The epidemic of high-profile hacking conjures up images of a dragon. Cyberattacks drag a long tail; if attacked you can get seriously burned, and for some, successfully fighting the dragon promises a treasure.
First, the long tail. The massive data breach at Target during the 2013 Christmas shopping season tore away 40 million consumers’ sense of security and complacency. The Target attack, while not the first successful theft of credit card data, was a highly visible example in a long parade of data breaches.
As recently reported in the Star Tribune, faked credit cards and debit cards have started appearing in the Twin Cities. Some of the cloned cards have been traced to the massive data breach at Home Depot when 56 million credit cards were potentially compromised nearly two years ago,
Then the IRS recently revealed that 330,000 taxpayers who used their online Get Transcript application this past filing season had their personal information compromised, including Social Security numbers and home addresses. While the actual tax return portion of the IRS website was not breached, according to the agency, this breach puts affected taxpayers and the government at risk of fraudsters falsely claiming refunds in the coming tax season.
The recent demonstration that hackers could remotely take over a car’s controls through its in-dash Internet connection, as well as high profile hacks at Sony Pictures and the federal employee personnel records, all illustrate cyber-hacking’s long-tail impacts.
How badly burned can one get?
In 2014, organizations around the globe were hit with 42.8 million attempts to breach their cybersecurity firewalls, up 48 percent from the previous year. Those estimates likely understate the extent of the problem as they are based on voluntary responses to a survey of nearly 10,000 executives and managers globally, conducted by the accounting giant PricewaterhouseCoopers (PWC) and International Data Group publications.
PWC acknowledges that some experts estimate up to 71 percent of successful breaches go undetected while other victims are “reluctant to reveal known compromises” for national security reasons or fearing lawsuits, regulators and damage to their reputations.
Relentless cyberattacks cost the global economy between $375 billion and $575 billion annually, excluding damage done to governments, according to one study PWC cites. That estimate excludes difficult-to-calculate damage from the loss of trade secrets and intellectual property.
Assuming you’re not trafficking in stolen credit cards, where’s the treasure? Wall Street has taken notice, not just of the threats but also a constellation of start-ups and established companies focused on cybersecurity. According to Dow Jones VentureSource, U.S. cybersecurity companies raised a record $1.77 billion from investors in 2014. Valuations of public companies in the space also hit new highs.
A recent Bank of America Merrill Lynch report “Making Cents of Cybersecurity” estimates that spending on cybersecurity hit $71 billion in 2014, and is expected to grow 8 percent this year. The broker says companies focused on systems software, data storage, communications equipment, consulting, Internet software and data analysis all should benefit. The need extends beyond corporate and government security. As billions of medical devices and Fitbit bracelets, smart cars and home security systems get connected to the Internet, Merrill Lynch sees growing “demand for investment in ways to monitor and safeguard personal information, financial data and physical security.”
We all may be at risk of ‘data breach fatigue’ as ever more brazen hacks create an atmosphere of inevitability and a dangerous sense of “normal.” Individual consumers can take common-sense steps — shredding unneeded sensitive documents, creating strong passwords and periodically changing them, monitoring bank statements and credit reports. Individuals may also share the treasure of fighting the dragon by investing in cybersecurity as a growth industry.
While cybersecurity stocks have cooled somewhat following the market correction this summer, for investors willing to do some research, examples of companies in this space include Checkpoint Software, LifeLock, and Vasco Data Security. Wall Street has recently made it easier for individual investors to participate with cybersecurity focused exchange-traded funds (ETF). PureFunds ISE Cyber Security ETF was launched in November 2014. First Trust Nasdaq CEA Cybersecurity ETF was launched this past July. In addition, discount broker Motif Investing (www.motifinvesting.com) offers investors direct ownership in a ready-made basket of individual cybersecurity stocks, launched in January 2012.
(By way of full disclosure, I do not hold any of the funds or securities mentioned here.)
Brad Allen is a freelance journalist and former investor relations executive for companies including Imation Corp. and Cray Research. His e-mail is email@example.com.