Mega-investment in cyber defense could boost cybersecurity ETFs

With data volumes set to explode, businesses and governments alike must defend against cyber risks

Mega-investment in cyber defense could boost cybersecurity ETFs

Data proliferation is reaching new heights as a result of new digital infrastructure and long-term work-from-home arrangements, while cyberattacks are also increasing in intensity. And as corporations and governments attempt to remain ahead of the curve, cybersecurity firms are taking centre stage.

That’s according to a recent commentary from Jeff Spiegel, U.S. head of iShares Megatrend and International ETFs at BlackRock.

“In 2021, global volumes of new data grew 92% from 2019’s pre-pandemic levels, while instances of cyberattacks rose dramatically,” Spiegel said. “Cybercriminals are taking advantage of more and increasingly diverse infection vectors.”

For the fifth year in a row, the number of published common software and hardware vulnerabilities broke the yearly record in 2021. Spiegel said most of the malicious activities stem from four types of cyberattacks:

  • Ransomware attacks, which prevent access to data and/or disseminate it unless a ransom is paid;
  • Business email compromise (BEC) attacks that involve faking business email addresses or getting genuine access to organizational email accounts;
  • DDoS (distributed denial-of-service) assaults, which flood servers with traffic; and
  • Intrusion and access assaults, attacks in which cybercriminals gain unauthorized access to networks, computers, and other IT systems.

According to Spiegel, effectively securing against and deterring cyberattacks necessitates a two-pronged approach of first, reducing infection vectors by minimizing vulnerabilities, and secondly, enhancing reactions to current threats.

As cyber threats become more prevalent, he said a variety of cybersecurity software, hardware, and services are critical to these efforts and may see increased sales. Those include:

  • Network security solutions to guard against unauthorized access, improper usage, and theft of network infrastructure;
  • Endpoint and user security solutions to protect devices such as PCs and smartphones from cyberattacks by reducing inherent vulnerabilities and assuring user security; and
  • Data security solutions that safeguard data against tampering, interruption, destruction, and examination.

Hardware cybersecurity solutions, which are typically disregarded, are critical for mitigating assaults, he added.

“While today’s digitalization means much of computing occurs in the cloud, most of our digital activity starts and ends with hardware, from data centres and servers to the computers we use to access them,” he said, highlighting the growing use of biometric scanners to improve access security to hardware endpoints.

With yearly volumes of fresh data on track to reach 2.3x its 2021 levels by 2025 and the annual cost of assaults estimated to reach US$10.5 trillion in the same year, he said cybersecurity expenditure must keep up, and even exceed that growth.

As digital transformation pervades all aspects of business, the private sector has become increasingly vulnerable to cybercrime. Spiegel noted that cyberattacks on businesses increased by 31% on average in 2021 compared to 2020. When faced with such assaults, businesses must choose between paying large ransoms or forfeiting proprietary or consumer data.

To gain exposure to the secular tailwind of cyber defense, Spiegel suggested investors in public equities may consider ETFs invested in companies that generate most of their revenue from cybersecurity hardware, software, and products.

“As public and private sector digitalization continues, cyberattacks could become more frequent and detrimental to businesses, countries, and economies,” he said. “As a result, we expect cybersecurity spending to increase at an accelerated clip, regardless of economic conditions, offering possible growth potential for cybersecurity ETFs.”