The Covid-19 pandemic has been a boon for hackers. As broad swathes of the economy were suddenly forced to move online, cybercrime flourished. No less than 30 billion data records were stolen in 2020, according to a recent report1 by Canalys, a technology industry analysis company. This is more than in the previous 15 years put together.
Meanwhile, another report published late last year from the Center for Strategic and International Studies (CSIS), a US-based think tank, and McAfee, a computer security firm, estimated that worldwide monetary losses from cybercrime rose sharply last year, to approximately USD 945 billion (see Figure 1).2
On top of this, global spending on cybersecurity was estimated to have exceeded USD 145 billion, bringing the overall cost of cybercrime to almost USD 1.1 trillion globally, or 1.3% of the world’s gross domestic product (GDP). This new estimate implied a more than 50% increase relative to the previous one provided by the CSIS and McAfee for the year 2018.
Authors of the report acknowledged that better reporting explained some of this increase. However, they also indicated that, even with these qualifications, it is clear that cybercrime continues to grow rapidly. “Cybercrime is increasing because it pays, it can be easy, and the risk to cybercriminals can be low,” they argued.
The Covid-19 crisis dramatically increased our reliance on the cyberspace. And this unlikely to revert, even as the pandemic recedes, and people go back to some of their old habits. This means companies will need to keep investing in cybersecurity infrastructure, in particular the financial services industry.
In a report published last August, Interpol warned about the alarming rate of cyberattacks seen during the first four months of 2020, as countries around the world imposed strict lockdowns. Most importantly, Interpol also predicted that a further increase in cybercrime is highly likely in the near future, as structural trends such as the rise of ecommerce and remote working continue to unfold.
In this context, cybersecurity budgets seem bound to remain on their upward trajectory. Although business continuity and workforce productivity took precedence over security during the pandemic, cybersecurity investments still outperformed other segments of the IT industry in 2020, growing 10% to USD 53 billion, according to Canalys.
The technology industry analysis company considers the current trend will continue in the near future. More specifically, cybersecurity investments are expected to grow by 6.6.% to 10% in 2021, with web and email security technologies as the most dynamic areas.
For investors, soaring cybercrime is obviously a threat to the businesses they own. But it is also an opportunity to invest in companies that provide solutions to address this growing challenge. This is especially relevant for the financial industry, as cybercriminals tend to be naturally attracted to this sector. Not getting cybersecurity right in the financial world simply means going out of business.
Growing interest for cybersecurity investments is already visible in equity venture capital funding flows. Cybersecurity funding hit an all-time high in 2020, garnering USD 11.4 billion – a near 50% increase from 2018, according to CB Insights, a research and analysis firm. Fast-developing cybercrime and accelerated adoption of cloud computing were key driving forces behind this rise.
Growing demand for cybersecurity solutions is one of the developments we closely follow as part of our FinTech and New World Financials equity strategies. Admittedly, finding cybersecurity companies that are both relevant for the financial sector and attractive from an investor’s standpoint is not easy. For one, the opportunity set remains relatively limited.
Moreover, business growth and stock price momentum do not always go hand in hand, therefore looking at (relative) valuations is extremely important. Yet we believe the potential rewards are worth the effort. As a result, listed companies offering services such as payment protection, for example, are now a firm part of our investable universe.
1 Canalys, March 2021, “now and next for the cybersecurity industry”, Special report.
2 Lewis, J. A., Malekos Smith, Z. and Lostri, E., December 2020, “The Hidden Costs of Cybercrime”, CSIS-McAfee report.
The Robeco Capital Growth Funds have not been registered under the United States Investment Company Act of 1940, as amended, nor or the United States Securities Act of 1933, as amended. None of the shares may be offered or sold, directly or indirectly in the United States or to any U.S. Person (within the meaning of Regulation S promulgated under the Securities Act of 1933, as amended (the “Securities Act”)). Furthermore, Robeco Institutional Asset Management B.V. (Robeco) does not provide investment advisory services, or hold itself out as providing investment advisory services, in the United States or to any U.S. Person (within the meaning of Regulation S promulgated under the Securities Act).
This website is intended for use only by non-U.S. Persons outside of the United States (within the meaning of Regulation S promulgated under the Securities Act who are professional investors, or professional fiduciaries representing such non-U.S. Person investors. By clicking “I Agree” on our website disclaimer and accessing the information on this website, including any subdomain thereof, you are certifying and agreeing to the following: (i) you have read, understood and agree to this disclaimer, (ii) you have informed yourself of any applicable legal restrictions and represent that by accessing the information contained on this website, you are not in violation of, and will not be causing Robeco or any of its affiliated entities or issuers to violate, any applicable laws and, as a result, you are legally authorized to access such information on behalf of yourself and any underlying investment advisory client, (iii) you understand and acknowledge that certain information presented herein relates to securities that have not been registered under the Securities Act, and may be offered or sold only outside the United States and only to, or for the account or benefit of, non-U.S. Persons (within the meaning of Regulation S under the Securities Act), (iv) you are, or are a discretionary investment adviser representing, a non-U.S. Person (within the meaning of Regulation S under the Securities Act) located outside of the United States and (v) you are, or are a discretionary investment adviser representing, a professional non-retail investor. Access to this website has been limited so that it shall not constitute directed selling efforts (as defined in Regulation S under the Securities Act) in the United States and so that it shall not be deemed to constitute Robeco holding itself out generally to the public in the U.S. as an investment adviser. Nothing contained herein constitutes an offer to sell securities or solicitation of an offer to purchase any securities in any jurisdiction. We reserve the right to deny access to any visitor, including, but not limited to, those visitors with IP addresses residing in the United States.
This website has been carefully prepared by Robeco. The information contained in this publication is based upon sources of information believed to be reliable. Robeco is not answerable for the accuracy or completeness of the facts, opinions, expectations and results referred to therein. Whilst every care has been taken in the preparation of this website, we do not accept any responsibility for damage of any kind resulting from incorrect or incomplete information. This website is subject to change without notice. The value of the investments may fluctuate. Past performance is no guarantee of future results. If the currency in which the past performance is displayed differs from the currency of the country in which you reside, then you should be aware that due to exchange rate fluctuations the performance shown may increase or decrease if converted into your local currency. For investment professional use only. Not for use by the general public.