The Hack Effect: The Effect of Data Breaches on the Nasdaq CTA Cybersecurity Index

[InfoSec News <alerts () infosecnews org>]

https://www.nasdaq.com/article/the-hack-effect-the-effect-of-data-breaches-on-the-nasdaq-cta-cybersecurity-index-cm1167886

By Nasdaq
June 24, 2019

Cybercrimes have become more prevalent in the last few years as people, 
corporations, and governments become increasingly digitized. According to 
Bloomberg, there have been 195 data breaches worldwide that have been 
reported (some of which go all the way back to 2005), where at least 1 
million records were breached in some way1. Of those 195 that made 
widespread headlines, there were 48 instances where over 10 million 
records were breached over the last 5 years. On average, there has been a 
hack approximately every 36 days where at least 10 million records were 
breached. The periodicity of these hacks show that data breaches have been 
recurrent and that it is likely that they will continue to happen with the 
same frequency given the interconnected nature of data transfer, 
infrastructure, and communication. From an investment perspective, it is 
important to understand whether or not these cyberattacks have a direct 
impact on the share prices of cybersecurity companies. The following 
analysis will show that the Nasdaq CTA Cybersecurity Index (NQCYBR), which 
is an index tracking companies actively involved in providing 
cybersecurity technology and services, has directly benefited from the 
aforementioned data breaches. Investors may benefit from owning the 
product tied to NQCYBR, the First Trust Nasdaq Cybersecurity ETF (CIBR), 
as these incessant cyberattacks continue to occur.

The charts below provide some additional details around the 195 incidents 
that had more than 1 million records breached and the 48 incidents that 
had over 10 million records affected over the last 5 years. It is 
immediately evident that Technology has been the largest industry affected 
by data breaches over the last 5 years, with 44% of data breaches with 
over 1 million records affected and 63% of the attacks with over 10 
million records breached coming from the Technology Industry. Some of the 
other major industries affected include Retail, Gaming, and Government.

> From a country perspective, the U.S. experienced the majority of these 
data breaches, with 60% of data breaches with over 1 million records 
affected and 54% of data breaches with over 10 million records affected 
occurring in the U.S. The U.K., Canada, Russia, and India were some of the 
other major countries affected the most by cybercrimes over the last 5 
years.

Keeping these data breaches in mind, NQCYBR has outperformed the S&P 500 
Index (SPX) by about 26 percentage points, cumulatively over the last 5 
years. The major data breaches over that time span have been overlaid in 
the chart below, which illustrate the recurrent nature of cyberattacks. 
The largest such cyberattack was the Yahoo! breach where approximately 3 
billion user records were accessed which contained names, email addresses, 
birth dates, passwords, and other vital information2. Over the last year, 
NQCYBR has still outperformed SPX by about 2-3 percentage points, 
cumulatively, as shown in the second chart below. This outperformance 
demonstrates that, overall, cybercrimes have had a positive impact on the 
performance of cybersecurity companies.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_