A relentless set of headlines about cybercrime and hacking attacks on firms will continue to put wealth managers on alert for threats to clients and their own firms.

Annual total costs of cyber attacks on firms are estimated to be as high as $3 trillion and high-profile cases come to light almost daily - it is therefore no wonder the threat of “cybergeddon” is a major concern for financial services, among other sectors.

In one of the latest surveys tracking what executives think about the risks, a survey by the CNBC television network showed that cases such as the recent hacking attack on the Talk Talk telecoms firm showed that CEOs and business executives are now “extremely concerned” about the issue. Some 82 per cent of business leaders said shortcomings in mobile data privacy and security worry them.

The stakes are high for private banks that have, in recent years, made a big point about launching mobile platforms for clients, or outsourced certain operations to remotely-hosted platforms – the “cloud”. Usage of mobile platforms is certainly expanding. CNBC, for example, said the variety and volume of news and business content consumed on mobile devices has increased across the board between 2014 and 2015, with access to “news feeds” registering the highest growth for smartphones (45 per cent to 60 per cent). With ever-rising usage, the risks increase.

Fear about the threat has been a factor in wealth management for some time. Over a year ago, this publication spoke to figures in the industry about the scale of the problem and what can be done about it. (See the article here.) Banks have been hit: for example, JP Morgan stated last year that up to 76 million (yes, million) accounts had been affected by an attack although no evidence of loss was established. In Asia, the Hong Kong Monetary Authority regularly warns the public of fake emails and websites seeking to lure people into divulging private data. 

One survey that caught the eye recently is by US-based Tenable Network Security, a network monitoring business; it produced a “scorecard” based on how 504 information security practitioners in firms with 1,000 or more staff ranked how well prepared, or ill-prepared, firms in different sectors and regions are. 

Global cybersecurity earned an overall score of 76 per cent, which Tenable Network Security said equated to a “C” average, a result the firm says is “underwhelming”. Almost 40 per cent of respondents said they feel “about the same” or “more pessimistic” about their organisations’ ability to defend against cyber attacks compared to last year.

In particular, the report showed industry worries about cloud computing. Respondents consistently cited cloud applications (graded D+) and cloud infrastructure (D) as two of the three most challenging IT components for assessing cybersecurity risks. And mobile devices got a lowly D rating.

In country terms, the US had the highest “overall cybersecurity report card” of B-, or 80 per cent, while Australia is at the bottom, at D+, or 69 per cent; Singapore rates a C-, at 72 per cent, and the UK rates at C, or 74 per cent. Also of interest to wealth managers is that financial services fares relatively highly for perceptions about preparedness against hackers, with a rating of B-, or 81 per cent, equalled only by telecoms and technology. Lowest is education, at D, or 64 per cent.

Tenable came up with its rankings by analysing answers to a 12-question web-based survey to provide a rating on a five-point scale. By adding together the two most-favourable responses (e.g., strongly agree + somewhat agree) for each question, and then averaging together associated responses, two summary indices were derived. The Risk Assessment Index measured an organisation’s ability to assess cybersecurity risks across 10 key components of enterprise IT infrastructure.

Analysts at Bank of America Merrill Lynch have produced some eye-popping data on the scale of the threat. There are 80-90 million cyber attacks per day and around 400 new threats every minute, and 70 per cent of those attacks go undetected. On the cost side, US corporates alone face an annual bill of $575 billion. On a global basis, that is around $3 trillion. 

Opportunities
However, touching on the point that one person’s misery can be another’s gain, the BoA Merrill study says there is now a $75 billion market – seen growing to up to $170 billion by 2020 – in anti-cybercrime firms.

Recently, Fabiano Vallesi, a “next generation” research analyst at Julius Baer, spoke of how expected surges in company cyber protection efforts will boost the security sector. 

“For the longer term, we believe that a number of secular trends (connectivity, cloud computing adoption etc.) are likely to keep growth trajectory for the security sector substantially above average. Median sales growth estimates for the sector points to a 13 per cent sales growth for the next three years, much higher than the past three-year median of 8 per cent. However, we recommend investors to take a diversified approach due to high volatility of software names and as the industry is in a constant arms race against attackers, leading to swift changes in technology leadership,” he said.

And perhaps one of the markers of an investment trend is when there is an exchange traded fund for it. In September, the ETF Securities Cyber Security ETF started trading on the London Stock Exchange. This ETF tracks businesses such as Japan’s FFRI INC, UK anti-virus firm Sophos and Cisco Systems, the US tech firm.

Cybercrime is a threat and a cost – but for some canny investors, also an opportunity.