The migration to remote working over the past year has coincided with a sharp increase in cyber crime. JBS of Brazil, the world’s biggest meat processor, is the latest high-profile victim of a ransomware attack. The White House implicated an unnamed Russian gang, as factories reopened.
Last month hackers shut down the 5,500-mile US fuel distribution system run by Colonial Pipeline. This triggered gas and jet-fuel shortages, panic buying and the payment of a $4.4m ransom.
Ransomware attacks pose an operational threat to supply chain businesses that makes traditional low-level data theft look puny by comparison. Crooks typically extort payments via system lockups. Attacks rose 150 per cent in 2020, according to Group-IB, a security firm. The average ransom payment increased more than 300 per cent.
Some experts blame cyber insurance policies for the proliferation of ransomware attacks. Premiums are already spiralling upwards, even as insurers write tougher contracts.
Ultimately, insurers will benefit from an expanded market, even if they are paying out more claims now. Cyber security groups are the other beneficiaries. Corporate spending on online security is expected to hit $150bn this year, compared with $113bn in 2018.
In the US, public market investors have piled into the likes of CrowdStrike, Cloudflare and Palo Alto Networks. In the latest quarter these businesses lifted revenues by 74 per cent, 51 per cent and almost 25 per cent respectively. Shares in the three cloud cyber security companies hit new highs this year. They all trade at lofty ratios of enterprise value to sales.
Just this week private equity group Symphony Technology struck a deal to buy cyber security firm FireEye’s products business for $1.2bn in cash. Symphony also snapped up McAfee’s enterprise business for about $4bn in March. In 2019, chipmaker Broadcom bought the enterprise business of Symantec, another big cyber security business, for about $10.7bn.
The cyber security industry is still highly fragmented. Consolidation will not be driven by cost savings alone. Wider client bases should help cyber security groups spot and counter new threats faster. But the war between hackers and business will be eternal.
If you are a subscriber and would like to receive alerts when Lex articles are published, just click the button “Add to myFT”, which appears at the top of this page above the headline