World Reimagined

Cybersecurity Will be a Growth Market for the Foreseeable Future

Abstract rendering of cybersecurity and technology
Credit: NicoElNino - stock.adobe.com

One of the greatest issues plaguing companies, governments, and individuals is cybersecurity. Attacks were increasingly prevalent before the COVID-19 pandemic as more of one’s work and personal life became digital, but the pandemic accelerated that shift, providing a proverbial field day for bad actors and attackers. According to Check Point Software’s Cyber Attack Trends Mid Year Report 2021, through the first six months of 2021 there has not only been a 93% increase in ransomware attacks but those attackers have adopted a new strategy. In addition to stealing sensitive data from organizations and threatening to release it publicly unless a payment is made, attackers are now targeting organizations’ customers and/or business partners and demanding ransoms from them as well. The fallout is calling for not only greater cybersecurity investment and spending to thwart these attacks but also increasing awareness regarding privacy.

The Numbers

According to Check Point’s findings:

  • U.S. organizations saw an average of 443 weekly attacks, marking a 17% increase compared to earlier this year.
  • In Europe, Middle East, and Africa the weekly average of attacks per organization was 777, a 36% increase;
  • And in the Asia Pacific, organizations saw 1338 weekly attacks, a 13% increase.

Included among those attacks were the high-profile ones involving SolarWinds (SWI) and the Colonial Pipeline attack. As would be revealed soon after, the SolarWinds attack was a supply chain strategy that infected software that was downloaded by more than 18,000 companies and governments. Also included in that year-to-date tally was the lesser-known “Kayesa Incident.” Over the Independence Day weekend, the supply chain and ransomware attack on IT management software firm, Kaseya, led to at least 1,000 businesses in at least 17 countries being affected.

The Cologne Institute for Economic Research found working from home during the pandemic cost German companies some €53 billion ($62 billion) worth of damages from cyberattacks, roughly 25% of the overall €224 billion attributed to cyberattacks.

While many schools are opening back up across the globe for in-person learning, many are expected to retain virtual learning as an option, which means access points for potential intrusion remain. In 2020, the number of publicly disclosed computer attacks on schools reached 408, marking a new record according to the K-12 Security Information Exchange. Here’s the thing, that record-high figure is likely undercounted as it doesn’t include the number of schools that never publicly report an attack. Even so, the growing number of attacks is a concern for school officials given not only the added cost to repair breaches and insure against future attacks but also the growing need to prevent the theft of students’ identities.

Earlier this month, T-Mobile (TMUS) revealed the total number of compromised user records was more than 54 million. While the carrier continues to investigate the extent of the attack, it has revealed that certain customers had their names, addresses, birth dates, and phone numbers exposed while others also had their IMEI and IMSI data—serial numbers tied to phones— hacked. According to the company, customer Social Security numbers or driver’s license details weren’t compromised. Lest one think this is “only a T-Mobile problem,” during the same week, a hacker known as ShinyHunters was reportedly selling a database that allegedly contained private information on roughly 70 million AT&T (T) customers, including social security numbers. AT&T denied the sample information posted by ShinyHunters came from its systems but odds are it came from somewhere.

While we tend to think of protecting our identity and privacy as safeguarding our social security and credit card information, findings from Capsule reveal cybercriminals can sell stolen medical records for as much as $1,000 each, while credit card numbers alone sell for as little as $5 and social security numbers for only $1 each. Why the disparity? Medical records, which cannot be canceled like a credit card, are a treasure trove of personal information, including the patient’s medical history, demographics, health insurance, and contact information. As Capsule points out, this “data can then be used to support numerous other illegal activities, such as obtaining prescription medications, filing bogus medical claims, or stealing the patient’s identity to open credit cards and fraudulent loans.”

The implications are, in a word, ginormous.

The White House Summit

Leading up to its recent summit, the White House issued an executive order directing federal agencies to boost security protocols and mandating cyber incident reporting, but that clearly hasn’t been enough to even slow down the pace of these attacks. But one of the outcomes from the summit, which included representatives from Apple (AAPL), Alphabet (GOOGL), Amazon (AMZN), Microsoft (MSFT), and JPMorgan (JPM), is greater cooperation between private companies and the government.

