Cybercrimes have become more prevalent in the last few years as people, corporations, and governments become increasingly digitized. According to Bloomberg, there have been 195 data breaches worldwide that have been reported (some of which go all the way back to 2005), where at least 1 million records were breached in some way1. Of those 195 that made widespread headlines, there were 48 instances where over 10 million records were breached over the last 5 years. On average, there has been a hack approximately every 36 days where at least 10 million records were breached. The periodicity of these hacks show that data breaches have been recurrent and that it is likely that they will continue to happen with the same frequency given the interconnected nature of data transfer, infrastructure, and communication. From an investment perspective, it is important to understand whether or not these cyberattacks have a direct impact on the share prices of cybersecurity companies. The following analysis will show that the Nasdaq CTA Cybersecurity Index (NQCYBR), which is an index tracking companies actively involved in providing cybersecurity technology and services, has directly benefited from the aforementioned data breaches. Investors may benefit from owning the product tied to NQCYBR, the First Trust Nasdaq Cybersecurity ETF (CIBR), as these incessant cyberattacks continue to occur.
The charts below provide some additional details around the 195 incidents that had more than 1 million records breached and the 48 incidents that had over 10 million records affected over the last 5 years. It is immediately evident that Technology has been the largest industry affected by data breaches over the last 5 years, with 44% of data breaches with over 1 million records affected and 63% of the attacks with over 10 million records breached coming from the Technology Industry. Some of the other major industries affected include Retail, Gaming, and Government. From a country perspective, the U.S. experienced the majority of these data breaches, with 60% of data breaches with over 1 million records affected and 54% of data breaches with over 10 million records affected occurring in the U.S. The U.K., Canada, Russia, and India were some of the other major countries affected the most by cybercrimes over the last 5 years.
Keeping these data breaches in mind, NQCYBR has outperformed the S&P 500 Index (SPX) by about 26 percentage points, cumulatively over the last 5 years. The major data breaches over that time span have been overlaid in the chart below, which illustrate the recurrent nature of cyberattacks. The largest such cyberattack was the Yahoo! breach where approximately 3 billion user records were accessed which contained names, email addresses, birth dates, passwords, and other vital information2. Over the last year, NQCYBR has still outperformed SPX by about 2-3 percentage points, cumulatively, as shown in the second chart below. This outperformance demonstrates that, overall, cybercrimes have had a positive impact on the performance of cybersecurity companies.
In order to understand the true impact of cyberattacks on a cybersecurity index such as NQCYBR, it is important to analyze the impact of significant attacks on the index itself when the breaches occur. Considering the 48 data breaches that have occurred over the last 5 years, where at least 10 million records were hacked, will provide a substantive indication of whether or not data breaches have an impact on the performance of cybersecurity companies. After analyzing these data breaches, the chart below explicitly illustrates that NQCYBR has outperformed SPX 1 week, 1 month, and 3 months post-data breaches, on average. In other words, when hacks occurred over the last 5 years, NQCYBR outperformed SPX by 34 basis points 1 week after data breaches, 34 basis points 1 month after data breaches, and 17 basis points 3 months after data breaches, on average. This shows not only that data breaches have an immediate impact on cybersecurity companies (1-week post-data breach performance), but also that the impact of cyberattacks on the performance of cybersecurity companies can be seen over longer periods as well (at least 1-month post-data breach performance).
Overall, cyberattacks have been prevalent, with 195 reported incidents that had over 1 million records breached and 48 reported incidents that had over 10 million records breached. Most of the incidents affected the U.S. and Technology industry, although many other industries and countries were also affected by the cybercrimes. Over that timeframe, the Nasdaq CTA Cybersecurity Index (NQCYBR) has significantly outperformed the S&P 500 Index (SPX), broadly highlighting that the ongoing cyberattacks have helped cybersecurity companies, as the demand for their products and services has risen over the years along with the rise in cybercrimes. At a granular level, the outperformance of NQCYBR vs. SPX after data breaches occur demonstrates the advantage of investing in cybersecurity companies more clearly. Overall, investors looking to gain exposure to cybersecurity companies as cyberattacks become more ubiquitous can consider the product tied to NQCYBR, the First Trust Nasdaq Cybersecurity ETF (CIBR).
Nasdaq® is a registered trademark of Nasdaq, Inc. The information contained above is provided for informational and educational purposes only, and nothing contained herein should be construed as investment advice , either on behalf of a particular security or an overall investment strategy. Neither Nasdaq, Inc. nor any of its affifiliates makes any recommendation to buy or sell any security or any representation about the fifinancial condition of any company. Statements regarding Nasdaq-listed companies or Nasdaq proprietary indexes are not guarantees of future performance. Actual results may differ materially from those expressed or implied. Past performance is not indicative of future results. Investors should undertake their own due diligence and carefully evaluate companies before investing. ADVICE FROM A SECURITIES PROFESSIONAL IS STRONGLY ADVISED.