Click here for recent Market Insight reports on our Cybersecurity theme →

April 17, 2020

MRP Adds Long Cybersecurity as a New Theme

Summary: Cybersecurity is suddenly back in the spotlight thanks to the COVID-19 pandemic. Hackers have hit every country on earth with coronavirus-themed cyberattacks. Meanwhile, businesses are betting on remote work arrangements enduring even after the current restrictions end. This should translate to more spending on cybersecurity moving forward, with the cloud- and software-based security segments winning an ever-greater piece of that spending. 

Related ETFs: ETFMG Prime Cyber Security ETF (HACK), First Trust NASDAQ Cybersecurity ETF (CIBR), iShares Cybersecurity and Tech ETF (IHAK)

Surge in Cybersecurity Attacks Under COVID-19 Guise

Three factors have combined to create a perfect storm for cybercriminal activity: lower staffing levels at security operation centers + millions of people suddenly working remotely outside enterprise firewalls + high interest in COVID-19 news. It is no surprise then that governments and corporations around the world have reported a material increase in cyber threats during the pandemic.

Cybercriminals are capitalizing on anxiety about the virus to spread infections of their own. Emails doctored to look like a company’s purchase order for face masks or other supplies have seemed convincing enough to trick an employee into wiring payments to a fraudulent account. In another phishing case, an email purportedly from the World Health Organization  was sent to companies in the transportation sector. It contained false instructions about how to monitor crews aboard ships for coronavirus symptoms and included an infected attachment with those instructions.

Hackers are also exploiting the growing work-from-home trend by either attacking existing virtual private networks that allow employees to connect to their offices, or by passing off their malicious tools as remote collaboration software produced by known entities like Zoom and Microsoft.

Public sector entities, especially in health care, have faced relentless assaults. Last month, the US Health and Human Services Department suffered a DDoS attack, which involved overloading the HHS servers with millions of hits over several hours. Medical facilities in Europe and Asia have been targeted too, as they battle against the coronavirus.

At this point, hackers have hit every country on earth with coronavirus-themed cyberattacks, ranging from phishing lures, malware infections, network intrusions, scams and disinformation campaigns. Some of these attacks were allegedly sponsored by the governments of North Korea, Russia and China who used the pandemic as lures for their respective long-term espionage campaigns, according to cybersecurity firm FireEye Inc. In most other hack cases, the motive was simply money.

Businesses are Betting on Telework Arrangements Enduring

The rapid shuttering of offices and brick-and-mortar businesses has highlighted the benefits of having a sturdy enough cloud infrastructure to enable business continuation off-site. This is true even within the cybersecurity industry, where cloud-based services that can quickly scale up defenses around decentralized employees have proven invaluable during the sudden pivot to remote work.

Some businesses are betting on remote work arrangements enduring even after the current restrictions end. A Gartner survey conducted during the last week of March and involving 317 finance executives revealed that 74% of businesses plan to permanently keep more employees out of physical offices after the pandemic. Such a paradigm shift will compel companies to shore up their virtual networks to protect trade secrets and data security while people work outside the office on personal devices.

Palo Alto Network's recent acquistion of CloudGenix Inc., a cloud-based security startup, is an indication that the cybersecurity industry recognizes there’s a paradigm shift underway. In a call with investors, Palo Alto Networks’ chief executive cited “a permanent change in how organizations think about remote workforces” as a reason for the acquisition.

Other cybersecurity giants may follow the example of Palo Alto Network by upgrading their own cloud-specific offerings to ensure they have the agility to easily scale up protection for clients with a generally distributed workforce.


New MRP Theme: Long Cybersecurity

MRP believes this is a breakout moment for the cybersecurity industry. Going forward, more activity –- be it work, school, health or civic –- will be conducted online than before the coronavirus pandemic. The networks and tools enabling such activities will require even sturdier security features. That should result in more money being invested into cybersecurity.

Cybersecurity revenues were already projected to reach $300 billion in 2024, up from $120 billion in 2017 and reflecting an average annual growth rate of 12%. That growth rate will surely accelerate in the post-COVID-19 era.

Based on the above, we are adding Long Cybersecurity to MRP’s active list of investment themes. We will monitor the theme through the First Trust NASDAQ Cybersecurity ETF (CIBR).

Cybersecurity vs S&P 500