Russia-Ukraine Conflict: The Time for Cyber Security is Now

As tensions soar amid the Russia-Ukraine conflict, many experts consider the threat of cyber attacks to be imminent. Cyber attacks on businesses and government agencies have noticeably climbed following Russia’s invasion. Critical infrastructure such as financial institutions, governments, and utilities are all potential targets, and spillover attacks against non-primary targets are expected to become increasingly widespread. Here at ETFMG, we believe the fear of digital warfare will give added impetus to cyber security spending by companies, governments, and individuals.

The Threat of Cyber Warfare

Countries imposing sanctions on Russia have seen an uptick in cyber attacks. For example, Nvidia, America’s largest chipmaker, and Toyota, Japan’s largest automaker, have fallen victim to cyber attacks in the time since the invasion began.[1]^,[2] While purportedly unrelated to the Eastern European conflict, both the US and Japan had recently levied significant sanctions against Russia prior to the attacks. Opportunities for retaliation against such sanctions appear limited for Russia; however, history has shown us that cyber warfare is an area they are proven to be skilled. Just this past week, the US charged four Russian government officials over two major cyber attacks against the global energy sector that affected computers in 135 countries between 2012 and 2018.[3]

Governments Issue Warnings

The deepening crisis has prompted government agencies across the globe to issue precautions regarding increasing cyber risk. President Joe Biden noted the heightened threat and urged American businesses to bolster their cyber defenses. Echoing the sentiment, FBI Director Christopher Wray has advised that the FBI is “concerned” with the potential threat of Russian cyber attacks against critical domestic infrastructure.[4] Across the pond, the UK’s National Cyber Security Centre issued an advisory, prompting organizations to take action to improve their online defenses.[5] The Australian Cyber Security Centre has also urged businesses to take immediate steps to increase their cyber security safeguards.

Monetary Threats of Cyber Attacks

Cyber security has always been a concern for individuals, corporations, and governments. However, the current conflict is exacerbating the broader trend of attacks as they continue to increase in size, volume, and sophistication. This poses major financial, reputational, and legal risks for the agencies targeted. According to security provider SonicWall, ransomware attacks climbed an unprecedented 105% year-over-year in 2021 to a total of 623.3M attacks. Encrypted threats increased 167% year-over-year to 10.1 million, almost as many as 2018, 2019, and 2020 combined.[6]

According to the Hiscox Cyber Readiness Report, monetary damages caused by cyber attackers are on the rise. In fact, losses attributing to cyber security concerns have increased nearly sixfold, up from a median cost of $10,000 in 2020 to $57,000 in 2021 per organization. Firms responded to growing risks by increasing their cyber security investments by 39%.[7] Despite this increase in security investments, nearly 80% of IT leaders still lack confidence in their company’s digital security.[8] As threats become more prominent, the budget behind cyber security can be expected to grow. Cyber Security Ventures anticipates global cyber security spending will grow 15% year-over-year from $262 billion in 2021 to $460 billion in 2025.[9]

Investment Implications

The current geopolitical turmoil has significant investment implications. While the war has suppressed risk appetite as seen by sell-offs in equities, and prominently in the technology sector, cyber security firms have outperformed since the beginning of the war.

HACK tracks the Prime Cyber Defense Index (Ticker: PCYBER), which has been constructed as a comprehensive and diversified vehicle for access to the cyber security space. The pureplay exposure to the theme tracks the performance of key players that aren’t accessible with broad market ETFs. For example, using holdings from 3/24/22, the overlap between PCYBER and the Technology Select Sector SPDR Fund (Ticker: XLK) was only 3.84%. PCYBER seeks to track leading and emerging companies within the cyber security ecosystem and is uniquely poised to benefit from the industry’s expansion. Companies of note in the space are Zscaler Inc,[10] Cloudflare,[11] and CrowdStrike Holdings.[12] Zscaler provides its global client base with web and mobile security, threat protection, and other networking solutions. In its latest quarterly results, the company announced 63% year-over-year revenue growth, 59% year-over-year billings growth, and 90% year-over-year growth in Remaining Performance Obligation (RPO).[13]^,[14] Cloudflare’s systems enhance the performance and security of its 140,000 customers across the globe. From 2019 to 2021, the company reported a 51% CAGR in total revenue as well as a 64% CAGR in large customers.[15] CrowdStrike’s Triton platform leverages Artificial Intelligence to protect its clients from cyber attacks. In 2021, the company completed a $400 million dollar acquisition of leading cloud log management provider Humio.[16] The company’s growth plans don’t end there. Just this month, the company announced it is expanding its existing partnership with Cloudflare, integrating their platforms to provide joint customers with Zero Trust security to their devices, applications, and networks.[17]

To learn more about HACK, the world’s first ETF to target companies providing cyber security solutions, visit: etfmg.com/HACK.

