Download the article here Download PDF

Cybercrime is vast and growing

As hackers continue to grow in ambition and sophistication, the risks and costs of cybercrime are rising. Indiscriminately, governments, powerful institutions, big business and individuals have all proved vulnerable, with US President Joe Biden identifying cybercrime as a "core national security challenge".

In May 2021, cybercriminals took a key US pipeline offline due to a lack of a multifactor authentication technology in place and demanded a multi-million US $ ransom. ¹  The hack on US infrastructure also caused the closure of key conduits delivering fuel from Gulf Coast refineries to major East Coast markets. ²  Only 5 months later, in October 2021, Amazon.com’s live streaming e-sports and TV platform Twitch was attacked during a routine maintenance change of its IT infrastructure, resulting in the in the theft of highly sensitive personal and corporate data, including future product development plans. Unfortunately, it was not the first time the company had been attacked. ³

Governments, along with corporates, recognise their secrets and security are at stake, as well as their finances and the ability to compete on the global stage. Such is the severity of the risk that the Biden administration formed a taskforce of government and leading cyber security representatives to strengthen the nation’s cybersecurity.

For the criminals and rogue states that perpetuate cybercrime, the rewards are high. The cost of stealing a new design for a plane or drug is a small fraction of the cost and time to develop one. Take for example the global race to develop a COVID-19 vaccine. In December 2020, US biopharmaceutical company Pfizer, and its German partner BioNTech, revealed that documents relating to its COVID-19 vaccine had been unlawfully accessed in a hack on the European Medicines Agency (EMA). ⁴  And yet there is little to deter cybercriminals from such activities, at present penalties for cybertheft are still relatively low compared to other crimes. Consequently, the "supply" side remains high, while companies and governments fight to catch up. Cybersecurity, via its breadth of available and evolving solutions, is part of the solution to this enormous challenge.

The financial impact of cybercrime

The value of cybercrime is currently USD 6 trillion and expanding at 15% a year, with predictions that it will rise to USD 10.5 trillion by 2025. ⁵  At current levels, that places it just behind the economies of the US and China in terms of size (based on annual GDP data for 2020), making cybercrime one of the largest and fastest-growing enterprises in the world.

Source: World Bank - OECD as of October 2021 https://data.worldbank.org/indicator/NY.GDP.MKTP.CD?locations=CN-US&most_recent_value_desc=true

The digitalisation challenge

Digitisation has become a megatrend, with 7.8 billion people around the world increasingly connected. It makes our lives easier, from our work to our leisure time; we are "always on".

For many businesses digital transformation is an operational necessity, ensuring connectivity between staff and consumers, improving productivity and helping them retain competitiveness. However, the move to cloud computing also has created new vulnerabilities. It means sensitive and personal data is everywhere. Businesses especially need to ensure that they have the cybersecurity infrastructure in place to protect themselves and their customers.

Where that protection fails, the impact is significant, and goes far beyond financial loss. The consolidated average cost of a data breach in 2020 was USD 3.86 million (which represents an increase of 11% in security breaches since 2018), and it takes 207 days on average to identify. ⁶ Cybercrime can result in substantial and long-term damage to companies and, at worst, in the loss of their customers, investors and reputations.

Reputational damage: selected data losses greater than 30,000 records

Source: Momentum Cyber; Information is Beautiful: World's Biggest Data Breaches and Identity Theft Resource Center (ITRC): 2018 Annual Data Breach Year- End Review. Information as of April 2021.https://www.informationisbeautiful.net/visualizations/worldsbiggest- data-breaches-hacks/

If we consider what is at stake, the challenge laid down by cybercriminals is enormous; but it also brings with it opportunities for those equipped with the tools to keep people and data safe. Estimates suggest that the trillion-dollar cloud transformation alone could generate an incremental USD 100 billion opportunity for the cybersecurity industry. The cybersecurity market is expected to grow at a rate of 12.6% p.a. between 2020 and 2030. ⁷ Cybersecurity companies are growing rapidly because they help to solve this huge problem, evolving their security solutions at the same pace or even faster than the attacks evolve.

