What the Fallout from Russia’s Invasion Means for the Cyberspace

For a while we’ve been seeing a rapid proliferation of digitally connected devices alongside the greater adoption of ultra-fast, next generation networks such as 5G. But with greater connectivity has come greater risk. We have seen a soaring number of cyber-attacks that have forced businesses and governments to bolster defences to counter threats to customer privacy and network security.

More recently, the War in Ukraine has reminded us that the cyber world has started to encroach on our real world in tangible ways. Russian cyber-attacks have targeted real-world infrastructure in Ukraine and the West that have included, but not been limited to, water processing plants, meat packing facilities and oil plants. These attacks have also increased in volume and severity.

In this new digitised reality, attacks have matured. While previously, they may have been about holding organisations to ransom, they’re now shaping the very environment of our digital lives. And they’ve evolved their potential to pose a real and genuine threat to human life as well.

We saw during the Covid-19 pandemic a significant increase in cyber-attacks. For a period, attacks were affecting 9 out of 10 companies worldwide.[1] Further, 2021 saw an 85% increase in the number of cyber-attack victims who reported stolen details.[2] Estimates suggested that, on average, organisations suffered a ransomware attack every 11 seconds.[3]

2022 has been no different. Ransomware attacks in Q1 2022 were double that of Q1 2021.[4] An Allianz survey of 2,650 global companies in 89 different countries revealed that businesses identified ‘cyber incidents’ as the biggest risk for 2022, ahead of ‘business interruption’, ‘natural disasters’ and ‘climate change’.[5]

Russian roulette

As Russia invaded Ukraine in February 2022, cyber-attacks entered a grey area when international activist and hacktivist collective Anonymous declared cyber war on Russia.[6] The group announced in February that it was officially taking on the Kremlin with the objective of defacing state-run websites, breaching government databases and infiltrating military systems.

The group even hacked into the navigation system of Putin’s super-yacht to make it look as if it had crashed into Ukraine’s Snake Island.[7] These attacks were not just limited to Putin and his government – his close friends, affiliates and business acquaintances were also targeted.

There have also been a lot of concerns over Russia’s ability to retaliate. Indeed, as the war broke, the EU immediately activated its Cyber Rapid Response Team, including 10 national cybersecurity officials from 6 European countries – Croatia, Estonia, Lithuania, the Netherlands, Poland and Romania — ready to provide assistance to countries under Russian attack.[8]

Only last month, it was reported that Microsoft had uncovered attempts to infiltrate and harm 42 countries that were supporting Ukraine in their fight.[9]

Growth – expect the unexpected

Attacks from both Russia and the West have come at such velocity and consistency that we believe researchers will be pouring over the results and methods of attack for years to come.

As individuals, businesses and governments watch these events unfold, cybersecurity and digital privacy are going to be front of mind.

And by 2023, with the expectation that there will be 3 times as many networked devices globally as there are humans, more entry points will be available for nefarious cybercriminals and government and state actors to exploit, in order to wreak their cyber havoc.[10]

With this backdrop, cybersecurity spending is expected to show no sign of slowing down. Growth expectations keep getting revised upwards. Estimates for global spending for 2022 are currently just shy of $USD 250 billion.[11] This is expected to reach $USD 300 billion by 2024 and $USD 350 billion by 2026.[12]

Furthermore, valuations are also looking favourable with P/E ratios having decreased by 16.1% from October 2021 to 31 May 2022.[13]

Even if we enter a global recession, cybersecurity is one expense that cannot be scaled back as easily, not just due to regulatory obligations but also to ensure good and proper business continuity. Successful hacks are known to cost businesses millions of dollars in fines. Who can forget the eye-watering $575 million penalty issued to the Equifax in 2017 for losing the personal and financial information of nearly 150 million customers?[14]

It poses the question: can businesses afford not to invest heavily in cybersecurity?

In our opinion, a slowdown in growth and notoriety of the sector is unlikely. 2022 was already shaping up to be a defining year for cybersecurity. But between Russia’s invasion and the chain of events it has set in motion, we can expect to see even greater emphasis as corporates and governments alike scramble to enhance their defensive capabilities.

Related ETF

CYBR: Rize Cybersecurity and Data Privacy UCITS ETF 

References:

[1] Bitkom Research, “German businesses under attack: losses of more than 220 billion euros per year”, August 2021. Available at: https://www.bitkom.org/EN/List-and-detailpages/Press/German-business-losses-more-than-220-billion-euros-per-year

[2] Ibid

[3] Advoco Solutions, “RANSOMWARE ATTACKS PREDICTED TO OCCUR EVERY 11 SECONDS IN 2021 WITH A COST OF $20 BILLION”, 2022. Available at: https://www.advoco-solutions.co.uk/news/ransomware-attacks-predicted-to-occur-every-11-seconds-in-2021-with-a-cost-of-20-billion

[4] Security Magazine, “Ransomware in Q1 2022 doubled total 2021 volume”, June 2022. Available at: https://www.securitymagazine.com/articles/97908-ransomware-in-q1-2022-doubled-total-2021-volume

[5] Allianz, “Allianz Risk Barometer 2022 – Rank 1: Cyber incidents”, January 2022. Available at: https://www.agcs.allianz.com/news-and-insights/expert-risk-articles/allianz-risk-barometer-2022-cyber-incidents.html

[6] The Guardian, “Anonymous: the hacker collective that has declared cyberwar on Russia”, February 2022. Available at: https://www.theguardian.com/world/2022/feb/27/anonymous-the-hacker-collective-that-has-declared-cyberwar-on-russia

[7] Auto Evolution, “Putin’s Graceful Superyacht Is Renamed, “Crashes” on Snake Island in Anonymous Hack”, March 2022. Available at: https://www.autoevolution.com/news/putins-graceful-superyacht-is-renamed-crashes-on-snake-island-in-anonymous-hack-182820.html

[8] BBC, “Ukraine: EU deploys cyber rapid- team”, February 2022. Available at: https://www.bbc.co.uk/news/technology-60484979

[9] VOA News, “Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies”, June 2022. Available at: https://www.voanews.com/a/microsoft-russian-cyber-spying-targets-42-ukraine-allies/6628417.html

[10] Cisco, “Cisco Annual Internet Report (2018–2023) White Paper”, March 2020. Available at: https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html

[11] Statista.com (paywall) and Fortune Business Insights 2021

[12] Ibid

[13] Bloomberg as of 31 May 2022

[14] FTC, “Equifax to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach”, July 2019. Available at: https://www.ftc.gov/news-events/news/press-releases/2019/07/equifax-pay-575-million-part-settlement-ftc-cfpb-states-related-2017-data-breach