We use cookies to improve your experience on our website.  By continuing you are agreeing to our cookie policy.

 
 

Sign up for our free newsletter to stay up to date with EdenTree:

Cybersecurity

Thomas Fitzgerald
By Thomas Fitzgerald Associate Fund Manager September 2016
Share this insight:
Skip to:
Cybersecurity

Introduction

Introduction

“Hackers are breaking the system for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.” - Kevin Mitnick, renowned hacker[i]

Cybersecurity is a pervasive secular trend within technology today and a growing area of focus for companies across all sectors, government organisations and individuals. Despite the development of a large and expanding market for cybersecurity technologies and services, the frequency and magnitude of cyber-criminality has not receded, giving rise to an increasing level of scrutiny amongst media-outlets, shareholders, industry regulators and the public in general. This Insight examines the origins and structural drivers of the cybersecurity market, identifies the technologies and services available to those entities wishing to defend their digitised assets and suggests how the industry may evolve and which companies are best-positioned and most challenged going forward.

[i] Huffington Post, 2011, ‘Kevin Mitnick, Former Fugitive Hacker, Laments How The Game Has Changed.’ August 2011. http://www.huffingtonpost.com/2011/08/16/kevin-mitnick-hacker-book_n_928107.html

Cyber Crime Today

Cyber Crime Today

Price Waterhouse Coopers (PwC) found in its 2016 survey of more than 10,000 industry participants that there were an estimated 59.1million cybersecurity incidents globally in 2015, representing a 38% increase from the previous year[i]. From 2009 to 2015 the number of cybersecurity incidents grew at a compounded annual growth rate of 61%. At the same time, the average cost of a cyber-attack to an organisation is on the rise, increasing from $7.2million in 2013 to $7.7million in 2015 according to the Ponemon Institute. So the breadth of security attacks is increasing, as well as the cost[ii].

This threat is universal and not limited to companies of a particular size or sector. PwC found in a UK survey of 664 executives and I.T. professionals in 2015 that an increasing number of both small and large companies are reporting security breaches, with 90% of large organisations (more than 250 employees) suffering a security breach in 2015[i]. Additionally, malicious cyber-attacks present a risk to enterprises across all industries, with government organisations incurring the most data breaches in 2015 according to Gemalto’s Breach Level Index. This was a significant change from the previous year in which government accounted for 5% of total incidents and was largely due to several large breaches in the United States and Turkey[ii].

[i] PwC, 2015, ‘Information Security Breaches Survey 2015’, November 2015, https://www.pwc.co.uk/assets/pdf/2015-isbs-technical-report-blue-03.pdf

[ii] Gemalto, 2015, ‘The Breach Level Index 2015’, 2016, http://breachlevelindex.com/assets/Breach-Level-Index-Annual-Report-2015.pdf

[i] PwC (2016) The Global State of Information Security Survey 2016 - Turnaround and transformation in cybersecurity

[ii] Ponemon Institute (2016) 2016 Cost of Data Breach Study: Global Analysis, June 2016

Market Drivers

Market Drivers

An Expanding Digital Economy

The rapid growth in the digital economy through the increasing use of smartphones, the digitisation of company assets (cloud based applications and networking) and the proliferation of the “Internet of Things” all entice greater levels of cyber-criminality, as more confidential and potentially valuable information is processed and stored in the digital space. The growing use of the Internet of Things, for example, provides opportunities for enterprises, through increased connectivity, to increase efficiency and realise cost savings. However, it also expands a corporate network beyond the traditional remits and increases the number of penetrable endpoints, which a malicious actor may capitalise on to infiltrate a device or entity’s network. Research firm IDC, estimate that the installed base of the Internet of Things will grow to twenty-eight billion connected devices by 2020, representing a 209% increase from 2013 levels[i].

