Conflict demonstrates growing role of cyber

Over six weeks have elapsed since Russia began its invasion of Ukraine and the plight of financial markets remain in the throes of the conflict. Along with traditional methods of warfare there is a clear sense cyber warfare is playing a role, even if it is hard to accurately ascertain how prominent that role is.

Cyber-attacks can take two broad forms – direct and indirect

Direct attacks involve hackers focusing solely on one target for data extraction or extortion whereas indirect attacks aim to disrupt via know-on-effects.  Infrastructure is often a target for indirect attacks, with assaults aimed at banking systems, communications, transportation, and water treatment.  A pertinent example is when Russian hackers caused power outages for around 230,000 inhabitants of western Ukraine in 2015.

There are many modes of cyber-attack, but three of the most common are malware, distributed denial-of-service (DDoS) and zero-day. Malware is used to attack information systems and can be used by hackers to steal or secretly copy sensitive data, block access to files, disrupt system operations or make systems inoperable. Ransomware, Spyware and Trojans are examples of malware. One of the most destructive cyber assaults in history came in 2017, when the “NotPetya” malware attack caused an estimated US$10bn of damages worldwide, with several large companies including Maersk, FedEx and Merck badly hit. US intelligence attributed the attack to Russia.

A DDoS attack involves hackers bombarding an organisation’s servers with large volumes of simultaneous data requests, incapacitating the servers, and rendering them unable to handle any legitimate requests. Last month a DDos attack left the websites of several Ukrainian banks and government websites temporarily inaccessible.

A zero-day attack is essentially an attack which hasn’t been seen before. These involve a newly identified vulnerability in IT infrastructure being first exploited by hackers.

From an investment perspective, the main listed cyber security companies primarily focus on software solutions that protect corporates, rather than countries. Cyber remains a key challenge for businesses, with organised crime becoming increasingly sophisticated while remote working also creates more routes to hack a company.

Given the human element, we see the cyber threat as a whack-a-mole problem – constantly evolving and very hard to resolve. 

Therefore, this makes cyber a durable investment theme, as money must chase the latest innovation to contain the problem. A recent Chief Technology Officer (CTO) survey showed security software is one of their top three priorities, behind cloud and digital transformation. What is more, respondents revealed that security software is the area of IT spending that is least likely to get cut.

We have seen this reflected in the fundamentals of cyber security companies such as Palo Alto Networks. For them, working from home and the digital transformation of businesses has meant that spending on cyber security grew circa 30% year-on-year. Looking forward, the management noted a strong backlog and improving pipeline visibility into the second half of its fiscal year, with the company guiding growth in excess of 25%. We would expect the Ukrainian crisis and the usage of cyber-attacks as a modern tool of warfare to mean that cyber spending continues to remain a top priority for governments and corporates alike.

This is a marketing communication and is not independent investment research. Financial Instruments referred to are not subject to a prohibition on dealing ahead of the dissemination marketing communications. Any reference to any securities or instruments is not a personal recommendation and it should not be regarded as a solicitation or an offer to buy or sell any securities or instruments mentioned in it.