The digital pandemic
Have you ever had a childhood memory pop up from time to time? This happened to me recently, when out of the blue I was reminded of an incident from more than 20 years ago. When I was ten years old, my computer crashed for the first time. My parents were traveling that week, and the Ctrl+Alt+Del protocol that my dad patiently taught me for when things went wrong didn’t work. That was the first time I had to unplug my PC from the power outlet and manually restart it.
Like everybody else, at some point I became used to computer crashes. In my case, they usually happened because of a full hard disk, too many internet tabs opened simultaneously, trying to run games not supported by my graphics card, or other simple reasons. However, there were several times when the cause was completely out of my control. My computer had a virus.
Viruses became a more persistent problem year after year. However, looking back, it doesn’t surprise me anymore, given how exponentially malware has been growing.
Malware, which stands for any software designed to damage computers (mistakenly known as virus, which is a type of malware), became a major issue years ago, affecting anyone even minimally connected to the virtual world. The COVID-19 pandemic has exacerbated these problems even more. In fact, the FBI reported a nearly 300% increase in cybercrimes since the beginning of the public health crisis. Not long ago, cyber threats were rare and their consequences were rarely substantial. In today’s world, becoming a victim of cyber-attacks is much more a matter of when than if. The effects became quite worrisome, as our lives are digitalized more and more each day. For example, a Clark School study at the University of Maryland found that computers with internet access face a cyber-attack attempt every 39 seconds on average, which equates to over 2,200 times a day. With the exponential increase of malware incidences over the past few years, it is clear that more than luck is needed to avoid cyber-attacks. To increase online safety, active protection is needed.
The most extensive damage caused by malware happened in 2004 by a worm called MyDoom, infecting over 50 million computers globally via e-mail and causing damage equivalent to $38.5 billion. For some years now, though, the impact of cyber-attacks has become frighteningly tangible. More recently, for instance, hackers successfully took a major US fuel pipeline offline through ransomware, directly affecting the fuel price in the days following the attack. Ransomware recently became a widespread threat, with a business falling victim to this kind of attack every 11 seconds in 2021, versus 40 seconds in 2016.
The increase in both the frequency and severity of cyber-attacks is even more alarming when the industry failure rate to contain cyber threats is exposed. Companies fail, on average, 11% of the time when trying to protect against a cyber threat, with some industries such as engineering and telecommunications showing shocking failure rates of 16% and 14%, respectively. Still, 77% of organizations have no cybersecurity incident response plan.
While in 2015, cyber-attacks represented a global cost of $3 trillion, it is estimated that by 2025 this cost will increase to $10.5 trillion. According to IBM, the average cost of a successful cyber-attack that results in a data breach exceeds $3.8 million. Even though the numbers are startling and 68% of funds lost due to cyber-attacks are unrecoverable, most companies are increasing their cybersecurity budget just linearly or keeping it flat, while cyber threats are increasing exponentially. This negligence is setting a huge precedent for the continuous increase of cybercrimes, whose criminals capitalize on the general lack of digital protection — the FBI’s list of cyber’s most wanted criminals grew from 16 people in 2016 to 104 in May 2021.
Fortunately, not all companies are neglecting cyber vulnerability. The cybersecurity segment is expected to receive a total accumulated spending of $1 trillion from 2017 to 2021, with an average growth of 12–15% year-over-year until 2025. Even so, it’s not clear who is winning this race: the hackers or the protectors.
Breaches have been one of the most scandalized direct consequences of recent cyber-attacks, often exposing data from millions of customers and publicly displaying the vulnerability of companies across all segments.
Most cyber-attacks aren’t widely reported in the press since they target just one person at a time or do not create structural damage to big corporations. Ransomware received media attention recently due to the value of the requested data-rescue payments, and the frustration when a renowned company’s website and systems remain offline for hours or days until the situation is resolved. But massive data violations rarely (if ever) go unnoticed since a much wider public is indirectly involved. And breaches have a very peculiar problem: according to IBM, they take nearly 200 days on average to be discovered and up to almost 70 days to be contained.
In 2020, for example, Microsoft reported a breach of 280 million records, which begs the question of how hackers successfully threatened one of the most reputed tech companies in the world. Still, in 2020, 500,000 Zoom accounts were sold on hacker forums, and Walgreens reported a breach that included over 10 million users of its app, not to mention several other widely renowned companies that also faced major challenges with cybersecurity issues.
Ginni Rometty, IBM’s Chairwoman and CEO, said, “Cybercrime is the greatest threat to every company in the world.” The fact that it is inconclusive whether the hackers or the defenders are winning the battle opens doors for ample opportunities in the cybersecurity segment. By 2025, it is expected that 75 billion devices will be connected by IoT, or roughly eight devices for every inhabitant. Each of these devices will represent an opportunity for a cybersecurity company to offer protection against cyber threats. Also, the cybersecurity market is far from overcrowded, having reported over 4 million unfilled jobs in 2020, proving that there is still much space for further development of this segment.
With so much perspective in this market, we found no lack of opportunities to invest in groundbreaking cybersecurity companies in Israel and the US, each one with a different approach to keep their customers several steps ahead of specific cyber threats. Eclypsium, for example, is one of the only (if not the only) companies that developed a solution to control and protect firmware in scale. According to the March 2021 Security Signals report, 80% of enterprises experienced at least one firmware attack in the past couple of years. Semperis, on the other hand, drastically reduces the impact of cyber-attacks by enabling companies to recover access to their directories much faster. And while SAM can protect several interconnected devices through a router, Sepio grants protection from devices and peripherals infected with malware, such as external hard drives, mice, printers etc.
In addition to being companies that we admitted in our portfolio, they also reflect our belief in the perspectives of the cybersecurity market in the long run. Computers, mobile connections, the internet, and IoT are very recent phenomena in the history of humankind. As they evolve, and other technologies are created, loopholes will always emerge, and people will naturally rush to take advantage of them. Cybersecurity should exercise a crucial role to enable this evolution to remain as sound and as safe as possible. It will be relevant for as long as the virtual development continues to exist.
The cybersecurity market is filled with intriguing and counterintuitive information that may arouse the curiosity of anyone that is interested in technology trends. Below, we prepared a compilation of fascinating data about this segment. We hope you will enjoy it!