Skip to main content

The volume and cost of cyberattacks has continued to increase exponentially across the world over the past decade. The COVID-era has seen a particularly steep acceleration of attacks, which will have to be countered by significant investment from individuals and enterprise. A slew of new federal regulations are set to roll out over the next couple of years, putting greater reporting and due diligence requirements on firms across multiple industries.

Survey data shows executives are increasingly concerned about cybersecurity and plan to dedicate a greater share of their resources toward it. Despite a broader economic downturn, earnings data from cybersecurity firms suggest that business continues to grow at a healthy pace.

Related ETF: First Trust NASDAQ Cybersecurity ETF (CIBR)

Globally, Cybersecurity Ventures expects global cybercrime costs to rise by 15% per annum over the next five years, reaching $10.5 trillion annually by 2025, up from a World Economic Forum estimate of $3 trillion in 2015.

Americans lost more than $6.9 billion to internet crimes in 2021, a jump of more than $2 billion from 2020, according to the Federal Bureau of Investigations’ (FBI) annual Internet Crime Report. Those losses resulted from 847,376 internet crime complaints filed in 2021, a 7% increase from 2020 but a staggering 81% jump from 2019.

The FBI’s figures can help us understand how instances of cyberattacks are growing, but it is impossible to know exactly how many cyberattacks actually occurred in any specific year. Some have suggested that only 25% of cybersecurity incidents are reported, others say only about 18%, others say that 10% or less are reported.

Cybersecurity regulations, including reporting requirements, are undergoing a rapid expansion in the US. Per Harvard Business Review, Federal agencies like the Federal Trade Commission (FTC), Food and Drug Administration (FDA), Department of Transportation (DoT), Department of Energy (DoE), and the Cybersecurity and Infrastructure Security Agency (CISA) are all working on new rules. In addition, in 2021 alone, 36 states enacted new cybersecurity legislation.

As McKinsey notes, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), signed into law in March 2022, will require critical infrastructure companies to report all cybersecurity incidents, such as ransomware attacks, to CISA. In addition, the US Securities and Exchange Commission (SEC) in March 2022 proposed a rule requiring…

To read the complete Intelligence Briefing, current All-Access clients, SIGN IN

All-Access clients receive the full-spectrum of MRP’s research, including daily investment insights and unlimited use of our online research archive. For a free trial of MRP’s All-Access membership, or to save 50% on your first year by signing up now, CLICK HERE