General Industry Update

CDK Global, a leading software provider to North American car dealerships, faced a significant crisis in June as an Eastern European cybercrime group demanded a ransom in the tens of millions to end a disruptive ransomware attack that began June 19. The hackers have thrown around 15,000 dealerships into disarray, crippling sales, repairs, and deliveries in a North American industry worth $1.2 trillion in annual U.S. sales. The attack was timed to affect the industry amid an end-of-quarter sales push. Reports indicate that CDK was planning to pay the ransom.

The breach led to a complete shutdown of CDK’s core dealership management system (DMS), a suite of tools essential for dealership operations, causing widespread chaos and what has been described as a “disaster” for dealerships who rely on the DMS for all functionality, from sales to stocking vehicles. This incident underscores the high dependency of the auto retail sector on a few DMS providers, exacerbated by industry consolidation.¹

Also in June, the cyberattack targeting cloud storage company Snowflake Inc could escalate into one of the largest data breaches ever recorded. Snowflake revealed that hackers had accessed customer accounts using stolen login credentials obtained through infostealing malware. The breach has affected major companies, including Ticketmaster and Santander. While hundreds of Snowflake customer passwords have already leaked online, the hackers claim to have 560 million records from Ticketmaster and 30 million from Santander. The companies have not confirmed the breach sizes.²

The ongoing fallout from these hacks highlights the growing vulnerability of critical industries to sophisticated cyber threats. That’s part of why Microsoft is set to tie employee compensation, including that of top executives, to their cybersecurity contributions, a significant shift in the company’s approach to data protection.

With the start of Microsoft’s fiscal year on July 1, one-third of the “individual performance” portion of bonuses for senior executives will depend on an independent, third-party review of their cybersecurity efforts. Cybersecurity contributions will be a discussion point for all other employees in their twice-annual reviews with managers, impacting their total compensation.

This initiative comes in response to a Department of Homeland Security report highlighting deficiencies in Microsoft’s handling of a recent breach involving U.S. government officials’ email accounts, attributed to Chinese hackers.³

Company Specific Updates

CrowdStrike Holdings Inc

In June, CrowdStrike announced that it exceeded Q1 estimates, with adjusted earnings per share of $0.93 (on analyst estimates of $0.90) and revenue that also exceeded forecasts, hitting $921.0 million against the expected $904.7 million (up 33% year-over-year). As a result, CrowdStrike has raised its full-year earnings and revenue guidance. For Q2, the company now projects adjusted earnings per share to be up seven to eight cents from previous estimates and revenue of $958.3 million to $961.2 million, surpassing the $954.6 million forecast.⁴

Shares of CrowdStrike also got a significant bump in June following the announcement of the cybersecurity firm’s addition to the S&P 500 index, replacing Comerica. The inclusion, effective June 24, often prompts fund managers tracking the benchmark to adjust their portfolios, boosting the stock of newly added companies. Analysts project that indexers may purchase approximately 30 million shares of CrowdStrike. CrowdStrike, with a market cap exceeding $90 billion, has been profitable for the past five quarters, a key criterion for S&P 500 inclusion. CEO George Kurtz hailed this achievement as a testament to the company’s sustained efforts since its inception in 2011.⁵

CyberArk Software Ltd

CyberArk announced in June its partnership with the Coca-Cola Hellenic Bottling Company (Coca-Cola HBC) to bolster the beverage producer’s cloud security and manage privileged access. The move is part of Coca-Cola HBC’s strategy to enhance its security framework amid an extensive digital transformation. The company, which operates across 29 European and African markets with over 33,000 employees, required a solution to secure cloud workloads and provide centralized privileged access management (PAM) for its IT administrators and numerous external vendors.

CyberArk’s Identity Security Platform was selected for its ability to manage endpoints, workforce, and privileged access from a single platform. Given the diverse and complex nature of its operations, which span software, factories, and supply chains, this capability is crucial for Coca-Cola HBC. The platform addresses the need to secure sensitive access while minimizing operational disruptions. Theodoros Stanimerakis, Cyber Security Platforms Manager at Coca-Cola HBC, emphasized the importance of an innovative and reliable solution to protect critical assets. Rich Turner, President of EMEA at CyberArk, highlighted the ongoing challenges of securing third-party access and expressed gratitude for Coca-Cola HBC’s decision to standardize on CyberArk, which will enhance their overall cybersecurity posture.⁶

CYBR ETF: Diversified Investing in Cybersecurity

A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.

Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cybersecurity industry. For more information, visit the fund page here:

Portfolio Strategy and Activity

For the month, CrowdStrike Holdings Inc made the largest contribution to the Fund, followed by CyberArk Software Ltd and Palo Alto Networks Inc. The largest detractors to performance for the month were Trend Micro Inc, followed by BlackBerry Limited and Darktrace PLC.



  1. Trudell, C., “CDK Hackers Want Millions in Ransom to End Car Dealership Outage,” Bloomberg, June 21, 2024;
  2. Gorrivan, C., Murphy, M. & Ford, B., “Hackers Demand as Much as $5 Million From Snowflake Clients,” Bloomberg, June 17, 2024;
  3. Novet, J., “Microsoft employees’ cybersecurity contributions will factor into their pay,” CNBC, June 13, 2024;
  4. Lipton, J. & Hyman, J., “CrowdStrike earnings top estimates, raises full-year guidance,” Yahoo Finance, June 4, 2024;
  5. Novet, J., “CrowdStrike rallies to record on cybersecurity company’s inclusion in S&P 500,” CNBC, June 10, 2024;
  6. “Coca-Cola Hellenic Bottling Company Selects CyberArk For Identity Security,” CyberArk, June 6, 2024;

Header image source: Getty Images Credit: Just_Super

The contents of this blog are not to be used or construed as investment advice or as an endorsement or recommendation of any entity or security discussed. These contents are not an offer or solicitation of an offer or a recommendation to buy or sell any securities or financial instrument, nor shall it be deemed to provide investment, tax or accounting advice. The information contained herein is intended for informational purposes only.
Commissions, management fees and expenses all may be associated with exchange traded funds (ETFs) and mutual funds (funds). Please read the prospectus before investing. ETFs and mutual funds are not guaranteed, their values change frequently, and past performance may not be repeated. There are risks involved with investing in ETFs and mutual funds. Please read the prospectus for a complete description of risks relevant to ETFs and mutual funds. Investors may incur customary brokerage commissions in buying or selling ETF and mutual fund units. Certain statements contained in this blog may constitute forward-looking information within the meaning of Canadian securities laws. Forward-looking information may relate to a future outlook and anticipated distributions, events or results and may include statements regarding future financial performance. In some cases, forward-looking information can be identified by terms such as “may”, “will”, “should”, “expect”, “anticipate”, “believe”, “intend” or other similar expressions concerning matters that are not historical facts. Actual results may vary from such forward-looking information. Evolve Funds undertakes no obligation to update publicly or otherwise revise any forward-looking statement whether as a result of new information, future events or other such factors which affect this information, except as required by law.

Tags Crowdstrike  cyberattack  CYBR etf  Hackers  Palo Alto Networks  ransomware