Cybersecurity: A Year in Review
Over the last year, cybersecurity has become an even more crucial part of everyday life and a top priority for businesses and governments around the world following several critical attacks on both the public and private sectors. In a new twist, the use of cyber warfare as a Russian tactic in its invasion of Ukraine has prompted a further ramping up of cybersecurity-related efforts and spending in the near term, including increased government regulation and legislation, especially within Europe and the US. And the statistics speak for themselves. In March 2022, Thales Research reported that one in five (21%) global organizations* experienced a ransomware attack in the last year, with 43% of those experiencing a significant impact on operations. Additionally, nearly one in three global businesses experienced a data breach in the last 12 months. In terms of preparation, Venafi reports that only 50% of US companies have a cybersecurity plan, and only 43% are financially prepared, as the total cost of cyberattacks in the last year has ballooned to more than $6.9 billion. The number of attacks (and, for organizations who are unprepared, the costs associated with them) is expected to grow exponentially as the methods and tactics used by sophisticated hackers continue to evolve, making cyber security a non-negotiable necessity in today’s highly digitized world. The hacks and breaches witnessed over the last year have proven just how serious the implications can be for the functioning of the global economy, whether it’s an attack on a natural gas supplier or a semiconductor manufacturer. We’ll review some of the key developments across the cybersecurity theme over the last year, including some of the newest government regulations, notable hacks/breaches, and a flurry of M&A activity that signals ongoing maturation in an industry with strong fundamentals and a number of secular tailwinds for continued growth.
Ramped Up Regulation
Cybersecurity has become a top priority for President Biden over the last year in reaction to the increased number and overall sophistication of cyberattacks not only in the U.S. but globally. Research published by Check Point (CHKP) reports that cyber-attacks have increased by 16% worldwide since the start of the Russian war against Ukraine in February 2022. To raise visibility and awareness of cyber incidents in the U.S., Biden signed new cybersecurity legislation on March 15, 2022, mandating critical infrastructure operators to report hacks to the Department of Homeland Security within 72 hours and 24 hours in the case of a ransomware payment. Also in March 2022, the Securities and Exchange Commission (SEC) voted to propose two new cybersecurity rules for public companies: Mandatory reporting of material cybersecurity incidents on an 8-K form within four business days of the incident; and Required disclosures on company policies to manage cybersecurity risks, including updates on previously reported material cybersecurity incidents. Additionally, the U.S. House of Representatives passed two cybersecurity bills in July 2022. The first bill authored by Congressman Bilirakis requires the Federal Trade Commission to report cross-border complaints involving ransomware and other cyberthreat incidents. The second bill, the “Energy Cybersecurity University Leadership Act,” directs the Department of Energy to establish an energy cybersecurity university leadership program. Ahead of the November U.S. midterm elections, the Cybersecurity & Infrastructure Security Agency (CISA) has issued a toolkit to enhance the cybersecurity and cyber resilience of the election infrastructure. Cyber efforts have increased outside of the U.S., as well. The U.K. government added stringent telecom security rules to its existing Telecommunications (Security) Act in March of this year, which was originally passed in November 2021 to help defend the country from cyberattacks. Also, in March 2022, the European Commission (EC) proposed new cybersecurity rules to ensure uniform security measures across EU institutions, bodies, offices, and agencies. According to the EC, the proposed rules “put in place a framework for governance, risk management and control in the cybersecurity area. It will lead to the creation of a new inter-institutional Cybersecurity Board, boost cybersecurity capabilities, and stimulate regular maturity assessments and better cyber-hygiene.” In May 2022, the European Commission accepted a political agreement between the European Parliament and the EU Member States on a new directive of measures for existing rules on the security of network and information systems (NIS Directive) across the Union. This enhanced directive covers “medium and large entities from more sectors that are critical for the economy and society, including providers of public electronic communications services, digital services, wastewater, and waste management, manufacturing of critical products, postal and courier services, and public administration, both at a central and regional level.” Government entities in smaller nations have found themselves increasingly exposed to cyber threats due to a lack of resources and spending on preventing breaches, ransomware, and other cyber-attacks. For example, 27 government entities in Costa Rica were under attack in April-May 2022, and some of the worst affected included the Ministry of Finance and its two portals, the Virtual Tax Administration Portal (public tax collection portal) and the Information Technology for Customs Control portal. The attack caused a delay in the payment of pensions, salaries, subsidies, and tax collection.
Contact Us for More Information
Index Licensing
Nasdaq Index Research Team
Nasdaq
Nasdaq calculates more than 40,000 diverse indexes, providing coverage across asset classes, countries and sectors.
Read Nasdaq Index Research Team's Bio