We expect the cat-and-mouse game between organizations, consumers and the cybercriminals who covet their data to intensify this year. The latest concern is a vulnerability in internet software known as Log4j that could jeopardize hundreds of millions of systems globally. This threat follows multiple high-profile breaches in 2021, including the ransomware attack that compromised Colonial Pipeline’s fuel distribution across the eastern U.S. Cyber events like these continue to grow more frequent and costly, especially attacks on critical infrastructure and supply chains. And this threat is likely to only grow more acute as the global economy continues to digitalize and put sensitive data at risk. As a result, we expect heightened awareness of and expenditure on cybersecurity solutions to create long-term tailwinds for the cybersecurity investment theme.
Key Takeaways:
The world now creates an estimated 2.5 quintillion bytes of data every day—that’s 2.5 followed by 18 zeros.4 As a result, hackers have more access to sensitive data than ever, and they will have many more opportunities as the world continues to digitize and data volumes increase. In particular, the Internet of Things (IoT) devices will be a major contributor to the data pool. At the end of 2021, there were 14.6 billion connected devices.5 That number could grow nearly 18% in 2022, and then more than double by 2027.6
The economy’s shift to hybrid and remote work also creates significant opportunities for cybercriminals. Pandemic-induced lockdowns eased in the U.S. in 2021, but as many as 45% of full-time employees continued to work from home at least part-time.7 Whether due to new variants or employee preference, work-from-home initiatives are likely to remain intact, resulting in data vulnerabilities for the foreseeable future. According to an IBM report, remote work was a factor in 17.5% of reported data breaches in 2021.8 The average cost of these breaches was also 16.6% higher than breaches where remote work was not a factor.9
In 2021, several high-profile companies were victims of costly cyberattacks. The ransomware attack on Colonial Pipeline resulted in a $4.4 million payout to their attackers.10 CNA Financial paid ransomware hackers $40 million to decrypt parts of their digital infrastructure from which they locked the company out of.11 And JBS, the largest meat producer in the world, shut down several of its plants due to a cyberattack.12 These examples are just a few of the major attacks that victimized companies last year, at times resulting in multi-million dollar losses.
Even the most sophisticated solutions may not be able to eliminate all vulnerabilities, but they can stymy many threats and help protect against the worst outcomes. In 2021, companies, the U.S. government, and consumers demonstrated a growing awareness of cyber threats and commitment to preventative measures.
Consumers: A small but growing share of cybersecurity spending comes from consumers. About 53% of consumers are victims of at least one cybercrime, prompting many to take precautions such as personal VPNs, two-factor authentication, and identity theft protection services.18 The pandemic exacerbated threats to individuals, as emboldened scammers capitalized on the inflated time consumers spent online. Americans lost $586 million to COVID-related scams as of October 2021.19 However, consumers are conscious of the heightened threat. Last year, almost 40% of adults took steps to safeguard their online activity as a direct result of the pandemic.20 Digital protection habits learned during the pandemic could accelerate consumer adoption of cybersecurity services.
Beyond these fast-growing areas, cybersecurity companies are increasingly looking at consolidation. Typically, cybersecurity providers specialize in specific verticals, forcing customers to secure their data using a patchwork of different providers. This dynamic can lead to costly delays and other potentially damaging inefficiencies; indeed, the average data breach took 287 days to identify and contain in 2021.24 In an effort to improve protection capabilities end to end, several prominent cybersecurity providers engaged in mergers and acquisitions in 2021. Noteworthy activity included CrowdStrike Holdings’ $352 million acquisition of Humio, and Rapid7’s $335 million acquisition of IntSights, allowing the companies involved to field more integrated product offerings.25,26 This surge in consolidation activity is likely to continue in 2022, with antivirus and VPN service providers Norton and Avast set to merge in a deal valued over $8 billion.27
Conclusion
2021 featured some of the most impactful cyber intrusions in recent memory, and the world’s ongoing digital transformation only increases the likelihood of comparable attacks in the future. However, we believe that digital protection lessons learned during this period could further accelerate the adoption of cybersecurity services. In our view, recent financial commitments to thwart cybercriminals can form tailwinds for cybersecurity companies in 2022 and strengthen the long-term investment case for the cybersecurity theme overall.
Related ETF
BUG: The Global X Cybersecurity ETF seeks to invest in companies that stand to potentially benefit from the increased adoption of cybersecurity technology, such as those whose principal business is in the development and management of security protocols preventing intrusion and attacks to systems, networks, applications, computers, and mobile devices.
Click the fund name above to view the fund’s current holdings. Holdings subject to change. Current and future holdings subject to risk.