Companies mentioned in this article may or may not be current holdings in any of the Funds managed by ETF Managers Group LLC. Holdings are subject to change without notice.

Carefully consider the Fund’s investment objectives, risk factors, charges, and expenses before investing. This and additional information can be found in the Fund’s prospectus, which may be obtained by calling 1-844-ETF-MGRS (1-844-383-6477), or by visiting www.etfmg.com/HACK. Read the prospectus carefully before investing.

Investing involves risk, including the possible loss of principal. Shares of any ETF are bought and sold at market price (not NAV), may trade at a discount or premium to NAV and are not individually redeemed from the Fund. Brokerage commissions will reduce returns. Narrowly focused investments typically exhibit higher volatility. The fund is concentrated in technology-related companies that face intense competition, both domestically and internationally, which may have an adverse effect on profit margins. Such companies may have limited product lines, markets, financial resources or personnel. The products of such companies may face obsolescence due to rapid technological developments, frequent new product introduction, unpredictable changes in growth rates, competition for the services of qualified personnel, and competition from foreign competitors with lower production costs. Technology companies are heavily dependent on patent and intellectual property rights. The loss or impairment of these rights may adversely affect the profitability of these companies. Investments in foreign securities involve political, economic and currency risks, greater volatility and differences in accounting methods. The Funds are non-diversified, meaning they may concentrate its assets in fewer individual holdings than a diversified fund. Investments in smaller companies tend to have limited liquidity and greater price volatility than large-capitalization companies. Diversification does not assure a profit or protect against a loss in a declining market. The Fund’s return may not match or achieve a high degree of correlation with the return of the Prime Cyber Defense Index. To the extent the Fund utilizes a sampling approach, it may experience tracking error to a greater extent than if the Fund had sought to replicate the Prime Cyber Defense Index.

The Fund is distributed by ETFMG Financial LLC. ETF Managers Group LLC and ETFMG Financial LLC are wholly owned subsidiaries of Exchange Traded Managers Group LLC (collectively, “ETFMG”). ETFMG is not affiliated with Prime Indexes.

The Fund is intended to be made available only to U.S. residents. Under no circumstances is any information provided on this website intended for distribution to or use by, or to be an offer to sell to or solicitation of an offer to buy the Fund or any investment product or service of, any person or entity in any jurisdiction or country, other than the United States, where such distribution, use, offer or solicitation would subject the Fund or its affiliates to any registration requirement or be unlawful under the securities laws of that jurisdiction or country.

[1] https://arstechnica.com/cars/2022/02/toyota-shuts-down-all-japanese-production-after-being-hacked/

[2] https://techcrunch.com/2022/03/04/nvidia-ransomware-hackers-demands/

[3] https://www.theguardian.com/world/2022/mar/24/us-charges-russian-hackers-cyber-attacks

[4] https://abcnews.go.com/Politics/fbi-concerned-russian-cyberattacks-critical-us-infrastructure-wray/story?id=83604956

[5] https://www.ncsc.gov.uk/news/organisations-urged-to-bolster-defences

[6] 2022 SonicWall Cyber Threat Report

[7] Hiscox Cyber Readiness Repot 2021

[8] Cybersecurity at a Crossroads: The Insight 2021 Report

[9] https://cybersecurityventures.com/cybersecurity-spending-2021-2025/

[10] As of 4/6/22 Zscaler represented approximately 4.24% of the Fund’s assets.

[11] As of 4/6/22 Cloudflare represented approximately 4.98% of the Fund’s assets.

[12] As of 4/6/22 CrowdStrike Holdings represented approximately 4.95% of the Fund’s assets.