Russia-Ukraine conflict: The time for cybersecurity is now
By Devin Ryder, CFA
As tensions soar amid the Russia-Ukraine conflict, many experts consider the threat of cyberattacks to be imminent. Cyber attacks on businesses and government agencies have noticeably climbed following Russia’s invasion. Critical infrastructure such as financial institutions, governments, and utilities are all potential targets, and spillover attacks against non-primary targets are expected to become increasingly widespread. Here at ETFMG, we believe the fear of digital warfare will give added impetus to cybersecurity spending by companies, governments, and individuals.
The Threat of Cyber Warfare
Countries imposing sanctions on Russia have seen an uptick in cyber attacks. For example, Nvidia (NVDA), America’s largest chipmaker, and Toyota (TM), Japan’s largest automaker, have fallen victim to cyber attacks in the time since the invasion began.1,2 While purportedly unrelated to the Eastern European conflict, both the US and Japan had recently levied significant sanctions against Russia prior to the attacks. Opportunities for retaliation against such sanctions appear limited for Russia; however, history has shown us that cyber warfare is an area they are proven to be skilled. Just this past week, the US charged four Russian government officials over two major cyber attacks against the global energy sector that affected computers in 135 countries between 2012 and 2018.3
Governments Issue Warnings
The deepening crisis has prompted government agencies across the globe to issue precautions regarding increasing cyber risk. President Joe Biden noted the heightened threat and urged American businesses to bolster their cyber defenses. Echoing the sentiment, FBI Director Christopher Wray has advised that the FBI is “concerned” with the potential threat of Russian cyberattacks against critical domestic infrastructure.4 Across the pond, the UK’s National Cyber Security Centre issued an advisory, prompting organizations to take action to improve their online defenses.5 The Australian Cyber Security Centre has also urged businesses to take immediate steps to increase their cybersecurity safeguards.
Monetary Threats of Cyber Attacks
Cybersecurity has always been a concern for individuals, corporations, and governments. However, the current conflict is exacerbating the broader trend of attacks as they continue to increase in size, volume, and sophistication. This poses major financial, reputational, and legal risks for the agencies targeted. According to security provider SonicWall, ransomware attacks climbed an unprecedented 105% year-over-year in 2021 to a total of 623.3M attacks. Encrypted threats increased 167% year-over-year to 10.1 million, almost as many as 2018, 2019, and 2020 combined.6
According to the Hiscox Cyber Readiness Report, monetary damages caused by cyber attackers are on the rise. In fact, losses attributing to cybersecurity concerns have increased nearly sixfold, up from a median cost of $10,000 in 2020 to $57,000 in 2021 per organization. Firms responded to growing risks by increasing their cybersecurity investments by 39%.7 Despite this increase in security investments, nearly 80% of IT leaders still lack confidence in their company’s digital security.8 As threats become more prominent, the budget behind cybersecurity can be expected to grow. Cyber Security Ventures anticipates global cybersecurity spending will grow 15% year-over-year from $262 billion in 2021 to $460 billion in 2025.9
The current geopolitical turmoil has significant investment implications. While the war has suppressed risk appetite as seen by sell-offs in equities, and prominently in the technology sector, cybersecurity firms have outperformed since the beginning of the war.
The ETFMG Prime Cyber Security ETF (HACK) tracks the Prime Cyber Defense Index (Ticker: PCYBER), which has been constructed as a comprehensive and diversified vehicle for access to the cybersecurity space. The pure-play exposure to the theme tracks the performance of key players that aren’t accessible with broad market ETFs. For example, using holdings from 3/24/22, the overlap between PCYBER and the Technology Select Sector SPDR ETF (XLK) was only 3.84%. PCYBER seeks to track leading and emerging companies within the cybersecurity ecosystem and is uniquely poised to benefit from the industry’s expansion. Companies of note in the space are Zscaler Inc. (ZS),10 Cloudflare (NET),11 and CrowdStrike Holdings (CRWD).12 Zscaler provides its global client base with web and mobile security, threat protection, and other networking solutions. In its latest quarterly results, the company announced 63% year-over-year revenue growth, 59% year-over-year billings growth, and 90% year-over-year growth in Remaining Performance Obligation (RPO).13,14 Cloudflare’s systems enhance the performance and security of its 140,000 customers across the globe. From 2019 to 2021, the company reported a 51% CAGR in total revenue as well as a 64% CAGR in large customers.15 CrowdStrike’s Triton platform leverages Artificial Intelligence to protect its clients from cyber attacks. In 2021, the company completed a $400 million acquisition of leading cloud log management provider Humio.16 The company’s growth plans don’t end there. Just this month, the company announced it is expanding its existing partnership with Cloudflare, integrating their platforms to provide joint customers with Zero Trust security to their devices, applications, and networks.17
Companies mentioned in this article may or may not be current holdings in any of the Funds managed by ETF Managers Group LLC. Holdings are subject to change without notice.
1 Toyota shuts down all Japanese production after supplier is hacked
2 Thousands of Nvidia employee passwords leak online as hackers’ ransom deadline looms
3 US charges four Russian hackers over cyber attacks on global energy sector
4 FBI ‘concerned’ about Russian cyberattacks on critical US infrastructure: Wray
5 NCSC advises organisations to act following Russia’s attack on Ukraine
6 2022 SonicWall Cyber Threat Report
7 Hiscox Cyber Readiness Report 2021
8 Cybersecurity at a Crossroads: The Insight 2021 Report
9 Global Cybersecurity Spending To Exceed $1.75 Trillion From 2021-2025
10 As of 4/6/22, Zscaler represented approximately 4.24% of the Fund’s assets.
11 As of 4/6/22, Cloudflare represented approximately 4.98% of the Fund’s assets.
12 As of 4/6/22, CrowdStrike Holdings represented approximately 4.95% of the Fund’s assets.
13 Zscaler Reports Second Quarter Fiscal 2022 Financial Results
14 Zscaler Q2 2022 Earnings Call – February 24, 2022
15 Cloudflare Investor Presentation Q4 2021
16 CrowdStrike Completes Acquisition of Humio
17 Cloudflare and CrowdStrike Expand Partnership to Bring Integrated Zero Trust Security to Devices, Applications and Networks
Editor’s Note: The summary bullets for this article were chosen by Seeking Alpha editors.