[i] IDC, 2016, ‘Market in a Minute: Internet of Things”, January 2016, http://www.idc.com/downloads/idc_market_in_a_minute_iot_infographic.pdf

Other Implications: Cyber Insurance

Other Implications: Cyber Insurance

With the increasing use of internet-connected devices and the increasing importance of digital strategies, cyber risk is becoming a key concern for businesses and assessing and mitigating potential financial losses from a data breach should be a top risk management priority. As a result, cyber coverage is an emerging area of growth for insurance providers. PwC estimate that the gross written premiums in the cyber insurance market currently amount to $2.5billion per annum and could grow to $7.5billion by 2020.[i]

This growth is likely to be driven not only by insureds seeking breach damage containment but strong appetite among insurers to provide cyber insurance writings, reflecting the favourable prices that can be obtained by an underwriter. According to HM Government (2015), the cost of cyber insurance relative to the limit that is purchased, is typically three times the cost of cover of more general liability risks.[ii] This partly reflects the limited number of insurers offering such coverage presently, as well as the uncertainty around how much to put aside for potential losses.

Although this new area of business provides opportunities for insurers to enhance profitability, it also poses significant challenges. The rapidly evolving cybersecurity landscape and limited amount of actuarial data on the scale and financial impact of cyber-attacks makes this a difficult risk to evaluate and price with precision. While underwriters can estimate the cost of restoring or replacing I.T. systems in the same way as if they were damaged by a flood or fire, there is limited historical data to a help estimate the potential further losses that may result from brand impairment or compensation payments to stakeholders.

[i] PwC (2015), Insurance 2020 & Beyond: Reaping the dividends of cyber resilience, September 14, 2015

[ii] HM Government (2015) UK Cyber Security: The Role of Insurance in Managing and Mitigating the Risk, March 2015

View From The Top

View From The Top

“The borderless nature of the internet has given criminals the opportunity to commit crime on a vast scale…this is a global problem and we are not alone in trying to grapple with this epidemic”. Commissioner Ian Dyson, City of London Police

The City of London Police, in its capacity as the national policing agency for fraud and cyber-crime, reported in March 2016 the outcome of its first study into the victims of cyber- crime and the methods being used to commit it. This revealed that men are on average three times as likely as women to be the victim of cyber-crime incurring an average per-loss hit of £2,354. It also shows that the harm caused increases with age, that the elderly are disproportionately impacted in terms of their wealth and wellbeing. Women are more likely to be targeted than men in online shopping scams, suggesting smart targeting of particular demographics to achieve maximum impact. Over half of all cyber-crime perpetrated against UK individuals and businesses emanates from overseas.

Through its agency, the Economic Cyber Crime Prevention Centre (ECPC), the study suggests that 80% of cyber related attacks are preventable if individuals and businesses follow certain precautions, and thereby reduce the estimated £30-40bn cost in UK cyber fraud annually. In 2015, the City of London Police recorded 2.5m cyber-crimes, with 70% of all fraud now cyber related. As we put more of our lives online and blur the distinction between leisure, work and rest, the online world becomes an ever more attractive arena for criminals. This Insight sets out clearly the nature of the risk; we have no doubt, as the World Economic Forum makes clear, that this is one of the most pressing risks facing business as it increasingly digitalises. The sophistication and scope of online criminality is increasing at an unprecedented rate, and even significant investment in security and services barely keeps pace with new ways of inflicting online threats.

At EdenTree with our recent focus on The Digital Planet, we believe investors have a role to play in asking tough questions of companies around cyber resilience and the resources employed to respond to it. Anecdotal evidence suggests that Boards have inadequate expertise to ask tough questions of management, whilst cyber-risk is perhaps still not being given the exposure necessary at Board level to prepare for and mitigate attacks when they happen. We hope you have enjoyed this Insight and look forward to your feedback. Information about personal online security for you, your business or your family is available at www.cyberstreetwise.com



Download PDF: "Cybersecurity''

The value of an investment can fall as well as rise as a result of market and currency fluctuations, you may not get back the amount originally invested. Past performance should not be seen as a guide to future performance. If you are unsure which investment is most suited to you, the advice of a qualified financial adviser should be sought. EdenTree Investment Management Limited (EdenTree) Reg. No. 2519319. Registered in England at Beaufort House, Brunswick Road, Gloucester, GL1 1JZ, UK. EdenTree is authorised and regulated by the Financial Conduct Authority and is a member of the Investment Association.