Top areas where security leaders are increasing their investment

Source: Team8: 2021 Cybersecurity Brief, as of 26 January 2021

Multiple means, multiple targets, multiple fronts

Cybercriminals have a variety of approaches, leaving multiple pressure points for individuals and organisations. At a headline level, identity theft is where criminals steal personal data such as your name, date of birth, telephone number and address; but they find different ways to do this. They may do this via an "account takeover", obtaining use of an eMail account to send "phishing" eMails – phising is the attempt to obtain data, such as bank or credit card details, by means of fake eMails or websites.

Approaches may also take the form of a "jailbreak", which removes usage restrictions on Apple devices without the user being authorised to do so. Likewise, a "keylogger" is hardware or software that records entries made on the keyboard, allowing cybercriminals to get hold of passwords."Trojans", one of the oldest and most common forms of malware, are often installed by opening unknown file attachments and unintentionally downloading software via manipulated websites.

Organisations need to fight additionally on multiple fronts. "Botnets", for example, are networks of computers controlled by a server. The computers can be infected with malware, and then will be controlled and misused for criminal purposes without the owners' knowledge. "Denial-of-service" (DoS) attacks, another common approach by cybercriminals, are directed against web servers to overload them, thereby disrupting website access. This is particularly devastating for digital retailers. And finally, "ransomware", a term that has been in the news quite frequently, is malware that encrypts data and systems so that they can no longer be accessed. These are then only released again upon payment of a ransom. This is a form of "digital blackmail".

While the sophistication of cyber threats is ever evolving, it is human behaviour that is often the weakest link for companies and something that cybercriminals often take advantage of. Among the vulnerabilities that contribute significantly are:

• opening a phishing eMail or using infected USB sticks
• the use of factory passwords on network routers
• the reuse of private passwords for professional applications
• writing down entire access data in text files or eMails.

These popular gateways are vivid and common examples of how easy it is for malware to get into the system.

Multiple layers of security

Source: AllianzGI 2021

Innovation in security

Companies, such as ZScaler Inc., are leading the charge on zero trust adoption, a concept that works on the premise that devices should not be trusted by default - neither inside nor outside a company’s security perimeter. ZScaler has been a first mover in cloud security and has created a new market with an innovative product umbrella and strategic focus. It is a good example of how a new player can emerge and disrupt the competitive landscape. Global research and advisory firm Gartner estimates that the identity and access management market focused on user access-related security was USD 9.8 billion in 2019 and could reach USD 14 billion in 2024. ⁸  This market is comprised of the three areas: access management software, identity governance and administration software, and privileged access management software.

There has been huge innovation in the use of artificial intelligence (AI) and data to monitor behaviour and prioritise work for cybersecurity customers. This is driving the success of companies such as CrowdStrike. FireEye took the recent decision to refocus on services and consulting to help customers prioritise alerts and define priorities. Companies that can do this can add services offerings to their customers and grow customer revenue per account successfully, and this is a key theme for many cyber security customers. They are not only trying to identify problems but to help customers fix them.

Cloud-computing is a significant growth segment within cybersecurity. Gartner’s forecast for the next-generation network and cloud security segment calls for 42% growth annually, from approximately USD 1.9 billion in 2019 to roughly USD 11 billion by 2024 ⁸. The corporate perimeter has expanded beyond the internal network into hybrid infrastructures consisting of on-premises data centres, public/private cloud instances and SaaS applications.

Where next?

Decreasing global birth rates and pending labour shortages will force companies to invest in technology to boost productivity. The cyber security industry is not immune to the reducing labour pool with President Biden placing an emphasis on solving the cyber security skills shortage within his taskforce. However, to overcome future challenges, enhanced technological solutions will be required and this will provide a tail wind to solutions such as cloud, software-as-a-service, artificial intelligence and cyber security.

