Y

Disclaimer: Views in this blog do not promote, and are not directly connected to any Legal & General Investment Management (LGIM) product or service. Views are from a range of LGIM investment professionals and do not necessarily reflect the views of LGIM. For investment professionals only.

What happens when Zuck’s bucks get Stux?

As tech giants rush into digital currencies and payments, it’s not just consumers who will need to be careful; the likes of Facebook and Apple will have to invest heavily in cybersecurity to guard against the next Stuxnet or WannaCry.

Facebook has now revealed the first details of its long-awaited digital currency, which will be called Libra.

Libra is not the first digital currency, nor is it likely to be the last, but what distinguishes it is its potential scale. Not only does Facebook have more than two billion users – which would make it the largest country in the world by population – but 28 other major organisations, including Visa and Uber, are backing the new currency too. Libra will also be pegged to a basket of other currencies, rather than simply ethereal.

All of these advantages augur well for Libra, but we don’t really know yet whether it will become widely adopted or the dominant digital currency – let alone displace traditional currencies.

What we do know, however, is that more and more of our financial life is moving online. Facebook’s move is just the latest in a long series of attempts by businesses to capture this transition. In a different part of this ecosystem, for example, earlier this year Apple sought to consolidate the position of its Apple Pay business by launching a ‘digital first’ credit card.

At the same time, each new corporate venture into this space seems to be followed by news of another major hack. A few days after Facebook introduced Libra, a city in the US had to pay a six-figure ransom to hackers who took over its computer system. The same day that Apple unveiled its new card, it was reported that malware had been installed on more than a million computers through a backdoor.

Taking bits out of Apple

This is not purely coincidence: 100 ransomware attacks take place every 20 minutes, according to Cybersecurity Ventures. Many of these are directed at individuals or smaller businesses, but the dangers are evident at the corporate level too. Since 2005, Bloomberg has recorded almost 200 data breaches worldwide that have affected at least one million records each; 48 of those involved over 10 million records each and occurred within the past five years. On average, there has been a hack that has breached at least 10 million records approximately every 36 days.

This should be particularly alarming for the likes of Facebook and Apple pushing into digital payments and currencies: technology companies have been by some distance the worst hit, with the sector accounting for 63% of attacks in which more than 10 million records were unlawfully accessed.

These breaches cost businesses more than their reputations. Facebook is facing a $1.6 billion fine, and British Airways a penalty of €1 billion. Under the General Data Protection Regulation (GDPR), the fines associated with significant data breaches can now be up to 4% of a company’s revenues – equivalent to billions for large-caps.

These sums are not lost on executives. Forbes has reported that JP Morgan’s budget for cybersecurity was $500 million in 2016 while Bank of America Merrill Lynch’s was $400 million, both huge in their own right but dwarfed by the near $20 billion spent by the US government on cybersecurity in its 2017 budget, according to Nasdaq Global Indexes. Overall, Cyber Security Ventures has estimated that global cybersecurity spending grew by a multiple of 35 between 2004 and 2017 and is set to pass $1 trillion by 2021.

Protect and server

From an investor’s perspective, the money that organisations are devoting to fighting cyber threats clearly creates an interesting opportunity. Yet it is worth bearing in mind that not every cybersecurity provider has the necessary skills or tools to defend against every variety of attack: companies and institutions require data encryption, financial transaction protection, email security, and many more services.

We therefore believe that not only is active bottom-up research essential for identifying the companies specialising in cybersecurity, but that investors can also benefit from investing across a basket of stocks focused on different aspects of this complex ecosystem.

We do not yet know what cyber attacks will be directed at Facebook and its peers as they push further into digital payments and currencies. But we do know that a host of malicious actors will be targeting them. Malware like WannaCry and Stuxnet has now become well known; we hope that the billions being invested in cybersecurity mean we never have to hear the names of any more.