Cybersecurity and financial crime – what it means for you

If breaking news is anything to go by, large-scale data breaches and cyber-attacks are increasingly common. They can have devastating effects on companies, organisations and individuals.

In the first half of 2017, losses due to financial fraud fell by 8 per cent. However, in the UK alone, there were still 937,518 cases of financial fraud, equating to losses of £366.4 million as criminals continue in their attempts to circumvent banks’ security systems by using a range of tactics to steal customers’ personal and security information (Financial Fraud Action UK).

In May 2017, the WannaCry ransomware attack hit worldwide. The European crime agency Europol estimated that more than 200,000 computers were infected in 150 countries. In the UK, it was particularly damaging for the NHS, with thousands of devices and PCs unable to run as a result – which, in turn, had a detrimental effect on patient care.

We’re only going to see more and more hacks of big businesses.

In September 2017, Equifax, the credit rating agency, revealed that it had been hacked, losing the personal details of some 143 million Americans – 44 per cent of the adult population – as well as more 637,000 UK citizens.

Five things you can do right now to be more cybersecure

Investec’s global head of fraud, Eddie McGovern, offers five simple ways in which you can protect yourself online:

The increasing prevalence in both the sophistication and frequency of attacks hasn’t gone unnoticed. Companies are investing millions in cybersecurity and chief security information officers, or their equivalents, find themselves now more regularly appointed to executive boards.

But even with increased investment in cybersecurity, businesses face an uphill task to stay ahead of the hackers. “We’re only going to see more and more hacks of big businesses,” says Eric Ogren, a senior information security analyst at 451 Research.

“More large organisations are doing business directly with consumers, so those businesses have more information to steal and hackers have ready access to easy-to-use automated tools.”

In addition, disclosure regulations, such as those enforced by the EU General Data Protection Regulations, which will be implemented in 2018, force companies to go public with their breaches. Ogren believes this will arm cyber-criminals with better knowledge and vulnerable targets: “We’re looking at the new normal here,” he said.

Large-scale cyber-attacks will likely become more frequent, and bigger. The director of the UK’s National Cyber Security Centre, Ian Levy, recently warned that it would only be a matter of time before the UK has to deal with its first “category one” cyber-attack, which would require a response on a national scale.

But while organisations strive to strengthen their cybersecurity, there is one beneficiary, aside from the hackers: companies providing tools for the defence. “Investors are seeing big opportunities,” says Raj Samani, chief scientist at anti-virus company McAfee.

“According to CB Insights, the first quarter of 2017 set a five-year record for deals in the private security space.” In that Q1 report, the VC database declared 35 deals for a total of £179m ($237m), including $73m of growth equity funding for identity management firm Verisys and $45m in Series C funds for Bitglass, a maker of cloud security software.

Saavan Shah, a director at Chrystal Capital, a family-office network funding firm, says that his company had seen an uptick in the number of cybersecurity deals in the last 12 months. Echoing this is Peter McLintock, a corporate partner and private equity specialist at Mills & Reeve. He believes private equity houses have begun to realise the benefits of cybersecurity ventures and are putting their money forward as a result.

“It’s no surprise that private equity investors are increasingly exploring the cybersecurity space."

“It’s no surprise that private equity investors are increasingly exploring the cybersecurity space,” says McLintock. “In such a burgeoning sector, the successful security business can experience exponential growth via an invention or idea becoming widely adopted. It is also likely that big businesses may seek to take such companies in-house. We’re seeing crazy multiples being paid for such deals – far in excess of income – because they offer a solution which cannot be measured simply in revenue terms.

”There are cybersecurity-only funds. James Smith, CEO of Bitcoin surveillance firm Elliptic, which in 2016 raised $5m (£3.7m) in a Series A funding round, explained that one of its key investors, Paladin, focuses primarily on companies in the security sector.

Cybersecurity stocks have boomed since the WannaCry attack. A PureFunds ISE Cyber Security ETF rose 3% the day after the attack, while shares in cybersecurity provider Sophos increased by 31 per cent in the weeks following the ransomware campaign (source: This Is Money).

As high-profile breaches increase – and, along with them, the media’s love of a cyber-attack story – so does investment into new cybersecurity companies and technologies. Hacks of individuals, too, will likely grow, as more people come to own more hackable devices. Raj Samani of McAfee believes that only continued investment in cybersecurity will help potential targets stay one step ahead of the rapidly growing cyber-threat.

Sooraj Shah writes about the business of technology for New Statesman, Computing and Forbes. This article was first published in The Stand.