Cybercrime: from infiltration to investment
Viruses, worms, firewalls, trojans, ransomware: it seems the bizarre vocabulary of cybercrime has evolved as much as the threat itself. But so too have the investment opportunities.
Mentioned: Cisco Systems Inc (CSCO), Meta Platforms Inc (META), BetaShares Global Cybersecurity ETF (HACK), Itron Inc (ITRI), Gen Digital Inc (GEN)
Viruses, worms, firewalls, trojans, ransomware: it seems the bizarre vocabulary of cybercrime has evolved as much as the threat itself. From software security to infrastructure, these days no sector - nor indeed any of the myriad devices we rely on everyday - is completely shielded from the invisible tentacles of the computer hacker.
But there is also a greater desire to tackle this threat and with it a chance for investors to capitalise on the growth of the cybersecurity sector. But before we look at the investment opportunities, it's worth outlining the evolution and scope of the threat.
'One of the greatest threats facing mankind'
Global research firm Cybersecurity Ventures goes so far as to call cybercrime one of the greatest threats facing mankind and cites the five most cyber-attacked industries as healthcare, manufacturing, financial services, government, and transportation. Nor is social media immune: earlier this month, Facebook said it discovered – and since fixed – a security breach in which hackers gained access to almost 50 million accounts.
Hackers recently gained access to almost 50 million Facebook accounts
A breach of privacy is one thing, but cybercrime is being treated first and foremost as an economic threat. Whereas, global military spending is about $1.7 trillion, cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, according to Cybersecurity Ventures.
"This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined," says Cybersecurity Ventures editor-in-chief Steven Morgan.
Indeed, as the US congressional elections approach, the threat of cybercrime has sharpened the minds of the hawks in the White House who late last month launched a new national cybersecurity strategy in a bid to tackle what is sees as inevitable threats to disrupt the midterms set down for 6 November.
For cyber experts, the Trump administration’s overhaul of America's cybersecurity strategy is long overdue and much tougher than the previous administration's plan. After all, America is still smarting from two cyberattacks: an attack on Sony Pictures in November 2014, allegedly sponsored by North Korea, in which hackers first leaked personal data on staff and their families before erasing Sony's computer infrastructure; and another data breach the following year, in which China was accused of hacking the US Office of Personnel Management and gaining access to the personal records of up to four million people.
Tackling cybercrime in Australia
The threat of cybercrime is increasing in Australia, too, and grew by more than 25 per cent last year, according to a study by global consultancy firm Accenture. As for the cost, Australia's new Cyber Security Strategy estimates it's causing losses of up to $17 billion a year. And earlier this year, it was revealed that up to 400 Australian businesses may have been targeted by suspected Russian state-sponsored cyberattacks that have affected millions of computer routers worldwide.
The federal government is keenly aware of the threat and will invest more than $230 million over the next four years as part of its cyber offensive, complementing a $400 million expansion in defence capabilities over the next decade. That said, it's somewhat sobering that the number of people using the internet swamps the number of people trained in IT security – and global competition for jobs is fierce.
According to the commonwealth's cyber security strategy, in the second half of 2016, the volume of data downloaded through broadband connections was 23 per cent greater than the first half of 2016, continuing a long-term trend of growing internet usage.
And cyber security company Sophos says more than 50 per cent of companies in Australia have been hit by ransomware - malicious software that essentially takes your data hostage until you pay a ransom. Like the US, vulnerable targets in Australia include the healthcare, education, and financial planning, according to the Office of the Australian Information Commissioner.Â
Such statistics come as little surprise when you consider how connected our lives have become. There are now close to four billion people with access to the internet, while the number of devices connected to the internet is more than double that, notes Tamas Calderwood of BetaShares. By 2020, there will be 30 billion devices connected to the internet. And the more devices we accumulate, the more this global connection – known as the "internet of things" – grows.