Cybercrime is a vast and rapidly growing problem, and it will continue to be one for the foreseeable future. However, those companies that can provide solutions to tackle the everevolving, 24 hours x 365 days a year, threat are in a powerful position to take advantage of the opportunity as governments, organisations, and individuals turn their attention to fixing it.

The performance of the strategy is not guaranteed, and losses remain possible.

Securities mentioned in this document are for illustrative purposes only and do not constitute recommendation or solicitation to buy or sell any particular security. These securities will not necessarily be comprised in the portfolio by the time this document is disclosed or at any other subsequent date.

¹  https://BBC.co.uk/news/business-57050690
²   https://Reuters.com/business/colonial-pipeline-ceo-tells-senate-cyber-defenses-were-compromised-ahead-hack-2021-06-08/
³  https://CNBC.com/2021/10/06/twitch-hack-amazons-video-site-breached-exposing-future-product-plans.html https://BusinessInsider.com/twitch-got-hacked-2015-3?r=US&IR=T
⁴  https://BBC.co.uk/news/technology-55249353
⁵  https://GlobeNewWire.com/news-release/2020/11/18/2129432/0/en/Cybercrime-To-Cost-The-World-10-5-Trillion-Annually-By-2025.html
⁶  Varonis: 134 Cybersecurity Statistics and Trends for 2021 (March 2021) https://Varonis.com/blog/cybersecurity-statistics/
IBM Security, "Cost of a Data Breach Report" (July 2020) https://Capita.com/sites/g/files/nginej291/files/2020-08/Ponemon-Global-Cost-of-Data-Breach-Study-2020.pdf
⁷  Businesswire: Global Cyber Security Market (2020 to 2030) - by Component, Security Type, Deployment, Enterprise, Use Case and Industry - ResearchAndMarkets.com, November 2020: https://BusinessWire.com/news/home/20201119005835/en/Global-Cyber-Security-Market-2020-to- 2030---by-Component-Security-Type-Deployment-Enterprise-Use-Case-and-Industry---ResearchAndMarkets.com
⁸  Canaccord Genuity, February 2021, Industry update: IoT, Security & Communications Software. Gartner Information Security Forecast 4Q20

Investing involves risk. The value of an investment and the income from it may fall as well as rise and investors might not get back the full amount invested. The views and opinions expressed herein, which are subject to change without notice, are those of the issuer companies at the time of publication. The data used is derived from various sources, and assumed to be correct and reliable at the time of publication. The conditions of any underlying offer or contract that may have been, or will be, made or concluded, shall prevail. The Management Company may decide to terminate the arrangements made for the marketing of its collective investment undertakings in accordance with applicable de-notification regulation. The duplication, publication, or transmission of the contents, irrespective of the form, is not permitted; except for the case of explicit permission by Allianz Global Investors GmbH.

For investors in Europe (excluding Switzerland)
This is a marketing communication issued by Allianz Global Investors GmbH, www.allianzgi.com, an investment company with limited liability, incorporated in Germany, with its registered office at Bockenheimer Landstrasse 42-44, 60323 Frankfurt/M, registered with the local court Frankfurt/M under HRB 9340, authorised by Bundesanstalt für Finanzdienstleistungsaufsicht (www.bafin.de).

The Summary of Investor Rights is available in English, French, German, Italian and Spanish at https://regulatory.allianzgi.com/en/investors-rights

Allianz Global Investors GmbH has established branches in the United Kingdom, France, Italy, Spain, Luxembourg, Sweden, Belgium and the Netherlands. Contact details and information on the local regulation are available here (www.allianzgi.com/Info).

For investors in Switzerland
This is a marketing communication issued by Allianz Global Investors (Schweiz) AG, a 100% subsidiary of Allianz Global Investors GmbH.

AdMaster: 1855413