Column: Virus to virus: pandemic to cyber threat


A surge in cyber attacks and ransomware hacks since the start of pandemic lockdowns is alarming for a world of finance moving headlong into digital money and remote working longer term.

The flipside of the digital revolution has always been the inevitable rise in its alter ego of online crime – aping the much-vaunted global reach and potential anonymity of the web and leaching off lax corporate and consumer security.

Some attackers are clearly suspected of being state sponsored, with political motives. But others are simply hyper sophisticated organised gangs such as DarkSide.

The remote working boom during the pandemic has seen a surge in such cyber raids and disruptions on companies, banks and government bodies. Victims this past month alone include Colonial Pipeline, Brazilian meatpacker JBS and Ireland’s national health service.

Ransomware criminals collected almost $350 million last year, up threefold from 2019, according to members of a public-private group called the Ransomware Task Force.

That seems a modest total in global terms but the disruption caused in lost business or public services and the massive spending on cybersecurity defences will be many multiples of that. US government estimates put the bill from attacks such as 2017’s WannaCry hit, blamed on North Korea and targetting hospitals and banks worldwide, into billions of dollars.

Citing different tech industry sources, Fitch credit ratings firm reckons ransomware attacks in particular jumped almost 500% in 2020 – with a quarter of all cyber incidents in legal and finance firms and with global costs estimated at $20 billion. Before the pandemic even hit, the World Economic Forum (WEF) estimated the scale of disruption from cyber crime of all types was running into trillions of dollars.

The WEF’s annual risks report this year had “cybersecurity failure” in the Top 10 Global Risks “by likelihood” – with “extreme weather” and “climate action failure” the top two. And almost 40% of its members saw cyber risks as a “clear and present danger” to the world economy over the next two years.

Washington’s Center for Strategic and International Studies, meantime, documented more than 100 cross-border cyber attacks on governments and corporations worldwide last year alone.

Different kind of virus

But individual corporate risk and loss of data is different from fears of lifelong savings or investments being stolen.

S&P Global ratings firm said banks are key targets as direct sources of finance, because of their key infrastructure role and also their possession of a wide range of sensitive personal data.

“Accelerated digitalization and remote working arrangements have increased the financial sector’s exposure to cyber risks and could lead to more complex cyber attacks that trigger higher losses,” it said, citing poor governance as the big vulnerability and mid-sized US banks with annual revenues of between $10-50 billion as most targeted.

The scale of this problem is clearly multiplying as fast as the digital world itself – and similarly catalysed by the pandemic.

But the additional threat to finance is a huge issue as central banks and governments move into digital money, attempting in part to reclaim the digital money world from cryptocurrencies that have already proven prone to hacking and organised crime.

The mooted rollout of central bank digital currencies (CBDCs) as legal tender over the coming years ups the ante considerably in securing new money. China is already piloting the digital yuan and the European Central Bank said on Thursday it would decide next month on the go-ahead for cyber euro.

“The increased number of central bank touch-points into the economy and the danger of hackers usurping central banks’ role in money creation means the rollout of CBDCs will increase cybersecurity risks,” wrote Fitch analysts Monsur Hussain and Duncan Innes-Ker last month.

The flipside of this enormous potential risk to tens of trillions of dollars worth of CBDCs replacing physical cash around the world is simply ever greater centralised spending on cybersecurity and innovation to keep it safe.

And it’s this trend that some asset managers have already identified.

“Cybersecurity will be key in enabling ‘The Next Big Thing’ themes,” UBS Global Wealth Management’s Chief Investment Officer Mark Haefele wrote last week.

UBS said the size of the global cybersecurity market was some $148 billion last year, growing at an annual clip of about 8% in recent years and set to accelerate to at least 10%. And it fitted neatly into portfolios right now as a ‘defensive’ position within the pricey tech sector, it added.

If digitization of the world economy is inevitable, then keeping it safe will be paramount. This virus risk may not match the disruption of COVID-19 just yet, but investing in equivalent cyber vaccines may be lucrative nonetheless.