A recent study by Mastercard found a significant increase in cybercrime and cyberattacks in Canada since the onset of the pandemic. The study highlighted a 600% surge in cybercrime and a 238% increase in cyberattacks that cost Canadian companies more than $500 million in 2022 alone.¹ Part of the increase was due to companies shifting operations online during the pandemic and, as a result, holding more sensitive data in their systems, making them tempting targets for cybercriminals.

Although large organizations usually have robust cybersecurity measures in place, the report cited the increased vulnerability of small businesses to attacks, given that they are often less prepared and, therefore, a more attractive target.

The report also discovered that the average cost of a data breach in Canada is $5.64 million, which is $1 million more than the global average. Almost all of the victims surveyed agreed that the hack impacted their business operations, with the most common outcome being the loss of customer data. Over a third of the respondents said cyberattacks strained their relationships with vendors or customers.

While 92% of business leaders acknowledge implementing security solutions or conducting a digital risk assessment, only 39% regularly engage in vulnerability assessments. Likewise, only 56% of companies use network firewalls, only 52% use 2FA, and less than half have antivirus software, fraud protection tools, or cybersecurity-specific insurance in place.²

Also in April, the Cyberspace Administration of China (CAC) announced that generative AI services would need to undergo security reviews before they are permitted to operate in China. The CAC’s guidelines require AI content be accurately labelled, respect intellectual property, avoid discrimination, and not pose security risks. These regulations are expected to significantly impact how AI models are trained in China, with companies needing to prioritize security when developing AI. Additionally, the CAC’s emphasis on maintaining control over sensitive data highlights the importance of robust cybersecurity measures in protecting against cyberattacks and data breaches when developing AI.³

 

Updates on Specific Cybersecurity Companies

CrowdStrike Holdings

In April, CrowdStrike Holdings announced what it says is the first purpose-built extended detection and response (XDR) cybersecurity product for the Internet of Things (IoT). The new product, Falcon Insight for IoT, promises to identify threats like ransomware on IoT devices but ensure simplified deployment and interoperability across IoT devices.⁴

Ubiquitous but hard to secure, IoT devices encompass everything from medical devices to industrial technology to networked consumer products like smart speakers. And the prevalence of IoT devices is only growing. Estimates of the compound annual growth rate (CAGR) for IoT through 2030 value the market anywhere between $220 billion and more than $500 billion.⁵ A new technology that enables customers to secure their IoT endpoints for the first time offers the possibility of significant future returns as the industry grows.

NEXTDC Limited

NEXTDC, an Australian cloud and data centre provider held by the Fund, had a good April, announcing that its contracted data centre utilization is up 35.9MW to 120MW (an increase of 43%) since the end of last year.

The company’s S3 data centre in suburban Sydney saw the most significant gains in customer contracts and is now operating at 46% of its planned capacity. NEXTDC is already planning for the future by securing land to construct its S5 data centre in the Macquarie Park suburb of Sydney. This facility, which will have a capacity of 60MW+ once built, is expected to contribute revenue beginning in late FY24 and be at capacity by FY29.⁶

With their focus on cybersecurity for infrastructure, and with hosting environments such as data centres now classified as ‘critical infrastructure’ under Commonwealth Government legislation, NEXTDC is partnering with global leaders in the physical safety and security of data centres like Gunnebo to ensure their facilities meet heightened compliance obligations for both physical security as well as cybersecurity.⁷

CYBR ETF: Diversified Investing in Cybersecurity

A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security, and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio. Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cybersecurity industry.

CYBR ETF Portfolio Strategy and Activity

For the month, CACI International Inc made the largest contribution to the Fund, followed by NEXTDC Ltd and Booz Allen Hamilton Holding Corporation. The largest detractors to performance for the month were Zscaler Inc, followed by Okta Inc and CrowdStrike Holdings. On the last rebalance, these securities were added to the portfolio: Dream Security Co Ltd, Sands Lab Inc, Kape Technologies PLC, and VirnetX Holding Corporation.

For more information, visit the fund page here: https://evolveetfs.com/cybr/.

To stay updated with insights on investing and related investment products, sign up for our weekly newsletter here.

Sources:

1. “Securing the digital economy,” Mastercard, March 2023; https://www.mastercard.us/content/dam/public/mastercardcom/na/us/en/documents/Mastercard-NAM-Insights-Securing-the-digital-economy.pdf
2. “Small businesses at greatest risk during historic rise in cybercrime,” The Globe and Mail, April 5, 2023; https://www.theglobeandmail.com/business/adv/article-small-businesses-at-greatest-risk-during-historic-rise-in-cybercrime/
3. “China Mandates Security Reviews for AI Services Like ChatGPT,” Bloomberg, April 11, 2023; https://www.bloomberg.com/news/articles/2023-04-11/china-to-mandate-security-reviews-for-new-chatgpt-like-services
4. “CrowdStrike (CRWD) Launches Breakthrough XDR Solution for XIoT,” Yahoo Finance, April 12, 2023; https://finance.yahoo.com/news/crowdstrike-crwd-launches-breakthrough-xdr-132201670.html
5. Quast, J., “CrowdStrike Marches Ahead in This Multitrillion-Dollar Industry: What It Means for Investors,” The Motley Fool, April 17, 2023; https://www.fool.com/investing/2023/04/17/crowdstrike-marches-ahead-in-this-multi-trillion-d/
6. “NEXTDC Ltd (ASX:NXT) Announcement – Contracted Utilisation Update,” The Motley Fool, April 12, 2023; https://www.fool.com.au/tickers/asx-nxt/announcements/2023-04-12/2a1443040/contracted-utilisation-update/
7. “Data Sovereignty and Security Risk Management,” NEXTDC, n.d.; https://www.nextdc.com/about-us/security-risk-management

 

The contents of this blog are not to be used or construed as investment advice or as an endorsement or recommendation of any entity or security discussed. These contents are not an offer or solicitation of an offer or a recommendation to buy or sell any securities or financial instrument, nor shall it be deemed to provide investment, tax or accounting advice. The information contained herein is intended for informational purposes only.

Commissions, management fees and expenses all may be associated with exchange traded funds (ETFs) and mutual funds (funds). Please read the prospectus before investing. ETFs and mutual funds are not guaranteed, their values change frequently, and past performance may not be repeated. There are risks involved with investing in ETFs and mutual funds. Please read the prospectus for a complete description of risks relevant to ETFs and mutual funds. Investors may incur customary brokerage commissions in buying or selling ETF and mutual fund units.

Certain statements contained in this blog may constitute forward-looking information within the meaning of Canadian securities laws. Forward-looking information may relate to a future outlook and anticipated distributions, events or results and may include statements regarding future financial performance. In some cases, forward-looking information can be identified by terms such as “may”, “will”, “should”, “expect”, “anticipate”, “believe”, “intend” or other similar expressions concerning matters that are not historical facts. Actual results may vary from such forward-looking information. Evolve Funds undertakes no obligation to update publicly or otherwise revise any forward-looking statement whether as a result of new information, future events or other such factors which affect this information, except as required by law.