Navigating the Dynamic Cyber Security World through the ISE Cyber Security UCITS Index
- By Ben Jones, Product Development Specialist, Nasdaq
In 2015, Ginni Rometty, current executive chairman and former president and CEO of IBM, said, “cybercrime is the greatest threat to every company in the world."1 The threat only continues to grow. In 2017, cyber theft was reported as the fastest growing crime in the US with cybercrime damages expecting to cost $6 trillion annually by 2021.2 To combat the rise in cybercrime, the cyber security industry has grown and evolved over the past few years and is expected to grow as cybercrime remains a constant threat.
For instance, the cybersecurity market was valued at USD 161.07 billion in 2019, and it is expected to reach USD 363.05 billion by 2025.3 Given these growth prospects, interest in the cyber security industry should continue to grow. In addition, the cyber security theme is diverse and constantly evolving, so in order to track it, any index must be robust enough to capture the nature of the theme as well as dynamic enough to evolve as cyber criminals and cyber security companies innovate alongside rapid technological and societal change. The ISE Cyber Security UCITS® Index (HUR) was one of the first cyber security benchmarks and has met the demand for tracking and measuring the cyber security market.
What sets HUR apart from its peers is the fact that it incorporates a unique cyber security classification framework, providing a way to track and measure the cyber security theme by identifying companies offering cyber security through infrastructure and services. Although the scope of the definition of cyber security can be quite broad and the fact that cyber security industry continues to change, HUR manages to capture the industry through its classification process of identifying cyber security infrastructure providers and service providers, setting it apart from other indexes seeking to track this space.
Dynamic Cyber Security World
For starters, businesses, organizations, and governments are constantly being bombarded with cybercrime and threats. To make matters worse, the global crisis sparked by the COVID-19 pandemic has led to an increase in cybercrime as well as hastened many businesses adoption of digital and cloud technologies, which has led to additional vulnerabilities. All of this is to stay that the cyber security industry and the world it protects is in a constant state of flux, meaning that a robust yet adaptable process for identifying and classifying cyber security companies is necessary for tracking and measuring this theme. Below is a quick list of recent cyber security anecdotes generated by the recent global crisis:
- U.S. Threats - FBI’s Internet Crime Complaint Center (IC3) received between 3,000-4,000 cybersecurity complaints daily – a rise from the normal average of 1,000.4
- U.K. Cyber Attacks - “February and March 2020, UK cyber attacks rose 37% month to month in the midst of the coronavirus crisis.”5
- Financial Companies - Alert from Office of Compliance Inspections and Examinations (OCIE) observed an “apparent increase in sophistication of ransomware attacks on SEC registrants, which include broker-dealers, investment advisers, and investment companies.”6
- The COVID-19 pandemic and the “global crisis is driving cloud adoption. 40% [of businesses] said COVID-19 is accelerating their move to the cloud.”7 As a result, according to Gartner, “the coronavirus pandemic is driving short-term demand in areas such as cloud adoption, remote worker technologies and cost saving measures."8
- According to McKinsey & Co., the shift to working from home during the COVID-19 pandemic has “opened multiple vectors for cyberattacks,” sparked a rise in “social engineer ploys,” and has put more cyber threat pressure on public sector organizations.9
Another issue with properly tracking this theme is that there are so many different cyber threats and bad actors in the world, so it takes a number of different tools and companies to provide proper cyber security to defend against them. According to Norton LifeLock, a cyber-security company, “a cyberattack occurs when cybercriminals try to gain illegal access to electronic data stored on a computer or a network. The intent might be to inflict reputational damage or harm to a business or person, or theft of valuable data. Cyberattacks can target individuals, groups, organizations, or governments.”10
More importantly, the cyber attackers can range from individuals to government-sponsored groups.10 Because of the diverse nature of the cyber security problem, not only do traditional software and computer technology companies provide cyber security services, but there are also more traditional defense companies that have experience with providing defense services against government sponsors groups as well. Below is a list of different cyber threats and their descriptions from the Government Accountability Office (GAO).11
2 https://cybersecurityventures.com/annual-cybercrime-report-2020/
3 https://www.mordorintelligence.com/industry-reports/cyber-security-market
5 https://www.infosecurity-magazine.com/news/cyberattacks-up-37-over-past-month/
6 https://www.sec.gov/ocie/announcement/risk-alert-ransomware
7 https://virtualizationreview.com/articles/2020/06/03/mariadb-survey.aspx
10 https://us.norton.com/internetsecurity-emerging-threats-cyberattacks-on-the-rise-what-to-do.html
11 https://us-cert.cisa.gov/ics/content/cyber-threat-source-descriptions
Other Topics
Indexes Cybersecurity FinTech
Nasdaq Index Research Team
Nasdaq
Nasdaq calculates more than 40,000 diverse indexes, providing coverage across asset classes, countries and sectors.
Read Nasdaq Index Research Team's Bio
MarketInsite
Nasdaq
Nasdaq’s Marketinsite offers actionable insights on a variety of market-moving topics. Learn from our thought leaders who are driving the capital markets of tomorrow.
Read MarketInsite's Bio