What has happened?
The Covid-19 pandemic has been a boon for hackers. As broad swathes of the economy were suddenly forced to move online, cybercrime flourished. No less than 30 billion data records were stolen in 2020, according to a recent report1 by Canalys, a technology industry analysis company. This is more than in the previous 15 years put together.
Meanwhile, another report published late last year from the Center for Strategic and International Studies (CSIS), a US-based think tank, and McAfee, a computer security firm, estimated that worldwide monetary losses from cybercrime rose sharply last year, to approximately USD 945 billion (see Figure 1).2
Figure 1: Estimated worldwide monetary losses from cybercrime
Source: Lewis, J. A., Malekos Smith, Z. and Lostri, E., December 2020, “The Hidden Costs of Cybercrime”, CSIS-McAfee report.
On top of this, global spending on cybersecurity was estimated to have exceeded USD 145 billion, bringing the overall cost of cybercrime to almost USD 1.1 trillion globally, or 1.3% of the world’s gross domestic product (GDP). This new estimate implied a more than 50% increase relative to the previous one provided by the CSIS and McAfee for the year 2018.
Authors of the report acknowledged that better reporting explained some of this increase. However, they also indicated that, even with these qualifications, it is clear that cybercrime continues to grow rapidly. “Cybercrime is increasing because it pays, it can be easy, and the risk to cybercriminals can be low,” they argued.
Why is it important?
The Covid-19 crisis dramatically increased our reliance on the cyberspace. And this unlikely to revert, even as the pandemic recedes, and people go back to some of their old habits. This means companies will need to keep investing in cybersecurity infrastructure, in particular the financial services industry.
In a report published last August, Interpol warned about the alarming rate of cyberattacks seen during the first four months of 2020, as countries around the world imposed strict lockdowns. Most importantly, Interpol also predicted that a further increase in cybercrime is highly likely in the near future, as structural trends such as the rise of ecommerce and remote working continue to unfold.
In this context, cybersecurity budgets seem bound to remain on their upward trajectory. Although business continuity and workforce productivity took precedence over security during the pandemic, cybersecurity investments still outperformed other segments of the IT industry in 2020, growing 10% to USD 53 billion, according to Canalys.
The technology industry analysis company considers the current trend will continue in the near future. More specifically, cybersecurity investments are expected to grow by 6.6.% to 10% in 2021, with web and email security technologies as the most dynamic areas.
What does it mean for investors?
For investors, soaring cybercrime is obviously a threat to the businesses they own. But it is also an opportunity to invest in companies that provide solutions to address this growing challenge. This is especially relevant for the financial industry, as cybercriminals tend to be naturally attracted to this sector. Not getting cybersecurity right in the financial world simply means going out of business.
Growing interest for cybersecurity investments is already visible in equity venture capital funding flows. Cybersecurity funding hit an all-time high in 2020, garnering USD 11.4 billion – a near 50% increase from 2018, according to CB Insights, a research and analysis firm. Fast-developing cybercrime and accelerated adoption of cloud computing were key driving forces behind this rise.
Growing demand for cybersecurity solutions is one of the developments we closely follow as part of our FinTech and New World Financials equity strategies. Admittedly, finding cybersecurity companies that are both relevant for the financial sector and attractive from an investor’s standpoint is not easy. For one, the opportunity set remains relatively limited.
Moreover, business growth and stock price momentum do not always go hand in hand, therefore looking at (relative) valuations is extremely important. Yet we believe the potential rewards are worth the effort. As a result, listed companies offering services such as payment protection, for example, are now a firm part of our investable universe.
1 Canalys, March 2021, “now and next for the cybersecurity industry”, Special report.2Lewis, J. A., Malekos Smith, Z. and Lostri, E., December 2020, “The Hidden Costs of Cybercrime”, CSIS-McAfee report.
This information is for informational purposes only and should not be construed as an offer to sell or an invitation to buy any securities or products, nor as investment advice or recommendation. The contents of this document have not been reviewed by the Monetary Authority of Singapore (“MAS”). Robeco Singapore Private Limited holds a capital markets services license for fund management issued by the MAS and is subject to certain clientele restrictions under such license. An investment will involve a high degree of risk, and you should consider carefully whether an investment is suitable for you.