It’s been a brutal year for the stock market—especially technology stocks—but certain areas of the tech industry have done better than others: software infrastructure, and in particular, cybersecurity stocks.

While keeping a company’s intellectual property and customer data safe has always been important, security awareness came more into focus during the pandemic as businesses adapted to a new operating model which saw millions of people working from home.

With more working from home, and more business meetings going virtual, companies were forced to develop and provide a remote, cyber-safe working environment. This was especially important when you consider the fact that even before the pandemic, 47% of people working from home fell for phishing scams.

How Did the Pandemic Affect Cyberattacks?

For cybercriminals, the pandemic was an opportunity to ramp up their criminal activities and exploit at-home vulnerabilities. It didn’t take long for cybercriminals to jump into action. Between February and May 2020, more than half a million people were hit by cyber breaches where the personal data of video conferencing users was stolen and sold on the dark web to other cybercriminals.

Part of the problem during 2020 and 2021 was that many businesses continued to allow employees to use their own devices. Moreover, a home working environment does not have the same sophisticated cybersecurity and detection measures that a corporate office does. On top of that, home Wi-Fi networks are a lot easier to attack.

It might be cheaper to allow employees to use their own devices at home, but the long-term ramifications are a lot more costly. In addition to a business’ reputation being hit, the average cost of a data breach resulting from remote work during the pandemic was around $133,000.

It’s a lucrative business for cybercriminals, which explains why cybercrime costs have soared over the last five years and are expected to continue to surge.

Just six years ago, the cost of cybersecurity attacks was around $325 million. In 2017, the number increased to $5 billion, and in 2019, it exploded to $11.5 billion. That’s just the beginning.

From 2020 to 2025, the global cost of cybercrime is projected to hit $10.5 trillion, expanding at a compound annual growth rate (CAGR) of 15%. To put that number into perspective, that’s larger than the annual damages from natural disasters and more profitable than the global trade of all major illegal drugs.

Cyberthreats have also evolved, which shows how vulnerable at-home workers are. Before the pandemic, roughly 20% of cyberattacks used previously unseen malware or methods. During the pandemic, that number rose to 35%. Some of the more sophisticated attacks used a form of machine learning that adapts to its environment and remains hidden.

Companies of every industry are at risk of being attacked, but some are more vulnerable than others. The most susceptible industries to cyberattacks include healthcare, financial services, retail, education, energy and utilities, government, and manufacturing.

Have Cyberattacks Slowed Down in 2022?

With more people returning to their offices, 2022 started out as a promising year for curbing cyberattacks. But after a lull during the first quarter, data breaches experienced significant growth in the second and especially the third quarter.

That doesn’t mean the first quarter of 2022 was uneventful. IBM and the Ponemon Institute looked at 550 global organizations that suffered a data breach in the 12-month period ending in March 2022. The average cost to clean up after the attack was USD$4.35 million. That’s up 2.6% from the previous 12-month period. In Canada, the average cost to the 25 organizations looked at was USD$5.4 million.

During the second quarter, the average number of weekly attacks increased 32% year-over-year. That pales in comparison to the third quarter, where the number of breaches climbed 70% quarter-over-quarter to 108.9 million.

Below are some of the biggest cyberattacks so far in 2022.

November 2022: Cyber Criminals Steal Medibank Data of 9.7 Million Customers

In early November, an unidentified hacking group threatened Medibank, the largest health insurance provider in Australia. The group said it possessed data on 9.7 million current and former customers and that if their demands were not met within 24 hours, they would publish the data. Medibank refused to pay the ransom and the patient information was leaked on the dark web.

September 2022: American Airlines Admits Data Breach

It took a while, but in September, American Airlines said it discovered a data breach in July. The company said the number of those impacted was very small—around 1,700 customers’ and employees’ data were stolen. The breach was a result of a phishing attack.

August 2022: 130+ Companies Hit in Oktapus Phishing Breach

In late August, it was announced that a months-long phishing campaign had compromised the data of at least 130 companies, including Cloudflare, DoorDash, Mailchimp, and Twilio. Targeted individuals were directed to fake authentication pages where they entered their login credentials.

July 2022: Hackers Try To Sell Data of 5.4 Million Twitter Users

On July 21, a hacker said they had the personal data of 5.4 million Twitter users, including phone numbers and email addresses. The asking price for the data was in excess of $30,000.

March 2022: Ronin Network Robbed of $620 Million in Crypto Heist

On March 23, a group of hackers helped themselves to $620 million in cryptocurrency from the Ronin Network. Most of the money was stolen from Axie Infinity, a game that uses cryptocurrency and NFTs.

It is thought the hackers, known as the Lazarus Group, have ties to North Korea. Although, the hermit regime has denied that it had anything to do with the Axie Infinity crypto heist and a 2014 hacking of Sony Pictures.

Cybersecurity Stocks Outperform in Bear Market

Perhaps not surprisingly, cybersecurity stocks have been bucking the stock market sell-off that has seen the tech-heavy Nasdaq fall into bear market territory and the S&P 500 stall in correction territory.

For all of the above reasons, cybersecurity is no longer viewed as a luxury. It’s a necessity. And, as we have seen, whether the economy is doing well, in a pandemic, or facing a recession, cybercriminals are hard at work.

Investing in Cybersecurity with CYBR ETF

A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security, and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.

If you’re looking to invest in a cybersecurity ETF, consider Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR). CYBR ETF invests in global companies involved in the cybersecurity industry. For more information, visit the fund page here:

For the latest information on cybersecurity investing and industry updates on related investment products, sign up for our weekly newsletter here.


The contents of this blog are not to be used or construed as investment advice or as an endorsement or recommendation of any entity or security discussed. These contents are not an offer or solicitation of an offer or a recommendation to buy or sell any securities or financial instrument, nor shall it be deemed to provide investment, tax or accounting advice. The information contained herein is intended for informational purposes only.
Commissions, management fees and expenses all may be associated with exchange traded funds (ETFs) and mutual funds (funds). Please read the prospectus before investing. ETFs and mutual funds are not guaranteed, their values change frequently, and past performance may not be repeated. There are risks involved with investing in ETFs and mutual funds. Please read the prospectus for a complete description of risks relevant to ETFs and mutual funds. Investors may incur customary brokerage commissions in buying or selling ETF and mutual fund units.
Certain statements contained in this blog may constitute forward-looking information within the meaning of Canadian securities laws. Forward-looking information may relate to a future outlook and anticipated distributions, events or results and may include statements regarding future financial performance. In some cases, forward-looking information can be identified by terms such as “may”, “will”, “should”, “expect”, “anticipate”, “believe”, “intend” or other similar expressions concerning matters that are not historical facts. Actual results may vary from such forward-looking information. Evolve Funds undertakes no obligation to update publicly or otherwise revise any forward-looking statement whether as a result of new information, future events or other such factors which affect this information, except as required by law.

Tags cyber security  cyberattack  cybercrime  cybercriminal  cybersecurity  cybersecurity etf  cybersecurity stocks  CYBR etf  Evolve ETFs  investing  Pandemic  ransomware  technology