Season 3, Post 24: “It’s like the mob taking over New York”
When the founder of a cybersecurity business says the above about the growth of the ransomware industry, you know there’s a problem. If data is the lifeblood of modern business, then ransomware could be considered akin to a heart attack. Consider the impact of recent high-profile strikes such as those that affected the Colonial Pipeline and the Irish healthcare system. Ransomware is big business (over 300m attacks occurred globally in 2020, per Statista) and it’s here to stay.
To understand just how significant the ransomware threat is as well as to get a broader impression of the current state of the cybersecurity market, your author met with James Chappell, Co-Founder and Chief Innovation Officer of Digital Shadows, earlier this week. Digital Shadows (a private business) was founded a decade ago and numbers organisations such as Pret a Manger, Regeneron and Freshfields among its clients. James began our discussion by noting that “there’s an argument to suggest that the cybersecurity market is broken.” Sure, the whole premise for cyberattacks is based on an asymmetry between the attacker and the defender – defenders (i.e. consumers and/or businesses) need to be vigilant 100% of the time, whereas cyber criminals need only to be successful just once to achieve their ends.
Solving this inherent challenge won’t be easy, particularly since “everyone is looking for a silver bullet”, per James. Purchasers of cybersecurity products often know neither what to ask for nor how to value it, especially since the industry is “playing catch up just to stand still.” The threat landscape continues to evolve, and ransomware has become an increasingly proven model for criminals, especially since insurers have begun to pay-out to businesses exposed to such attacks. Ransomware gangs (of which there are estimated to be over a thousand) might hence be the new ‘mob.’
The good news is that there are solutions at hand. While technology solutions continue to play an important role, much of it begins with better education at multiple levels. Think of this in respect of educating how IT systems are built and maintained for maximum resilience to the threats, but also in ensuring that individuals who remain highly susceptible to phishing and other attacks are aware of their susceptibility. At the same time, the industry lacks trained IT professionals (there are currently at least 3.5m unfilled cybersecurity jobs in the world, per Cybersecurity Ventures) and there is a logical case for more globalised standards. James made the valid analogy with the auto industry. Purchasers of cars know that the vehicle they are purchasing meets minimum safety standards that have been independently verified. The same could be possible in the future with cyber products. We concur with the view that the world “decided to become a digital economy without thinking about the implications.” Have no doubt, cybersecurity will (need to) improve.
18 June 2021
The above does not constitute investment advice and is the sole opinion of the author at the time of publication. The author of this piece has no personal direct investment in the business. Past performance is no guide to future performance and the value of investments and income from them can fall as well as rise.
Alex Gunz, Fund Manager
Disclaimers
The document is provided for information purposes only and does not constitute investment advice or any recommendation to buy, or sell or otherwise transact in any investments. The document is not intended to be construed as investment research. The contents of this document are based upon sources of information which Heptagon Capital LLP believes to be reliable. However, except to the extent required by applicable law or regulations, no guarantee, warranty or representation (express or implied) is given as to the accuracy or completeness of this document or its contents and, Heptagon Capital LLP, its affiliate companies and its members, officers, employees, agents and advisors do not accept any liability or responsibility in respect of the information or any views expressed herein. Opinions expressed whether in general or in both on the performance of individual investments and in a wider economic context represent the views of the contributor at the time of preparation. Where this document provides forward-looking statements which are based on relevant reports, current opinions, expectations and projections, actual results could differ materially from those anticipated in such statements. All opinions and estimates included in the document are subject to change without notice and Heptagon Capital LLP is under no obligation to update or revise information contained in the document. Furthermore, Heptagon Capital LLP disclaims any liability for any loss, damage, costs or expenses (including direct, indirect, special and consequential) howsoever arising which any person may suffer or incur as a result of viewing or utilising any information included in this document.
The document is protected by copyright. The use of any trademarks and logos displayed in the document without Heptagon Capital LLP’s prior written consent is strictly prohibited. Information in the document must not be published or redistributed without Heptagon Capital LLP’s prior written consent.
Heptagon Capital LLP, 63 Brook Street, Mayfair, London W1K 4HS
tel +44 20 7070 1800
email [email protected]
Partnership No: OC307355 Registered in England and Wales Authorised & Regulated by the Financial Conduct Authority
Heptagon Capital Limited is licenced to conduct investment services by the Malta Financial Services Authority.