One initiative that IBM (IBM), Microsoft, Google, Travelers Cos. Inc. (TRV), and Coalition (a cyber insurance company), committed to working with the National Institute of Standards and Technology to create a framework to improve technology supply chain security. Another is to step up efforts to improve the cybersecurity skills of a greater number of people. IBM plans to train more than 150,00 people in cybersecurity skills while Microsoft announced it will make $150 million available for technical assistance to federal, state, and local governments to expand cybersecurity training as well as upgrade other security protection. Microsoft also shared that over the next five years, it will invest $20 billion to integrate cybersecurity into the design of its products.

Privacy

Circling back to privacy, in its 2021 “Corporate Data Responsibility: Bridging the Trust Chasm” report, KPMG found that over the past year, 70% of the companies analyzed by KPMG expanded their collection of personal consumer data. The report went on to reveal that of the respondents surveyed, “62% felt that their companies should do more to protect customer data. A third of them said that consumers should be more concerned about how their data is used by their company, while 29% admitted that their company has sometimes used unethical means to collect private data.”

When KPMG turned to consumers, it found that 78% of the respondents expressed fears about the amount of data being collected but 86% said they feel a growing concern about data privacy.

Those figures put some hard evidence behind a recent comment on privacy made by Apple CEO Tim Cook: "Ten years ago, privacy was a niche issue…Today it's one of the primary issues in people's minds because people know that the web has become this surveillance tool in all too many cases and that the building of detailed profiles on people has gone well beyond any kind of reasonable thing."

Cybersecurity, as well as data privacy, will likely be growth markets for the foreseeable future. One factor prompting this view is the realization that 5G network deployments and connectivity will spur the growth of the IoT market. There are varying forecasts for the size of that market, some in the low trillions of dollars by 2028, others in the high nine figures, but what they all have in common is consumer and business adoption of IoT solutions. That means an explosion in the number of connected devices in the next few years, including transportation, smart home, wearables, and industrial applications.

That explosion in connected devices is likely to be a hacker’s dream as it expands the number of potential attack points that need to be protected. In our view, this will drive the market for identity and authentication over the coming years, driving revenue and earnings at companies like Norton LifeLock (NLOK), Ping Identity (PING), Okta (OKTA), and OneSpan (OSPN). Odds are there will be at least a few more privacy companies added to that list. According to Crunchbase, there are more than 200 privacy startups that in aggregate raised more than $3.5 billion.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

In This Story

GEN OKTA OSPN

Other Topics

Cybersecurity Technology

Chris Versace

Christopher (Chris) Versace is the Chief Investment Officer and thematic strategist at Tematica Research. The proprietary thematic investing framework that he’s developed over the last decade leverages changing economic, demographic, psychographic and technology landscapes to identify pronounced, multi-year structural changes. This framework sits at the heart of Tematica’s investment themes and indices and builds on his more than 25 years analyzing industries, companies and their business models as well as financial statements. Versace is the co-author of “Cocktail Investing: Distilling Everyday Noise into Clear Investing Signals” and hosts the Thematic Signals podcast. He is also an Assistant Professor at NJCU School of Business, where he developed the NJCU New Jersey 50 Index.

Read Chris' Bio

Lenore Elle Hawkins

Lenore Elle Hawkins has, for over a decade, served as a founding partner of Calit Advisors, a boutique advisory firm specializing in mergers and acquisitions, private capital raise, and corporate finance with offices in Italy, Ireland, and California. She has previously served as the Chief Macro Strategist for Tematica Research, which primarily develops indices for Exchange Traded Products, co-authored the book Cocktail Investing, and is a regular guest on a variety of national and international investing-oriented television programs. She holds a degree in Mathematics and Economics from Claremont McKenna College, an MBA in Finance from the Anderson School at UCLA and is a member of the Mont Pelerin Society.

Read Lenore's Bio

Mark Abssy

Mark Abssy is Head of Indexing at Tematica Research focused on index and Exchange Traded Product development. He has product development and management experience with Indexes, ETFs, ETNs, Mutual Funds and listed derivatives. In his 25 year career he has held product development and management positions at NYSE|ICE, ISE ETF Ventures, Morgan Stanley, Fidelity Investments and Loomis Sayles. He received a BSBA from Northeastern University with a focus in Finance and International Business.

Read Mark's Bio