In today’s digital world, data is gold, and more malicious actors are trying to get their hands on the prize. Just recently, two heavyweight technology companies provided customer data to hackers disguised as law enforcement officials proving that their cyber defenses are not as robust as they should be.1 This raised concerns, which were exacerbated by the cyberwarfare component of Putin’s attack on Ukraine, putting nerves on edge as individuals, companies, and governments consider who may be lurking within their networks. In response, the Biden administration warned companies of potentially higher levels of cybercrime related to Western-imposed sanctions and tense geopolitical relationships.2 In this environment, no one can escape cyber attacks, but they can work to prevent them. As a result, we expect cybersecurity spending to continue to increase and cybersecurity companies to attract investor interest due to their recurring revenue model. In our view, these factors, along with the Cybersecurity theme’s ability to help manage geopolitical risk in a portfolio make this exposure essential.
- We expect public and private action plans that assist in preventing cybercrime to increase in scope and result in greater sustained spending on cybersecurity. Recent data shows that Cybersecurity spending increased from $114.5 bn in 2018 to $123.8 billion in 2020.3
- The Biden Administration has increased their message of urgency to U.S. businesses regarding the need to protect against cyber-attacks which have impacts on governments, government contractors, and private businesses alike. The downstream implication is likely more spending on cybersecurity.
- Exposure to the Cybersecurity theme brings the defensiveness of consistent recurring revenue and the growth potential associated with public and private sector responses to increasingly sophisticated cybercriminal behavior.
The SolarWinds Hack Was a Call to Action
The Solar Winds hack discovered in December 2020 was a pivotal moment for cybersecurity. This hack is believed to be the work of the Russian Foreign Intelligence Service. For background, about 100 companies and a dozen government agencies were compromised, including the U.S. Treasury, Justice, and Energy departments, as well as the Pentagon.4 The attack was a wake-up call on how invasive and widespread the implications can be, especially when attackers compromise highly-utilized software. In direct response to this attack, in May 2021, President Biden issued an executive order on improving the nation’s cybersecurity. The purpose of the order is to modernize cybersecurity defenses and update security requirements for organizations that contract with the US Government.5 Further out, this order will have implications for the broader private sector as well. In light of Russian aggression into Ukraine, the Biden Administration increased their message of urgency to U.S. businesses regarding the need to protect against cyber-attacks. The downstream implications will likely be more spending on cybersecurity.
And Then There Was War and More Spending on Cybersecurity
Recent cybersecurity threats targeting Ukrainian banks and government departments bring the Cybersecurity theme to the frontlines of war. To help defend Ukraine from cyberattacks, the European Union provided a cyber rapid-response team comprised of experts from Lithuania, Croatia, Poland, Estonia, Romania, and the Netherlands. The private sector is lending a helpful hand as well. Just before Putin’s invasion, Microsoft’s Threat Intelligence Center identified unusual activity aimed at Ukraine’s government departments and financial institutions and quickly became involved in disclosing it.6 Alphabet has also been key in preventing cyber-attacks in Ukraine.7
These responses resemble the public-private action plans started by the Biden Administration to secure the electricity, pipeline, and water sectors in the United States, and to use governmental authority to mandate new cybersecurity and network defense measures.8 The administration’s goal of modernizing cyber defenses also includes continued cooperation with numerous international allies and partners to thwart ransomware strikes and publicly attribute cybercriminal activity.9
The close coordination of the Technology sector with Ukraine’s government, the EU, and the North Atlantic Treaty Organization (NATO) is unprecedented in its scope and pace. The response speaks to the advancement of cyber technology and the critical role it plays in the global economy. We expect efforts like these to continue and likely increase spending on cybersecurity, as cybercrime is a persistent risk. The World Economic Forum marked cyberattacks as the 7th global risk by likelihood and 8th by impact in 2020.10 It’s estimated that global cybercrime costs will grow by 15% per year to $10.5 trillion annually by 2025.11
A Cybersecurity ETF May Add Resiliency to a Portfolio
Cybersecurity technologies work to proactively shield against possible attacks while mitigating and repairing the damage from incidents that already occurred. Increased occurrence and severity of cyberattacks demonstrates the permanent need for cybersecurity spending. For cybersecurity companies, this increasingly critical need creates a business model that generates robust recurring revenue. As a result, by investing at the broader level of this theme, investors can diversify their exposure across companies because the factors spurring adoption are unlikely to wane anytime soon.
It is always difficult to pick the winner in any sector or theme. While detailed information is required to effectively pick an individual company that could beat the market, investing in a theme could lead investors towards an ETF, where one can diversify their risk. Since cybersecurity stocks can move up on price performance following the announcement of large-scale hacks, or down if an application developer falls victim to a large breach, an ETF could be a good, diversified solution.
Cybersecurity Could Be a High Growth Opportunity
The war in Ukraine and the geopolitical machinations associated draw further attention to the importance of strong cyber defense. Executive orders and the White House’s new cybersecurity strategy will likely increase adoption, particularly when there are plans for government oversight and rules mandating minimum standards.12 We believe that shifting cybersecurity from a voluntary investment into a regulated investment necessary to do business is likely to increase rapid adoption in the U.S., Europe, and elsewhere.13 Absolute protection of data is aspirational given the direct trade-off between data security and accessibility, but cybersecurity spending, which will likely continue to grow can mitigate risks, and this theme should be considered for a broader portfolio.
1 White House FACT SHEET: Act Now to Protect Against Potential Cyberattacks, March 21, 2022
2 White House FACT SHEET: Act Now to Protect Against Potential Cyberattacks, March 21, 2022
3 Embroker, 2021 Must-Know Cyber Attack Statistics and Trends, 11/2/21
4 NPR, A ‘Worst Nightmare’ Cyberattack: The Untold Story Of The SolarWinds Hack, 4/16/21
5 NPR, A ‘Worst Nightmare’ Cyberattack: The Untold Story Of The SolarWinds Hack, 4/16/21
6 Cybersecurity & Infrastructure Security Agency, Destructive Malware Targeting Organizations in Ukraine, 3/1/2022
7 Chamber Business News, As threats grow, experts assess government and private sector preparation for cyberattacks, March 24, 2022
8 NYT, As Tanks Rolled Into Ukraine, So Did Malware. Then Microsoft Entered the War, 2/28/2022
9 CSIS, A Shared Responsibility: Public-Private Cooperation for Cybersecurity, 3/22/2022
10 World Economic Forum, The Global Risks Report 2020, 1/15/20
11 GlobalNewswire, Cybercrime To Cost The World $10.5 Trillion Annually By 2025, 11/18/20
12 MIT Technology Review, Inside the plan to fix America’s never-ending cybersecurity failures, 18 March 2022
13 Reuters, EU proposes cybersecurity rules for EU bodies amid cybersecurity worries, 22 March 2022
Carefully consider the funds’ investment objectives, risks, and charges and expenses. This and other information can be found in the funds’ full or summary prospectuses, which may be obtained at globalxetfs.com. Please read the prospectus carefully before investing.
Global X Management Company LLC serves as an advisor to the Global X Funds.
Editor’s Note: The summary bullets for this article were chosen by Seeking Alpha editors.