Investing in firms profiting from the growth of cyber attacks


The lineup of high-profile cyber-security hacks has been growing swiftly, and the businesses that strive to stop such assaults are growing impressively.

The new attack on Parliament and the “ransomware” requests that affected the NHS in May are one of the latest in a series of cyber attacks.

Businesses that could profit from heightened awareness of the risks include those that provide hardware and software to keep data secure and those that advise on where organisations may be in danger.

These fledgeling sectors of the economy are growing at a fast pace. Their earnings are estimated to be rising by about 11 percent a year, and between 2017 and 2021 global expenses on cyber security is expected to go beyond $1 trillion (£780bn).

An exchange-traded fund (ETF) exists that invests only in these specific firms. The ETFS ISE Cyber Security Go ETF was plunged in September 2015 and since then has returned 33.4 percent.

Although this is a good performance, this is somehow short of both global stocks, which have increased by 49.2 percent, and the global technology sector, which has gained a remarkable 67.9 percent.

So far this year the ETF, whose yearly charge is 0.75 percent, has increased by 10.6 percent. The result, however, was a surprise because the fund has attracted a big deal of interest from investors, who have put £128m into it so far this year, including an astonishing £70m since the ransomware attack in May.

It is a hot investment right now given that ETF has assets of only £200m in total. Most of the investment has come from experts such as wealth managers.

Howie Li, the head of Canvas, and an ETF provider said “Technology is transforming the way we live and operate in our daily lives and the risk to our identity and online profile is only going to increase.”

On top of these trends, EU legislation that gets into force next year – called the “General Data Protection Regulation” – is pushing companies’ investment in cyber security.

The regulation gives firms 72 hours to reveal that they have been a victim of a data breach once they have discovered it, a progress that brings Europe into line with the United States.

The fines for negligence in shielding personal information are critical: fines of up to 4 percent of yearly global turnover or €20m (£17.5m), whichever is higher.

Mr Li said the new EU law was a “huge stick” that would prompt companies to secure themselves from these threats.

“I believe that there are a lot more unreported than reported hacks and attacks. What you don’t want as a listed company are concerns around data protection, particularly given how damaging it can be for a company’s reputation,” he said.