The Growth of Privacy and Cybersecurity as an Industry

FEATURED ARTICLE

When the topic of cybersecurity is raised, many often recall the growing number of high-profile ransomware attacks. Recent attacks on Colonial Pipeline and meat processing giant JBS in Brazil may spring to mind, for example. In both cases, the companies copped to paying off their attackers – with Colonial Pipeline dishing out USD 4.4 million to regain control of their computer systems, while JBS had to muster up a whopping USD 11 million for the same, in part due to the “sophistication of the attack”.[1] Paying off ransomware attackers – it would seem – is now normal.

Then there are cybercrimes that are less high-profile in nature, but still worthy of note. If one was overly focused on the headlines this past year, one might have easily missed the June 2021 online posting of a massive 100 GB TXT file containing 8.4 billion entries of passwords – making this – the largest data breach compilation ever.[2] By combining the 8.4 billion passwords with other breach data, including usernames and email addresses, threat actors were able to expose a frightening number of online accounts. And it is likely vast numbers of these accounts are still exposed. Digital privacy threats associated with data leaks, data theft and sales are now becoming increasingly common. And some would argue, just as important to protect against as the more traditional types of cyber-attacks.

For investors, this serves as a harsh reminder that, while cybersecurity is suitably attracting headlines, digital privacy is also a fertile market. In our experience, pain points like these often make for great investment opportunities.

An ever-expanding threat surface

The Internet of Things (IoT) revolution is also expanding the total addressable market. We can think of the size of the market by looking at the total number of connected devices we will have in the future. All these devices will exponentially expand the amount of data points that will be created and used. Compared to today’s modest collection of devices that center on smartphones, tablets, wearables, security and smart home devices, the IoT market will expand to include autos, hospitals and medical equipment, industrial and other machinery, agricultural equipment and much more.[3] By 2025, as 5G technology is further deployed, the number of connected devices is predicted to surpass 25 billion, which means that both cybersecurity threat protection, as well as digital privacy threat protection, will become more important conversations than ever.[4]

Getting personal

Bad actors have already started to target some of these IoT devices. Recently, Ireland’s health system was crippled by a cyber-attack that cut off access to patient records, delayed Covid-19 testing and forced the cancellation of countless medical appointments and surgeries.[5] Earlier this year in California, Scripps Health, which operates 5 hospitals and several clinics in San Diego, was crippled by a ransomware attack. Over the last few weeks, cybercriminals also shared that they planned to attack 400 more hospitals.[6]

We bring this up because what could be more personal than one’s health information? Another example, however, reveals a very different way in which bad actors were able to obtain personal information. Recently, a pair of bugs planted in John Deere’s apps and website allowed hackers to download the personal data of all owners of the company’s farming vehicles and equipment.[7] According to independent researcher Sick Codes, before patches and fixes were implemented, these vulnerabilities may have exposed information about John Deere’s customers, including their physical addresses.[8]

Is digital privacy dead?

Some believe digital privacy is dead, however, new research from Invisibly suggests that the desire to protect one’s personal data is very much alive.[9] In one of its recent surveys, Invisibly found that 68% of respondents indicated that digital privacy was important to them, while 82% supported measures that would prevent companies and devices from collecting and/or sharing their personal data.[10]

Another confirmation comes from a company that has historically done a rather good job in recognizing consumer tipping points and leveraging them to their advantage: Apple. Apple has been focused on safeguarding digital privacy in their devices for some time now, both in terms of the machines themselves and the apps using them. Examples include TouchID, Apple Wallet and the introduction of its App Tracking Transparency feature with iOS 14.5 that prevents third-party apps from tracking Apple users across the web.[11] At its 2021 Worldwide Developer Conference, Apple took further steps in this direction with the introduction of iCloud+ that included “Private Relay”.[12] Now, when an Apple user browses the internet using Safari, their data will be sent through 2 separate servers to mask the user’s identity.[13] While one relay gives the user an anonymous IP address, the second is used to send the browsing query to the appropriate results.[14] Apple also announced that new digital privacy features will be introduced in their iOS Mail app to prevent marketers from gathering information regarding open rates.[15] These efforts have riled up the companies that have relied on such data such as Facebook and other email newsletter publishers.[16]

Companies embrace digital privacy

Is Apple the only company embracing digital privacy? In a word, no, and among those doing so, we can count Google, which recently added a Privacy Dashboard to its latest iteration of Android.[17] For those looking to see how the landscape evolves, one could argue that Google, given its core search-advertising business model, is the company to watch.[18]

While Apple’s efforts are likely to appeal to users and be reflected in unit sales volumes, translating it across the company’s business and stock valuation is far trickier because of the way it reports its financials and operating data. There are, however, a number of companies focused on digital privacy threat mitigation across cloud infrastructure, identify access management and zero trust security software. Examples include Ping Identity, NortonLifeLock, IBM, Sailpoint, Avast, OneSpan and Okta. We are also seeing new contenders enter the public markets, including ForgeRock, an identity verification software company that is reportedly working with banks on its initial public offering.

As privacy and identity become a greater focal point, we expect M&A activity to heat up as companies look to fill competitive gaps and product holes. Recently, Okta completed an $6.5 billion acquisition of Auth0, a leading identity platform for application teams.[19] We doubt this will be the last of this.

This Featured Article has been produced by Tematica Research LLC. Rize ETF Ltd make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability or suitability of the information contained in this article.

Related ETF

CYBR: Rize Cybersecurity and Data Privacy UCITS ETF

References:

[1] “Meat giant JBS pays $11m in ransom to resolve cyber-attack” available at https://www.bbc.com/news/business-57423008

[2] “RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries” available at https://cybernews.com/security/rockyou2021-alltime-largest-password-compilation-leaked/

[3] IBID

[4] “IoT Security” available at https://www.ericsson.com/en/internet-of-things/iot-security

[5] “Cyber attack: When will the Irish health service get a resolution?” available at https://www.bbc.com/news/world-europe-57193160

[6] “Scripps Health network still down, 2 weeks after cyberattack” available at https://www.healthcareitnews.com/news/scripps-health-network-still-down-2-weeks-after-cyberattack

[7] “Bugs Allowed Hackers to Dox John Deere Tractor Owners” available at https://www.vice.com/en/article/4avy8j/bugs-allowed-hackers-to-dox-all-john-deere-owners

[8] IBID

[9] IBID

[10] “Personal data privacy is important to consumers” available at https://tamebay.com/2021/05/personal-data-privacy-is-important-to-consumers.html

[11] “Leaked Facebook memo reveals how advertisers will be impacted following iOS 14.5 release” available at https://9to5mac.com/2021/04/28/leaked-facebook-memo-reveals-how-advertisers-will-be-impacted-following-ios-14-5-release/

[12] “With Icloud Plus, Apple’s Privacy Promise Is Paired With An Upsell” available at https://www.theverge.com/2021/6/10/22526881/apple-icloud-plus-privacy-subscription-services-revenue-wwdc-2021

[13] IBID

[14] IBID

[15] “Mail Privacy Protection could badly hurt small publishers of email newsletters” available at https://9to5mac.com/2021/06/09/mail-privacy-protection-publishers/

[16] IBID

[17] “Android 12 Beta: Designed for you” available at https://blog.google/products/android/android-12-beta/

[18] IBID

[19] “Okta Completes Acquisition of Auth0” available at https://www.okta.com/press-room/press-releases/okta-completes-acquisition-of-auth0/