If breaking news is anything to go by, large-scale data breaches and cyber-attacks are increasingly common. They can have devastating effects on companies, organisations and individuals.
In the first half of 2017, losses attributed to financial fraud fell by 8%. However, in the UK alone, there were still
937 518 cases of financial fraud, equating to losses of £366.4m as criminals continued in their attempts to circumvent banks' security systems by using a range of tactics to steal customers' personal and security information (source: Financial Fraud Action UK).
In May 2017, the WannaCry ransomware attack hit worldwide. The European crime agency, Europol, estimated that more than 200 000 computers were infected in 150 countries. In the UK, it was particularly damaging for the National Health Service, with thousands of devices and PCs unable to run as a result – which, in turn, had a detrimental effect on patient care.
We're only going to see more and more hacks of big businesses.
In September 2017, Equifax, the credit rating agency, revealed that it had been hacked, losing the personal details of about 143 million Americans – 44% of the adult population – as well as more than 637 000 UK citizens.
Five things you can do right now to be more cyber secure
Investec's global head of Fraud Prevention, Eddie McGovern, offers five simple ways in which you can protect yourself online:
1. Multiple passwords
Don't unwittingly make it easy for fraudsters by using the same password for everything. Use a different password for every account and avoid using password manager applications.
2. Use secure networks
Avoid using public computers or insecure Wi-Fi for financial matters. If you have no choice, log out of your online account before you leave and never save passwords.
3. Use biometric technology
We encourage individuals to sign up to voice biometric technology – just like fingerprint recognition, it provides you with a unique recognisable voice print.
4. Use two-factor authentication
In addition to your password, two-factor authentication means clearing an additional layer of security by entering an extra piece of information.
5. Stay up to date
Keep software, antivirus software, operating systems, banking apps and web browsers up to date.
Keeping up with the hackers
The increasing prevalence in both the sophistication and frequency of attacks hasn't gone unnoticed. Companies are investing millions in cybersecurity, and chief security information officers, or their equivalents, are now finding themselves being more regularly appointed to executive boards.
But even with increased investment in cybersecurity, businesses face an uphill task to stay ahead of the hackers. "We're only going to see more and more hacks of big businesses," says Eric Ogren, a senior information security analyst at 451 Research.
"More large organisations are doing business directly with consumers, so those businesses have more information to steal and hackers have ready access to easy-to-use automated tools."
In addition, disclosure regulations – such as those enforced by the EU General Data Protection Regulations, implemented in 2018 – force companies to go public with their breaches. Ogren believes this will arm cyber-criminals with better knowledge and vulnerable targets: "We're looking at the new normal here," he said.
Large-scale cyber-attacks will likely become more frequent, and bigger. Ian Levy, the director of the UK's National Cyber Security Centre, recently warned that it was only a matter of time before the UK would have to deal with its first 'category one' cyber-attack, which would require a response on a national scale.
Cybersecurity is big business
But while organisations strive to strengthen their cybersecurity, there is one beneficiary, aside from the hackers: companies providing tools for the defence. "Investors are seeing big opportunities," says Raj Samani, chief scientist at anti-virus company McAfee. "According to CB Insights, the first quarter of 2017 set a five-year record for deals in the private security space."
In that Q1 report, the venture capital (VC) database declared 35 deals for a total of £179m ($237m), including $73m of growth equity funding for identity management firm Verisys and $45m in Series C funds for Bitglass, a maker of cloud security software.
Saavan Shah, a director at Chrystal Capital, a family-office network funding firm, says his company has seen an uptick in the number of cybersecurity deals in the past 12 months. Echoing this is Peter McLintock, a corporate partner and private equity specialist at Mills & Reeve. He believes private equity houses have begun to realise the benefits of cybersecurity ventures and are putting their money forward as a result.
"It's no surprise that private equity investors are increasingly exploring the cybersecurity space."
"It's no surprise that private equity investors are increasingly exploring the cybersecurity space," says McLintock. "In such a burgeoning sector, the successful security business can experience exponential growth via an invention or idea becoming widely adopted. It is also likely that big businesses may seek to take such companies in-house. We're seeing crazy multiples being paid for such deals – far in excess of income – because they offer a solution which cannot be measured simply in revenue terms."
There are cybersecurity-only funds. James Smith, the CEO of Bitcoin surveillance firm Elliptic, which in 2016 raised $5m (£3.7m) in a Series A funding round, explained that one of its key investors, Paladin, focuses primarily on companies in the security sector.
Cybersecurity stocks have boomed since the WannaCry attack. A PureFunds ISE Cyber Security ETF rose 3% the day after the attack, while shares in cybersecurity provider Sophos increased by 31% in the weeks following the ransomware campaign (source: This Is Money).
As high-profile breaches increase – and, along with them, the media's love of a cyber-attack story – so does investment into new cybersecurity companies and technologies. Hacks of individuals, too, will likely grow, as more people come to own more hackable devices. McAfee's Samani believes that only continued investment in cybersecurity will help potential targets stay one step ahead of the rapidly growing cyber-threat.
Sooraj Shah writes about the business of technology for New Statesman, Computing and Forbes.
Receive Focus insights straight to your inbox