By Pedro Palandrani and Alec Lucas, research analysts with Global X ETFs
We expect the cat-and-mouse game between organizations, consumers and the cybercriminals who covet their data to intensify this year. The latest concern is a vulnerability in internet software known as Log4j that could jeopardize hundreds of millions of systems globally.
This threat follows multiple high-profile breaches in 2021, including the ransomware attack that compromised Colonial Pipeline’s fuel distribution across the eastern U.S. Cyber events like these continue to grow more frequent and costly, especially attacks on critical infrastructure and supply chains.
And this threat is likely to only grow more acute as the global economy continues to digitize and put sensitive data at risk. As a result, we expect heightened awareness of and expenditure on cybersecurity solutions to create long-term tailwinds for the cybersecurity investment theme.
- Cyberattacks were prevalent and costly in 2021, a trend likely to continue into 2022. The average data breach cost increased from $3.86 million in 2020 to $4.24 million in 2021, the highest total cost in the 17 years IBM has published its Cost of a Data Breach Report 2021.1
- Corporations, governments, and consumers are increasing their cybersecurity commitments and enhancing measures to protect themselves. Corporations, for example, are expected to spend $172 billion in 2022.2
- Identity, network, and endpoint security continue to be points of emphasis for cybersecurity efforts with network security expected to grow the fastest at 24% between 2021 and 2026.3
The world now creates an estimated 2.5 quintillion bytes of data every day—that’s 2.5 followed by 18 zeros.4 As a result, hackers have more access to sensitive data than ever, and they will have many more opportunities as the world continues to digitize and data volumes increase.
In particular, the Internet of Things (IoT) devices will be a major contributor to the data pool. At the end of 2021, there were 14.6 billion connected devices.5That number could grow nearly 18% in 2022, and then more than double by 2027.6
The economy’s shift to hybrid and remote work also creates significant opportunities for cybercriminals. Pandemic-induced lockdowns eased in the U.S. in 2021, but as many as 45% of full-time employees continued to work from home at least part-time.7
Whether due to new variants or employee preference, work-from-home initiatives are likely to remain intact, resulting in data vulnerabilities for the foreseeable future. According to an IBM report, remote work was a factor in 17.5% of reported data breaches in 2021.8 The average cost of these breaches was also 16.6% higher than breaches where remote work was not a factor.9
In 2021, several high-profile companies were victims of costly cyberattacks. The ransomware attack on Colonial Pipeline resulted in a $4.4 million payout to their attackers.10
CNA Financial paid ransomware hackers $40 million to decrypt parts of their digital infrastructure from which they locked the company out of.11 And JBS, the largest meat producer in the world, shut down several of its plants due to a cyberattack.12
These examples are just a few of the major attacks that victimized companies last year, at times resulting in multi-million dollar losses.
Even the most sophisticated solutions may not be able to eliminate all vulnerabilities, but they can stymie many threats and help protect against the worst outcomes. In 2021, companies, the U.S. government, and consumers demonstrated a growing awareness of cyber threats and commitment to preventative measures.
- Corporations: Victims of ransomware attacks, their suppliers, customers and their competitors understand the disruption security breaches can cause. The cost of damages often exceeds the cost of investment in proper solutions. Large enterprises typically spend $2–5 million on cybersecurity annually, while a single ransomware breach costs companies $4.62 million on average.13,14 That cost is one reason why in a recent survey of more than 3,000 executives, 69% of respondents anticipated more cybersecurity spending in 2022.15 By one estimate, spending on data protection and risk management could increase 11% from 2021 to $172 billion in 2022.16
- Governments: In May 2021, President Biden signed an executive order that aims to modernize federal cybersecurity capabilities, standardize response strategies to cyberattacks, and increase information sharing requirements for government contractors. Then in July, Biden signed a national security memorandum that aims to prevent cyberattacks on critical infrastructure, especially power, water, and transportation. These measures translated into real dollars in the Infrastructure Investment and Jobs Act, which directs $1.7 billion in dedicated spending and about $7 billion in potential spending toward improving the country’s cybersecurity.17 Also last year, the Senate unanimously confirmed the White House’s first national cyber director. Congress created the position as part of the 2021 National Defense Authorization Act, signaling an increased emphasis on cybersecurity in administrations to come.
