Where to Invest as the Cybersecurity Arms Race Heats Up
You can’t say you weren’t warned.
About a month ago, I wrote a story on cybersecurity insurance. This kind of insurance isn’t well-known. At least not yet. At the moment, many companies and vulnerable individuals don’t have enough... or any.
And for those who need it, now it’s becoming even more difficult to get.
That’s because insurers who do offer cybersecurity insurance are raising deductibles and in some cases limiting the amount of coverage to $100 million. That sounds like a lot. But for a big company that suffers a high-profile breach, it may not be nearly enough.
Costs like forensic investigations, credit monitoring, legal fees and settlements can spiral higher and soar to the stratosphere.
For example, Home Depot (NYSE: HD) was slammed with a $232 million cyber breach last year. Insurance will cover just $100 million - less than half of that. Ouch. Target’s (NYSE: TGT) big 2013 data breach cost $264 million. The company says it expects insurance to cover only $90 million of that. Double ouch!
And those are just the front-page horror stories. Insurance companies fear drowning in a flood of cybercrime. According to a study conducted by the Ponemon Institute and Hewlett-Packard (NYSE: HPQ), the average annual cost of cybercrime per large U.S. company will be $15.4 million this year. That's up 19% from $12.7 million in 2014. And it’s up 82% from six years ago.
That’s not the only reason insurance companies are limiting coverage, though. They’re also hunkering down in financial bunkers, hoping not to get caught in the crossfire of an arms race in cyberspace...
National Arsenals of Malicious Code
See, it’s not just every penny-ante crook with a modem from Moscow to Buenos Aires who is a threat - though there are millions of these Lex Luthor wannabes hacking away furiously.
No, it’s the big guns that really scare insurance giants. The digital battles between national cyber-adversaries including the U.S., China, Russia, Iran, Pakistan, India and more. At least 29 countries have military or intelligence units dedicated to taking the offensive in cyberwarfare.
These countries are stockpiling arsenals of malicious code, nearly unstoppable cyber-worms, and hiring legions of government hackers to deploy them if necessary.
The next world war will be fought in cyberspace. And the easiest way to bring a country to its knees is to wreak havoc on its financial system.
That’s why insurers are crouching low and limiting potential losses. They know they’ll get shredded in the crossfire.
Worse Than the Nuclear Option
Remember when all we had to worry about was nuclear war with Russia? Ah, the good ol’ days. That kind of war was (nearly) impossible because of mutually assured destruction (MAD). In other words, you couldn’t blow up the other guys without their hidden submarines launching nuclear missiles and getting you, too.
But in cyberwarfare, the old rules are thrown out the window. Now, an attack might be impossible to trace. Or, by the time you figure out who is attacking you...
- Your nation’s banking records are shredded.
- Likewise, your financial and economic infrastructure is torpedoed.
- Air traffic control is rendered useless.
- The Internet stops working. Your home computer and phone turn into expensive bricks.
- Your power grid is taken offline. In some cases, systems are overloaded.
- Ditto for nuclear power plants.
The list goes on. And if you take MAD off the table, that raises the risk that some loose cannon with an ax to grind is really going to push the button.
And it doesn’t have to be a major power...
The Sum of All Fears
Cyber weapons may become the next "loose nukes" problem.
“The question is: When will these leak to al Qaeda?” That’s according to James Lewis, a cybersecurity specialist who regularly advises the Obama administration. He made that point recently in The Wall Street Journal.
I’ve been investigating how swarms of hackers for the Islamic State (ISIS) are targeting the linchpins of Western civilization - computer systems, defense grids, the works. The thing about ISIS is that this terrorist group isn’t worried about bringing the world crashing to the Dark Ages. ISIS loves the Dark Ages.
A new report from Gartner says that global spending on cybersecurity will hit $75.4 billion this year. That’s up 4.7% from last year. But it’s money well spent, considering what cyberattacks would cost if they succeed.
And it still won’t be enough. The floodwaters of data-cracking keep rising. Looking ahead, a study by think tank The Atlantic Council and the Zurich Insurance Group says that cyberattacks could cost the world up to $90 trillion by 2030. That is, unless cybersecurity rises to meet the challenge.
And you know what that means... money. Now, where will that money be spent?
In the past I’ve told you about PureFunds ISE Cyber Security ETF (NYSE: HACK). Now you have a choice, with the recent debut of the First Trust NASDAQ CEA Cybersecurity ETF (Nasdaq: CIBR). Both funds are packed with companies fighting the good fight... and companies that are takeover targets as Wall Street gets serious about taking on the growing cyberthreat.