"You already buy a fridge that will send you a photo of its inventory and a doorbell that will alert your phone and stream video allowing you to talk to your visitor while on the other side of the planet," Calderwood says. "What's coming next, though, are billions of sensors that will measure temperatures, moisture, movement, traffic, crowds, travel times, speeds, positions, chemical concentrations, everything."
By 2020, there will be 30 billion devices connected to the internet
The sensors in these devices will use little power, have long-life batteries and monitor everything from agriculture and traffic movements to public transport, offices and homes.
"They will be used to help run factories, optimise logistics, manage inventories, avoid traffic jams, schedule timetables and prevent machines breaking down," Calderwood says. "We already produce over 2.5 quintillion bytes of data every day and 90 per cent of all the data that exists in the world today - text, photos, measurements, everything - was created in the last two years."
The two big themes in cybersecurity are complexity and consolidation, says Morningstar US equity analyst William Fitzsimmons. "In terms of complexity, today, the vectors of attack for enterprises are becoming much more complex. You have firewall, you have software-as-a-service, you have endpoint security, cloud security. They are making the enterprise security efforts much more byzantine.
"In terms of consolidation, it used to be that a point vendor would sell you the services for endpoint which would be separate from firewall. Now we're seeing consolidation where one vendor like Palo Alto can do all those things together. For a lot of businesses in our coverage, cyber security vendors have moved from deriving their revenue from one-time product and hardware sales to software, which has led to subscription-service sales.
Security investments across major enterprises remain robust, Fitzsimmons says, adding that major businesses are incentivised to spend more on cybersecurity infrastructure to avoid headline scandals that could damage consumer trust.
"Given that backdrop, the cybersecurity industry has increasingly gained attention as a potentially lucrative place to invest. Tailwinds remain strong and the shift to subscription software has created more predictable revenue streams."
Investment opportunties
Perhaps more staggering than the sheer volume of this data - health records, bank details, customer data, personal browsing history - is the fact that much of it is public. To that end, BetaShares' Calderwood has both practical advice and suggestions for the investor looking to seize on this growing sector.
"Update your software, be careful what you click, make sure you have strong passwords with two-step authentication and back up all up your important stuff," he says.
Among ETF options is BetaShares' Cybersecurity ETF (ASX: HACK), which aims to track the Nasdaq CTA Cybersecurity Index, and thus gain exposure to leading global companies from the US, Britain, Israel, Japan and South Korea, including Cisco, Symantec, CyberArk and Itron. While past performance is no guarantee of future returns, the ETF was up almost 27 per cent in the year to June 30 with funds under management of close to $100 million, Calderwood notes.
BetaShares Global Cybersecurity ETF v ASX200
Source: Morningstar Direct
More from Morningstar
• Make better investment decisions with Morningstar Premium | Free 4-week trial
Â
Lex Hall is content editor, Morningstar Australia
© 2018 Morningstar, Inc. All rights reserved. Neither Morningstar, its affiliates, nor the content providers guarantee the data or content contained herein to be accurate, complete or timely nor will they have any liability for its use or distribution. This information is to be used for personal, non-commercial purposes only. No reproduction is permitted without the prior written consent of Morningstar. Any general advice or 'class service' have been prepared by Morningstar Australasia Pty Ltd (ABN: 95 090 665 544, AFSL: 240892), or its Authorised Representatives, and/or Morningstar Research Ltd, subsidiaries of Morningstar, Inc, without reference to your objectives, financial situation or needs. Please refer to our Financial Services Guide (FSG) for more information at www.morningstar.com.au/s/fsg.pdf. Our publications, ratings and products should be viewed as an additional investment resource, not as your sole source of information. Past performance does not necessarily indicate a financial product's future performance. To obtain advice tailored to your situation, contact a licensed financial adviser. Some material is copyright and published under licence from ASX Operations Pty Ltd ACN 004 523 782 ("ASXO"). The article is current as at date of publication.