- Ransomware attacks have caused massive damage to businesses this year.
- Analysts at JPMorgan have said costs stemming from attacks are set to grow fourfold by 2030.
- As firms and governments fight back, opportunities for investors will arise.
Cybercrime has made a lot of headlines over the past year, but if one of the top banking giants is to be believed, we haven’t seen anything yet.
“Ransomware” attacks caused massive damage to businesses this year as tech-savvy criminals took companies’ IT systems hostage and demanded payment to relent in their nefarious actions.
In JPMorgan’s “Outlook for 2022 and Beyond,” Joyce Chang, the chair of global research at the bank, and the software-stocks analyst Sterling Auty said this undesirable trend was just getting started.
“2021 was marked by a series of cyberattacks across industries and critical infrastructure with the estimated cost of cybercrime increasing by more than 50% over the past two years alone, representing a $1 trillion drag, or roughly the equivalent of 1% of GDP,” Chang said.
Chang added that the SolarWinds attack this year interrupted the transportation of 45% of US fuel supply. As a result, the Biden administration declared a state of emergency that affected 17 states and the District of Columbia.
Other high-profile attacks over the past year highlighted by Chang and Auty included the Microsoft Exchange vulnerability exposure and the Colonial Pipeline attack. Estimated losses from cyberattacks are estimated at nearly $500bn from operation risk events between 2011 and 2020, JPMorgan said, citing data from the National Bureau of Economic Research.
The growing cost of cybercrime
Referencing data from Cybersecurity Ventures, Chang said the annual costs generated by cyberattacks could skyrocket from $65 billion in 2021 to $265 billion by 2031.
The firm said the average downtime of IT systems after a ransomware attack was 21 days and it took a business an average of 287 days to fully recover. Schools and government departments have also been hit and remain vulnerable in many cases.
Chang and Auty also emphasized the crossover between cybercrime and the rise of crypto assets in the outlook note.
"The proliferation of cryptocurrency and stablecoins has fueled the growth of ransomware and RaaS models, using 'double extortion' to decrypt an organization's data, with the threat to release the data on the internet unless ransom is paid," Chang said.
"These decentralized markets operate beyond the control of central governments," Chang added. "The US has been the target for more than 85% of the 423 confirmed organization ransomware incidents reported in 2020/2021, while China and Russia are the most notable offenders for significant cyber incidents since 2006, according to the Center for Strategic and International Studies."
Cybersecurity stock picks
This situation does create opportunity for companies that can offer some protection from cybercrime.
"The need for greater spending on cyber security will only intensify with the proposal of new regulations and antitrust enforcement on Big Tech," Chang said. "Geopolitically sensitive cyberattacks have displaced the pre-pandemic challenges that had mainly centered on mass data breaches, with cybersecurity now seen as a national security issue."
Change added: "Cybersecurity demand is escalating as the shift to the cloud and digital transformations are motivating companies to adopt Zero Trust Architectures that treat all users inside or outside the organization the same to minimize threats."
She said there were "five main pillars" of this: robust identity solutions, remote access, cloud, data, and endpoint security.
Chang and Auty said the leading stocks operating in these areas were CrowdStrike, which offers endpoint and cloud services; Okta, an identity manager; Zscaler, a remote-access service; Cloudflare, another remote-access cloud provider; and Varonis, a data-services firm.
But the market leaders may not always be the best option for investors seeking returns, Chang said.
"With most of these companies trading in excess of 20x revenue, and Cloudflare at 76x revenue, we favor names such as CyberArk, Tenable, and Varonis that trade at fractions of the valuation with similar focus," she said.
Shares in Cloudflare have almost doubled in value this year, while those in CyberArk have lost 4%.