Following Russia's attack on Ukraine, we are facing a change of tide, or - as some geostrategists claim - a reorganization of the European security architecture. In any case, it is a turning point for many younger people who grew up with the fall of the Berlin Wall in 1989 and who were counting on the eternal peace dividend. They are now shocked to realize that freedom has to be fought for anew every day and that freedom does not come for free.

However, in the 21st century, wars are no longer only fought with state-of-the-art military equipment such as missiles, tanks and drones, but also take place digitally. This is because both our infrastructure and our daily lives are becoming increasingly dependent on the internet and digital media.

Cybersecurity losses run into the billions

Never before have cyber attacks endangered companies as much as they do today. According to "Cybersecurity Ventures", the global damage caused by cybercrime amounted to 6 trillion US dollars in 2021 - with a strong upward trend: according to experts, the sum could rise to over 10 trillion US dollars in the coming years. It is worth mentioning that only the larger or more specific cyberattacks make it into the press and thus into the public consciousness. A fitting example is a cyberattack by the group "REvil", which hacked the US company Kaseya. This attack led to the Swedish supermarket chain Coop having to temporarily close the majority of its stores because the billing systems were no longer functional. The ransom demand at the time amounted to 70 million US dollars in Bitcoin. What is even more remarkable is that the group of hackers had already been successful shortly before the attack and in this way captured 11 million US dollars in bitcoins as a ransom from the US subsidiary of the world's largest meat company JBS.

According to a study by Bitkom Research, the total economic damage caused by cyber attacks in Germany amounted to 223 billion euros last year - a figure with a high number of unreported cases and significantly higher real losses. Reason enough for companies, private individuals and even governments to invest more money in IT security.

Cybersecurity in the field of tension of digital warfare

Shortly before Russia's invasion of Ukraine, I read an article from 'Der Zeit' entitled "Unfähig zum Krieg" (Unable to wage war), published in November 1989, exactly after the fall of the Berlin Wall. In his analysis at the time, the author comes to the conclusion that "a nuclear war is generally considered unmanageable among reasonable people". However, a conventionally waged war is just as threatening. "The example of the Second World War is no longer suitable for illustration." The situation has "changed qualitatively" in recent decades and "today we are surrounded by a potential danger of a dimension that threatens our very existence. Chemical factories and nuclear power plants, for example, stand ready in great density to be 'ignited' by an attacker in the event of war. Tanks and pipelines for gas and oil supplies can multiply the destructive power of conventional weapons aimed at them".

Now, more than 30 years later, these analyses seem more relevant than ever, not to say a blueprint for the current war in Ukraine. But in the last 30 years, there has been another "qualitative change": the digital networking of our infrastructure and our lives. We are all connected to the internet and electronic devices, all of which require electricity. Without electricity, we are helpless and defenceless. Russia not only has a highly equipped military, but also has us in the palm of its hand when it comes to raw materials for energy production.

And it's not just companies that are victims of cyber criminals. In spring 2021, there was a threat of a supply crisis for petrol, diesel, kerosene and other petroleum products in the east of the USA. The reason for this was a hacker attack on the country's largest petrol pipeline; the Colonial Pipeline even had to shut down for a few days. Hospitals are another example of critical infrastructure that is targeted by hackers. These have increasingly been the target of cyberattacks, especially since the start of the coronavirus pandemic. In September 2020, for example, the emergency department at Düsseldorf University Hospital had to work with pen and paper because the computer system had stopped working. The ward was unable to work properly for a whole 13 days because the computer programs could no longer be started properly.

These examples clearly show how vulnerable our infrastructure and supply systems have become due to digitalized processes. SMEs in particular are often the target of cyberattacks, as they have often neglected to set up an IT security structure. This is particularly dangerous, as insurance companies are only willing to insure against potential damage if they have an adequate cyber security concept. This means that SMEs are also forced to upgrade accordingly.

According to the German Federal Office for Information Security (BSI), a good 20% of companies' IT budgets should be spent on security services. A figure that seems very ambitious in view of the fact that half of companies currently only spend between one and ten percent to protect themselves against risks. However, it is not only SMEs that are confronted with the need to increase spending. The German government is also successively increasing its spending on digitalization, which inevitably entails increased spending on IT security. This could lead to the market for IT security continuing to grow strongly. According to the market research company IDC, the market for IT security services in Germany alone recorded growth of 9.6% last year. Further sales growth of 9.9% is expected for 2022. IT service providers will naturally benefit disproportionately from the higher expenditure.

Industry 4.0 context

Industrial companies are under strong pressure to transform in the direction of digitalization. Information technology (IT) is increasingly merging with operational technology (OT). The use of communication protocols such as OPC UA and MQTT combined with industrial Ethernet networks based on the TSN standard is leading to a new abundance of data traffic. However, this also creates new security vectors and opportunities for attacks. When it comes to security, companies are therefore well advised to pay attention to how comprehensively the factory floor should be connected to the IT systems above it. Other questions are: Should the production facilities be sealed off from the outside and all systems secured or only parts of them?

The author: Thomas Rappold is a technology investment expert, FinTech entrepreneur and international bestselling author

© Thomas Rappold

The state of cybersecurity companies and stocks

The IT security sector is highly complex and must constantly adapt to the new tricks of cyber criminals. Navigating the jungle of terms such as 'Distributed Denial of Service' attacks (DDoS) or 'Cross Site Scripting' requires expertise. Even when an industry is growing strongly, consolidation can occur and former investor favorites can be left behind by companies that hardly any investors had previously paid attention to. It is one thing to recognize a trend, but it can be quite another to find the best companies within a trend. This is where thematic certificates can help. The Cyber Security Performance Index was created to save potential investors the trouble of analyzing and identifying interesting stocks. This offers the opportunity to participate almost one-to-one in potential price gains, but also in potential losses.