- Sophisticated cybersecurity attacks are on the rise this year, with major infrastructure targeted.
- Scrutiny is expected to intensify on companies’ cybersecurity solutions and investment in the space is set to surge.
- We speak to two experts from leading cybersecurity ETFs on themes to watch and how to play them.
- See more stories on Insider’s business page.
When cloud computing service Fastly went down for a few hours earlier this week, it felt as though the internet had broken.
Many major news sites and critical websites, such as The New York Times, the White House, and the British government’s key public-facing hub, Gov.uk, were completely inaccessible.
And it was all down to one customer that had changed their settings and triggered a software bug that caused the outage.
This is just one event of many that has highlighted the vulnerabilities that exist within company technology stacks.
More often than not, malicious actors are looking to take advantage of those vulnerabilities. Cybersecurity attacks have soared this year with increased sophistication and a focus on critical infrastructure.
In May, criminals were able to shut down the Colonial Pipeline, a key pipeline for transporting oil, using a
ransomware
attack until the company paid a $4.4 million sum. And this month, JBS, the world’s largest meat packing company, saw its operations paralyzed for several days following a cyber attack.
President Joe Biden already started to bolster the US’s cybersecurity defenses with a new executive order on May 12 and the increased scrutiny and investment in the space looks set to continue.
Insider spoke to two experts, Pedro Palandrani and Rahul Bhushan, from leading cybersecurity exchange-traded funds to understand how investors can best capture the trend.
Palandrani is a research analyst at Global X ETFs and covers their $397 million cybersecurity ETF (BUG).
Bhushan is the co-founder of Rize ETF and oversees Europe’s largest cybersecurity ETF, the Rize cybersecurity and data privacy ETF (CYBR) with $107 million assets under management.
Cybersecurity outlook
When a company is hit by a cybersecurity attack, it not only impacts the victims, but also the company’s competitors, suppliers and customers, Palandrani said.
So a rise in attacks, especially critical goods and services, has strengthened the long-term case for investing in cybersecurity, Palandrani said. Those who have been exposed to cyber attacks become more cognizant of the risks and therefore invest more in the solutions.
Cybersecurity companies will be at the receiving end of all this spending, Bhushan said. Over time, investors can expect revenues and multiples to expand to reflect this huge increase in demand, he added.
There is a widespread expectation in the industry that spending on cybersecurity is going to sky-rocket and Bhushan prefers to speak to the companies to gain a more rational view..
“Even that rational view is extremely bullish,” Bhushan said. The middle ground between what third-parties are saying and what companies are saying is still very attractive and really bullish, he added.
Shifting digital landscape
Part of the reason for the rise in attacks is because of shifting of the digital landscape and the ability to work from anywhere.
“We actually think this is a multi-decade trend, because I don’t think we’re going to reverse any of the digitization that has happened,” Bhushan said.
Our personal and professional lives are becoming increasingly digitized and this has created a wealth of confidential information and an environment where employees leverage both personal and corporate devices to access work, Palandrani said.
This means any device connected to the internet could now become an entry point into a company, since they all access the employee’s personal network.
Suddenly all these devices, including the microwaves or home assistants, can offer an inadvertent means past an entity’s existing security barriers.
Regulation
As attacks have become more focused on critical infrastructure, Palandrani expects there will be more pressure from governments to ensure both private and public companies have robust cybersecurity solutions.
“Cyberspace has become this battleground for political warfare,” Bhushan said. “I think that’s a really big change and I certainly don’t see that reversing anytime soon.”
Biden’s recent executive order is a first step from the new administration in focusing on cybersecurity.
Insider recently spoke with Max Gokhman, the head of asset allocation at Pacific Life Fund Advisors, who highlighted that Biden could potentially amend his infrastructure bill to account more for cybersecurity risks.
“We have a very high conviction in the fact that here in the US government is really going to step up their efforts, and likely we’re going to see a lot bigger budgets being allocated towards cyber security spending in the next few years,” Palandrani said.
Themes to watch
Palandrani and Bhushan both highlight that one of the big misconceptions in cybersecurity is that most investors think all companies do the same thing. There are five major areas of investment related to cybersecurity and not all organizations have all their bases covered.
Here is a breakdown of those five sectors and the companies that offer exposure to them.