Russian Cyberattacks – A Likely Catalyst for Cybersecurity Spending
Entering 2022, Gartner estimated spending on information security and risk management will total $172 billion in 2022, up from $155 billion in 2021 and $137 billion the year before. According to PwC’s 2022 Global Digital Trust Insights report, “investments continue to pour into cybersecurity” given the expected surge in reportable incidents in 2022 compared to 2021. According to findings from Kaspersky, 86% of IT decision-makers in North America said their organization intends to set aside budget dollars for cybersecurity when planning for 2022 while 85% said their budget would increase anywhere up to 50% in the next 12 months. That suggests Gartner’s forecast for 2022 spending could prove conservative, but developments in recent days could very well be a catalyst for even greater cybersecurity spending in 2022.
Following Russia’s attack on Ukraine that prompted multiple rounds of sanctions by the US, UK, and EU, reports suggest possible retaliatory cyberattacks by Russia as "consequences" for nations that interfere with its invasion of Ukraine. Those attacks would follow recent cyberattacks against Ukrainian government websites and affiliated organizations that included data-wiping malware that infected hundreds of computers including in neighboring Latvia and Lithuania. According to, Symantec Threat Intelligence the data-wiping malware targeted organizations in the financial, defense, aviation, and information technology industries.
According to the PwC report, “Organizations know that risks are increasing. More than 50% expect a surge in reportable incidents next year above 2021 levels.” But that was before Russia invaded Ukraine and the Department of Homeland Security issued a warning to American businesses to be prepared for potential cyberattacks from Russia. Potential targets include U.S. banks, power plants, water treatment facilities, and communications as well as satellites used for GPS navigation, farming, automation, and oil exploration.
One of the key drivers of cybersecurity spending in the coming years is the IoT market, which will lead to a proverbial explosion in the number of connected devices, offering bad actors a similar explosion in new attack vectors. Even as that market develops, the growing global shift to digital commerce, online banking, digital medical records, and the digitization of other aspects of our lives means consumer data is potentially vulnerable in an attack, Russian or otherwise.
What is unique about cyber security is that both sides of the battle need to be investing in both defense and offense. Further, it’s not just nation-states that can join the fight as indicated by the following tweets:
,
It is clear to us that cybersecurity is a vital element of personal, corporate, and sovereign protection given that Russia began this invasion of Ukraine with cyberattacks on command structures, banking, and utilities. It is also clear to us that the companies that provide these defensive tools should have suitable representation in investors’ allocation strategy.