Be afraid. Be very afraid.

It’s not often you attend an event where the intention of the speakers appears to be to scare the audience witless. But that was the overall effect of ‘Cybersecurity: Threats and investment opportunities’ briefing held at Dolfin’s Mayfair offices, which gripped the 60 attendees from start to finish.

Ruslan Yusufov, Director for Special Projects at cybersecurity specialists Group IB, outlined the extent of the threat. Despite worries about state-sponsored hackers and cyber-terrorists, he quoted figures estimating that 94 per cent of cybercriminals are financially motivated, and that the annual damage to the world economy from cybercrime is $600bn.

Despite worries about state-sponsored hackers and cyber-terrorists, 94 per cent of cybercriminals are financially motivated and the annual damage to the world economy from cybercrime is $600bn.

Ruslan Yusufov, Director for Special Projects, Group IB. 

While cybercriminals often target big business, individuals are equally at risk. To illustrate the kind of data we tend to freely offer up, Ruslan pointed out that everyone in the room who was on Facebook was likely to receive friend requests from fellow audience members the next day – the result of the GPS on their phones identifying that they’d been together in the same place for an hour or so. He added that 90 per cent of individuals don’t have the inbuilt security functionality in their devices turned on.

After running through some eye-watering statistics on the vulnerability of cryptocurrencies – including the estimated $1.1bn of funds that have been hacked in 2018 – he concluded by saying: “Cybercriminals can steal just as much money as they could by robbing a bank, but the chances of being caught are much lower.”

Access all areas

Transputec CEO Sonny Sehgal and ThreatSpike Labs CEO Adam Blake were scarcely more reassuring as they outlined the state of cybersecurity in financial services. “We’re constantly surprised by how easy it is to get access to a corporate network,” said Sonny. “Wifi networks in particular are vulnerable.”

He ran through the measures companies should take to defend themselves: in particular, the importance of training employees – the easiest targets for criminals – in cybersecurity and teaching them to ask the right questions. He also emphasised that companies either need to have cybersecurity skills in-house, or an external partner who can help.

And he had some stark warnings about the forces we’re up against. “A lot of people in this room are probably exposed already,” he said. “Hackers will always find a way to get into your organisation. You’re going to lose money.”

Password protection

The presentations were followed by a panel discussion in which the experts gave some tips on cybersecurity, particularly for small businesses. Adam pointed out that 90 per cent of attacks on smaller organisations focus on email, so imposing two-factor authentication for access to email accounts is a must. Sonny also suggested using complex passwords and password management software.

Meanwhile, Ruslan was keen to dispel the myth that cybercriminals are all expert coders. “Cybercrime is a business,” he said. There are service providers who will sell you whatever you need, whether that is an off-the-shelf virus, access to a computer network that has already been hacked, or illegally obtained sets of personal data. “There are millions of people involved in this worldwide,” he added. “It’s easy money.”

Unicorns and cockroaches

Where there are threats, there are usually opportunities, and that’s certainly the case with cybersecurity. Alexey Debelov, a partner at FP Wealth Solutions, quoted Goldman Sachs research to the effect that 45 per cent of global CIOs expect to accelerate their spending on IT security over the next 12 months.

Georgios Mouskoundi, Head of Advisory at Dolfin, explained that ETFs are often the most viable way to invest in this sector. But for those who wish to invest in individual companies, Adam stressed the importance of distinguishing between ‘unicorns’ and ‘cockroaches’. Unicorns are the (often publicly hyped) cybersecurity companies that make a lot of money through a single innovation, but may not ultimately sustain long-term growth. A better bet are cockroaches: companies that actually change the industry by constantly improving security solutions.

Unicorns are the (often publicly hyped) cybersecurity companies that make a lot of money through a single innovation, but may not ultimately sustain long-term growth.

Adam Blake, CEO, ThreatSpike Labs

But Adam did have a word of caution for investors: “Long-term improvements in security and financial gains are not necessarily connected.” Alexey had a similar warning, pointing at already extremely optimistic valuations of the industry.