5 High-Profile Breaches that will catapult cybersecurity investment in 2021
2020 marked an inflection point for the cybersecurity sector. It was a year that fundamentally changed how governments and companies chose to secure themselves online.
With so many of us shifting to working and shopping from home, cybercriminals had more ‘entry points’ than ever before. Vulnerabilities in our digital infrastructure were exposed, many of which we didn’t even know were there. High-profile companies that we all know about suffered crushing cyber-attacks, resulting in billions of leaked records and eye-watering fines due to the associated privacy violations.
Many companies discovered the inexorable downside of greater connectivity: greater vulnerability. The rate of phishing attacks rose by more than +600% in February last year alone. The number of attacks against banks soared by +238%. We saw an +148% increase in ransomware attacks, and as many as 80% of companies reporting that they had seen an increase in attacks targeting their most critical infrastructure.  Both businesses and governments were targeted, leading many to ramp up security efforts against what seemed like an unrelenting and certainly much smarter cybercriminal.
Some of the year’s most notable attacks include:
1. Clearview – Clearview AI’s entire client list was stolen due to a software vulnerability exposing 3 billion personal records.
2. Marriot (again!) – The hotel chain suffered another humiliating cyber-attack in which 5.2 million hotel guest records were affected.
3. Zoom – Zoom failed to secure meeting rooms, leaving many rooms ‘open’ to attackers (and the public) creating huge data privacy issues. It was also discovered that Zoom was routing traffic through China. Meanwhile, the People’s Republic responded that ‘what goes through China, belongs to China.’
4. Easyjet – The budget airline revealed a data breach exposing records belonging to 9 million customers, including financial records. An £18 billion class-action lawsuit was launched to compensate customers impacted by the breach.
5. Microsoft – The giant disclosed that 5 of its servers used to store anonymised user analytics had been exposed. The exposed records affected the 4 major telecoms companies in the US as well as the US State Department, Homeland Security and the Pentagon!
The year that changed everything
The pandemic has given rise to new patterns of attack and new vulnerabilities. The development of cyber-attacks is likely to continue throughout 2021 (and beyond) as companies are left with no choice but to protect data across more endpoints and networks as workforces and organisations themselves become more distributed but at the same time more interconnected.
Even if we were to see a ‘return to normal’, it would seem likely that remote work is not going away. Gartner’s recently did a survey that cited that 74% of CFOs plan to permanently shift certain employees to remote work after the end of the pandemic.
This structural shift in how we work and live creates new fodder for cybercriminals. Whether in the form of phishing, ransomware, malware; the list goes on. Indeed, the shift has given rise to a new term of service in the cybersecurity industry known as ‘Next Gen Workload Protection’. UK-based cybersecurity company, Sophos, has predicted that the big ransomware groups will ‘become more evasive and nation state-like in sophistication’ by targeting larger companies with multi-million-dollar ransom demands. Additionally, ‘Ransomware-as-a-Service’ will emerge to allow smaller (cybercrime) players wreak havoc with pretty much everyone else. With this in mind, cybersecurity spending cannot and will not abate anytime soon, which makes spending forecasts look strong and healthy.
Top of President Biden’s agenda
One of the shortcomings in predicting cybersecurity spending is of course that you cannot anticipate a high-profile attack, let alone when different attacks will occur during a calendar year. For example, in 2017, Gartner forecast that cybersecurity spending would increase to $93bn in 2018. However, by mid-2018, following several high-profile cyber-attacks including Equifax and Yahoo, Gartner revised their 2018 spending forecast to $114bn. Based on the level of attacks we saw in 2020, we’re already beginning to see forecasts being upwardly adjusted.
Furthermore, following the sophisticated malware attack on SolarWinds last year in which upwards of 250 federal agencies were attacked, President Biden announced that “my administration will make cybersecurity a top priority at every level of government and we will make dealing with this breach a top priority from the moment we take office… it may take billions of dollars to secure our cyberspace.”
The cybersecurity issue is clearly not going away. Indeed, it is only going to become a bigger part of our conversation. From an investment point of view, that is a huge boon for spending going forward.
CYBR: Rize Cybersecurity and Data Privacy UCITS ETF
 Infosecurity Magazine, “COVID19 Drives Phishing Emails Up 667% In Under a Month”, 2020. Available at: https://www.infosecurity-magazine.com/news/covid19-drive-phishing-emails-667/
 ZDNet, “COVID-19 blamed for 238% surge in cyberattacks against banks”, May 2020. Available at: https://www.zdnet.com/article/covid-19-blamed-for-238-surge-in-cyberattacks-against-banks/
Carbon Black, “Amid COVID-19, Global Orgs See a 148% Spike in Ransomware Attacks; Finance Industry Heavily Targeted”, April 2020. Available at: https://www.carbonblack.com/blog/amid-covid-19-global-orgs-see-a-148-spike-in-ransomware-attacks-finance-industry-heavily-targeted
 CSO Online, “Top cybersecurity facts, figures and statistics for 2020”, March 2020. Available at: https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html
 BBC, “Clearview AI: Face-collecting company database hacked”, February 2020. Available at: https://www.bbc.co.uk/news/technology-51658111
 Infosecurity Magazine, “New Marriott Data Breach Affects 5.2 Million Guests”, 2020. Available at: https://www.infosecurity-magazine.com/news/new-marriott-data-breach-affects/
 BBC, “Zoom tackles hackers with new security measures”, May 2020. Available at: https://www.bbc.co.uk/news/technology-52560602
 BBC, “EasyJet admits data of nine million hacked”, May 2020. Available at: https://www.bbc.co.uk/news/technology-52722626
 ZDNet, “Microsoft confirms it was also breached in recent SolarWinds supply chain hack”, December 2020. Available at: https://www.zdnet.com/article/microsoft-was-also-breached-in-recent-solarwinds-supply-chain-hack-report/
 Gartner, “Gartner CFO Survey Reveals 74% Intend to Shift Some Employees to Remote Work Permanently”, April 2020. Available at: https://www.gartner.com/en/newsroom/press-releases/2020-04-03-gartner-cfo-surey-reveals-74-percent-of-organizations-to-shift-some-employees-to-remote-work-
 Sophos, “Sophos Threat Report Flags Ransomware and Other Significant Cyberattack Trends Expected to Shape IT Security in 2021”, November 2020. Available at: https://www.sophos.com/en-us/press-office/press-releases/2020/11/sophos-threat-report-flags-ransomware.aspx
 Information Age, “Gartner CIO Agenda 2021 — increased spending in cyber security most commonly projected”, November 2020. Available at: https://www.information-age.com/gartner-cio-agenda-2021-spending-cyber-security-most-projected-123492611
 Computer Weekly, “Regulation and impact of cyber-attacks driving security spending”, August 2017. Available at: https://www.computerweekly.com/news/450424541/Regulation-and-impact-of-cyber-attacks-driving-security-spending
 Gartner, “Gartner Forecasts Worldwide Information Security Spending to Exceed $124 Billion in 2019”, August 2018. Available at: https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124-billion-in-2019
 IDC, “Ongoing Demand Will Drive Solid Growth for Security Products and Services, According to New IDC Spending Guide”, August 2020. Available at: https://www.idc.com/getdoc.jsp?containerId=prUS46773220
 Business Insider, “Biden says he will ‘not stand idly by’ on the massive US cyberattack that Trump hasn’t bothered to address yet”, December 2020. Available at: https://www.businessinsider.com/biden-statement-solarwinds-cyberattack-trump-russia-2020-12?r=US&IR=T