As cybersecurity threats multiply, ransomware attacks have emerged as an increasingly prevalent and costly hazard for all types of businesses in Australia.

Whether it is attacking critical infrastructure, the computer systems of giant multinationals, taking from small businesses or targeting vulnerable members of the community, cybercriminals use ransomware to do Australians real and long-lasting harm.

Ransomware is a type of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.

“Ransomware gangs have attacked businesses, individuals and critical infrastructure right across the country,” Karen Andrews, the Minister for Home Affairs said.

“Stealing and holding private and personal information for ransom costs victims time and money, interrupting lives and the operations of small businesses.”

Wealth, work from home, draw attacks in Australia

Globally, it is estimated that there is a ransomware attack on a business every 11 seconds¹. In Australia, according to the Australian Cyber Security Centre (ACSC), there was a 15% increase in ransomware cybercrime reports in the 2020–21 financial year.

Over the fiscal year Australian organisations reported losses of more than $33 billion from cybercrime, according to the ACSC.

Australia’s relative wealth, high levels of online connectivity and increasing delivery of services through online channels make it extremely attractive and profitable for transnational, organised cybercrime syndicates to target.

The COVID-19 pandemic has further exacerbated the cyber threat by forcing organisations to rapidly extend their operational systems to accommodate remote staff work arrangements.

Rising cybersecurity spend lures investors

However, this rise in demand for cybersecurity services to protect against the growing ransomware threat does offer an investment opportunity for those looking to ride this new wave of business spending.

Exchange traded funds specialist Betashares has tapped into this demand by offering a Global Cybersecurity ETF which gives investors exposure to leading players in the global cybersecurity sector, including Oracle and CrowdStrike. The ASX-listed ETF tracks the Nasdaq Consumer Technology Association Cybersecurity Index.

Known by its ASX code as HACK, the ETF posted a return after fees of 26.6% in the 12 months to December 31, 2021, which was slightly lower than the index it tracks. As with other thematic ETFs, HACK provides a “satellite” exposure for a portfolio, in this case focused on the rise in spending to combat cybersecurity threats.

Fortune Business Insights forecast the global market would grow from $US165.78 billion in 2021 to $US366.1 billion in 2028².

Small but growing local companies

When it comes to directly investing in Australian-listed cybersecurity companies, the local market hosts a growing number of small cap stocks focused on aspects of the cybersecurity.

Many are too small yet to be rated by analysts at broking firms but are, nonetheless, aiming for a slice of a global market. AustCyber noted in a 2021 report³ that Australian firms generated $3 billion in sales from the domestic market and $600 million from the international market. The report showed that local firms had attracted more than half the spending on cybersecurity in Australia in 2020, including $500 million for mid-tier firms such as the ASX listed Tesserent. 

Tesserent (ASX:TNT), Australia’s largest ASX-listed cybersecurity provider, is considered a pure-play cybersecurity stock.

It offers “Internet security-as-a-service”, including anti-malware/spyware, intrusion detection, and security event management. Customers are both local and international; and range from governments and corporations to educational institutions.

Investors in the Victorian-based company did not have a great 2021 with the share price starting 2021 at around 33.5c and ending the year at 17c for a near-50% loss, despite the stock’s inclusion in the All Ordinaries Index.

However, at the end of 2021 the company did complete two key acquisitions – the IT security firms Pearson Corp and Claricent. It also announced a cybersecurity partnership with specialist network solutions provider Vocus, also in December, potentially setting itself up for a better 2022.

Government action to support spending

The risks of cyber-attacks and particularly ransomware threats at a personal, government and corporate level pose a security threat greater than at any previous time.

These threats have now reached a point where even the Federal Government has begun to act. It announced last October it was developing a Ransomware Action Plan as part of its $1.7 billion overall cyber security strategy.

The Government has also begun developing a mandatory ransomware incident reporting regime to enhance its understanding of the threat and enable better support to victims of ransomware attacks. This is designed to benefit, not burden small businesses.

This is all likely to power potentially long-term demand for those companies with strong, unique and comprehensive IT security solutions for many years to come.

^{1 Ranswomware: The True Cost to Business, A Global Study on Ransomware Business Impact, Cybereasons, June 2021.}

^{2 Cyber Security Market Size, Share, Growth | Trends Analysis 2028 (fortunebusinessinsights.com)}

^{3 SCP - Chapter 1 - The Australian cyber security sector today | AustCyber}