be catalysed through time by an ever-evolving threat landscape. Today’s pain points are indicative of just how much bigger the cybersecurity opportunity is set to become from hereon.

 

Related ETF

CYBR: The Rize Cybersecurity and Data Privacy UCITS ETF

 

References

1. Check Point Software, “Coronavirus update: In the cyber world, the graph has yet to flatten”, March 2020, Available at: https://blog.checkpoint.com/2020/04/02/coronavirus-update-in-the-cyber-world-the-graph-has-yet-to-flatten/
2. TEISS, “Coronavirus pandemic has unleashed a wave of cyber-attacks – here’s how to protect yourself”, March 2020. Available at: https://www.teiss.co.uk/coronavirus-pandemic-has-unleashed-a-wave-of-cyber-attacks-heres-how-to-protect-yourself/
3. Check Point Software, “Coronavirus update: In the cyber world, the graph has yet to flatten”, March 2020, Available at: https://blog.checkpoint.com/2020/04/02/coronavirus-update-in-the-cyber-world-the-graph-has-yet-to-flatten/
4. IBID
5. IBID
6. Crowdstrike, “CrowdStrike CEO Addresses Coronavirus Cybersecurity Impact”, March 2020. Available at: https://www.crowdstrike.com/blog/george-kurtz-addresses-coronavirus-cybersecurity-impact/
7. Market Watch, “CrowdStrike stock surges as platform feels right at home in a coronavirus work-from-home world”, March 2020. Available at: https://www.marketwatch.com/story/crowdstrike-stock-surges-as-platform-feels-right-at-home-in-a-work-from-home-world-2020-03-20
8. Gartner, “Gartner Forecasts Worldwide Information Security Spending to Exceed $124 Billion in 2019”, August 2018. Available at: https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124-billion-in-2019
9. Statista, “Global digital population as of January 2020”, January 2020. Available at: https://www.statista.com/statistics/617136/digital-population-worldwide/
10. Varonis, “Cybersecurity Statistics”, April 2020. Available at: https://www.varonis.com/blog/cybersecurity-statistics/
11. IBID
12. IBID
13. Cybersecurity Ventures, “Cybercrime Damages $6 Trillion By 2021”, Available at: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/