- Consumers: A small but growing share of cybersecurity spending comes from consumers. About 53% of consumers are victims of at least one cybercrime, prompting many to take precautions such as personal VPNs, two-factor authentication, and identity theft protection services.18 The pandemic exacerbated threats to individuals, as emboldened scammers capitalized on the inflated time consumers spent online. Americans lost $586 million to COVID-related scams as of October 2021.19 However, consumers are conscious of the heightened threat. Last year, almost 40% of adults took steps to safeguard their online activity as a direct result of the pandemic.20 Digital protection habits learned during the pandemic could accelerate consumer adoption of cybersecurity services.
1. IBM, “Cost of a Data Breach Report 2021,” July 2021.
2. Soffid, “Cybersecurity Trends for 2022,” December 29, 2021.
3. Metric derived from average CAGRs featured in the following sources: Markets and Markets, “”Zero Trust Security Market by Solution Type (Data Security, Endpoint Security, API Security, Security Analytics, Security Policy Management), Deployment Type, Authentication Type, Organization Size, Vertical, and Region – Global Forecast to 2026,” Feburary 2021., Research and Markets, “SD-WAN – Global Market Trajectory & Analytics,” April 2021., Market Growth Reports, “Global Network Detection and Response (NDR) Market Growth (Status and Outlook) 2021-2026,” July 2021., Expert Market Research, “Global Unified Threat Management Market: By Component: Hardware, Software, Virtual; By Service: Consulting, Support & Maintenance, Managed UTM; By Deployment Mode; By Company Size; Regional Analysis; Historical Market and Forecast (2017-2027); Market Dynamics; Competitive Landscape; Industry Events and Developments,” 2021., Markets and Markets, “Secure Access Service Edge (SASE) Market with COVID-19 Impact Analysis, by Offering (Network as a Service and Security as a Service), Organization Size (SMEs and Large Enterprises), Vertical, and Region – Global Forecast to 2026,” August 2021., Global X Analysis.
4. CloudTweaks, “Infographic: How Much Data is Produced Every Day?,” accessed on Nov 15, 2021.
5. Ericsson Mobility Visualizer, “Connected Devices,” accessed on Nov 15, 2021.
7. Gallup, “Remote Work Persisting and Trending Permanent,” October 13, 2021.
8. IBM, (n1).
9. IBM, (n1).
10. CNBC, “Colonial Pipeline paid $5 million ransom one day after cyberattack, CEO tells Senate,” June 8, 2021.
11. Bloomberg, “CNA Financial Paid $40 Million in Ransom After March Cyberattack,” May 20, 2021.
12. CNBC, “Meat supplier JBS paid ransomware hackers $11 million,” June 9, 2021.
13. PCH Technologies, “Cost of Cyber Attacks vs. Cost of Cyber Security in 2021,” July 7, 2021.
14. IBM, “Cost of a Data Breach Report 2021,” July 2021.
15. PwC, “Global Digital Trust Insights 2022,” October 2021.
16. Gartner, “Gartner IT Symposium/Xpo Americas,” October 2021.
17. Infrastructure Investment and Jobs Act, H.R. 3684, 117th Cong. 2021.
18. Norton, “2021 Norton Cyber Safety Insights Report Global Results,” May 2021.
19. CNBC, “Covid-related scams have bilked Americans out of $586 million,” October 18, 2021.
20. Norton, “2021 Norton Cyber Safety Insights Report Global Results,” May 2021.
Investing involves risk, including the possible loss of principal. Cybersecurity Companies are subject to risks associated with additional regulatory oversight with regard to privacy/cybersecurity concerns. Declining or fluctuating subscription renewal rates for products/services or the loss or impairment of intellectual property rights could adversely affect profits. The investable universe of companies in which BUG may invest may be limited. The Fund invests in securities of companies engaged in Information Technology, which can be affected by rapid product obsolescence and intense industry competition. International investments may involve risk of capital loss from unfavorable fluctuation in currency values, from differences in generally accepted accounting principles or from social, economic or political instability in other nations. BUG is non-diversified.