View from Investment & Portfolio Advisory
Erdinç Benli Investment & Portfolio Advisory, Rothschild & Co Bank AG
1. How did it evolve?
Advances in artificial intelligence, the internet of things as well as the emergence of a hybrid work environment as a result of the pandemic (see Future of Work) have increased the potential for attacks and our reliance on cybersecurity. This is further accelerated by the ongoing digital transformation of companies. Whereas in the past cybercriminals often focused on stealing personal information such as credit card data and Social Security numbers, these days major cyberattacks are increasingly conducted by geopolitical adversaries like China and North Korea, and often focus on shutting down critical supply chains and infrastructure. According to the Allianz Risk Barometer, cyber perils are now the biggest concern for companies globally in 2022 and cybersecurity one of the most systemically important issues facing the world today with the cost of cybercrime increasing dramatically (Chart 1).
Chart 1: Estimated cost of cybercrime in trillion USD (US$)
In little over a decade, cybersecurity has been transformed from a primarily technical domain centered on securing networks and technology to a major strategic topic of global importance.
2. How do they happen?
From accessing private information to disrupting business processes, extorting money to halting manufacturing, cyberattacks are diverse and increasingly sophisticated. The various ransomware attacks of 2022 show the global scale of the cybersecurity problem. They also demonstrated the complexity of today's cyberattack and displayed how serious of a threat they are to both private service providers as well as to even the most advanced technology companies. At the same time, they come at a serious price.
3. What's the outlook?
Going into 2023, cybersecurity is still topping the list of concerns. This comes as no surprise. In the first half of 2022, there were 2.8 billion worldwide malware attacks and 236.1 million ransomware attacks. By year end 2022, it is expected that six billion phishing attacks will have been launched.[1] The cost of breaches to an organization is high, amounting to an average of US$ 3.6 million per incident.[2] Perhaps even more troubling is the growing trend that companies need 280 days on average to identify and respond to a cyberattack.[3] To put this into perspective: An incident which occurs on 1 January may not be fully contained until 8 October. It is unlikely that this issue will diminish in pace or severity any time soon.
* Increased connectivity means more targets for cyberattacks, and poorly secured devices run the risk of being infected with malware and expose to phishing attacks.
** Made to computer giant Acer in March 2021
Sources: Security Today report, The IoT Rundown For 2020: Stats, Risks, and Solutions, Checkpoint, MCfee, CNBC, cybersecurity Ventures, and BCG Analysis, Gartner.
[1] https://grcviewpoint.com/this-year-is-expected-to-witness-around-6-billion-phishing-attacks/ [2/3] Cost of a Data Breach Report 2021, 2021, IBM. https://www.ibm.com/reports/data-breach