08 Jul 2019 3 min read

Cybersecurity and the new Facebook currency

By Aanand Venkatramanan , Howie Li

As tech giants rush into digital currencies and payments, it’s not just consumers who will need to be careful; the likes of Facebook and Apple will have to invest heavily in cybersecurity to guard against the next Stuxnet or WannaCry.

1140-x-413-phone-at-stock-exchange.jpg

Facebook has now revealed the first details of its long-awaited digital currency, which will be called Libra.

Libra is not the first digital currency, nor is it likely to be the last, but what distinguishes it is its potential scale. Not only does Facebook have more than two billion users – which would make it the largest country in the world by population – but 28 other major organisations, including Visa and Uber, are backing the new currency too. Libra will also be pegged to a basket of other currencies, rather than simply ethereal.

All of these advantages augur well for Libra, but we don’t really know yet whether it will become widely adopted or the dominant digital currency – let alone displace traditional currencies.

What we do know, however, is that more and more of our financial life is moving online. Facebook’s move is just the latest in a long series of attempts by businesses to capture this transition. In a different part of this ecosystem, for example, earlier this year Apple sought to consolidate the position of its Apple Pay business by launching a ‘digital first’ credit card.

At the same time, each new corporate venture into this space seems to be followed by news of another major hack. A few days after Facebook introduced Libra, a city in the US had to pay a six-figure ransom to hackers who took over its computer system. The same day that Apple unveiled its new card, it was reported that malware had been installed on more than a million computers through a backdoor.

Taking bits out of Apple

This is not purely coincidence: 100 ransomware attacks take place every 20 minutes, according to Cybersecurity Ventures. Many of these are directed at individuals or smaller businesses, but the dangers are evident at the corporate level too. Since 2005, Bloomberg has recorded almost 200 data breaches worldwide that have affected at least one million records each; 48 of those involved over 10 million records each and occurred within the past five years. On average, there has been a hack that has breached at least 10 million records approximately every 36 days.

This should be particularly alarming for the likes of Facebook and Apple pushing into digital payments and currencies: technology companies have been by some distance the worst hit, with the sector accounting for 63% of attacks in which more than 10 million records were unlawfully accessed.

These breaches cost businesses more than their reputations. Facebook is facing a $1.6 billion fine, and British Airways a penalty of €1 billion. Under the General Data Protection Regulation (GDPR), the fines associated with significant data breaches can now be up to 4% of a company’s revenues – equivalent to billions for large-caps.

These sums are not lost on executives. Forbes has reported that JP Morgan’s budget for cybersecurity was $500 million in 2016 while Bank of America Merrill Lynch’s was $400 million, both huge in their own right but dwarfed by the near $20 billion spent by the US government on cybersecurity in its 2017 budget, according to Nasdaq Global Indexes. Overall, Cyber Security Ventures has estimated that global cybersecurity spending grew by a multiple of 35 between 2004 and 2017 and is set to pass $1 trillion by 2021.

Protect and server

From an investor’s perspective, the money that organisations are devoting to fighting cyber threats clearly creates an interesting opportunity. Yet it is worth bearing in mind that not every cybersecurity provider has the necessary skills or tools to defend against every variety of attack: companies and institutions require data encryption, financial transaction protection, email security, and many more services.

We therefore believe that not only is active bottom-up research essential for identifying the companies specialising in cybersecurity, but that investors can also benefit from investing across a basket of stocks focused on different aspects of this complex ecosystem.

We do not yet know what cyber attacks will be directed at Facebook and its peers as they push further into digital payments and currencies. But we do know that a host of malicious actors will be targeting them. Malware like WannaCry and Stuxnet has now become well known; we hope that the billions being invested in cybersecurity mean we never have to hear the names of any more.

Aanand Venkatramanan

Head of ETF Investment Strategies, Index Funds

Aanand currently works at LGIM within the ETF team that was acquired from ETF Securities in March 2018. He joined ETF Securities as a Director, Quantitative Investment Strategies in May 2017. Prior to that, he worked at Barclays Capital and Goldman Sachs International as a Vice President within their index research and structuring groups respectively, and at University of Sussex as an Assistant Professor in Finance. He has also had a stint as an entrepreneur.

Aanand Venkatramanan

Howie Li

Head of ETFs, Index funds

Howie leads the development and growth of the ETF business. He has been driving the approach to thematic investing within LGIM’s ETFs since 2014 and is an advocate of taking an active approach to investment design. Howie joined LGIM from ETF Securities after the successful acquisition of the Canvas ETF business, which completed in March 2018. During his time at ETF Securities as part of the same ETF business for almost 10 years, Howie was most recently the CEO of Canvas after holding other positions internally. Howie trained and worked at Simmons & Simmons in London, advising the hedge fund industry, and is a qualified solicitor in England and Wales.

Howie Li