Season 4, Post 11: The boiled frog
If you put a frog suddenly into boiling water, it will jump out. However, were the frog put in tepid water that is then brought to the boil slowly, it will not perceive the danger and will be slowly cooked to death. It is a grim but also superb metaphor. We spent time last week with several senior members (including a former ethical hacker) of the technology team of a listed cybersecurity company and the boiled frog metaphor was applied to explain the current state of cyber.
The metaphor captures the inability or unwillingness of people to react to or be aware of sinister threats that arise gradually rather than suddenly. The risk of cyberattacks is inevitably front of mind for all businesses at present given the unfortunate situation involving Russia and Ukraine. It was highlighted to us that the number of attacks had not changed markedly since the invasion had begun; rather it was the objectives of attackers that had shifted given unfolding geopolitical tensions.
Cast your mind back over the last few years and there have been no shortage of major security breaches which significantly impeded the ability of businesses to operate. The WannaCry and NotPetya ransomware attacks of 2017 were followed, for example, by the Solar Winds US federal government breach in 2020, the ransomware attack on the Colonial Pipeline in 2021 and the recent Log4j compromise. One of the group of technology professionals we met said he would “bet money” that an attack of at least similar magnitude (most likely originating out of Russia) would occur “within a quarter.” Put another way, likely ongoing Russian criminal initiatives within the area of cyber had “boiled the frog” – cyber is “now a boardroom issue.”
We concur with the above, particularly since a recent study (shared with us at our meeting, data courtesy of Forrester) showed that 75% of professionals think the scale and speed of cyberattacks will increase. Further, the industry is structurally under-resourced (most companies that have three IT professionals “need ten” we were told last week). A different study shows that cybercrime costs the world over $6tr currently, but could rise to over $10tr by 2025. It’s no surprise then that deal activity within the world of cyber remains elevated. Google, for example, announced earlier this month that it would spend over $5bn acquiring publicly listed Mandiant. Expect more M&A. From a corporate perspective, it’s time to get buying better cyber protection.
15 March 2022
The above does not constitute investment advice and is the sole opinion of the author at the time of publication. Past performance is no guide to future performance and the value of investments and income from them can fall as well as rise.
Alex Gunz, Fund Manager
The document is provided for information purposes only and does not constitute investment advice or any recommendation to buy, or sell or otherwise transact in any investments. The document is not intended to be construed as investment research. The contents of this document are based upon sources of information which Heptagon Capital LLP believes to be reliable. However, except to the extent required by applicable law or regulations, no guarantee, warranty or representation (express or implied) is given as to the accuracy or completeness of this document or its contents and, Heptagon Capital LLP, its affiliate companies and its members, officers, employees, agents and advisors do not accept any liability or responsibility in respect of the information or any views expressed herein. Opinions expressed whether in general or in both on the performance of individual investments and in a wider economic context represent the views of the contributor at the time of preparation. Where this document provides forward-looking statements which are based on relevant reports, current opinions, expectations and projections, actual results could differ materially from those anticipated in such statements. All opinions and estimates included in the document are subject to change without notice and Heptagon Capital LLP is under no obligation to update or revise information contained in the document. Furthermore, Heptagon Capital LLP disclaims any liability for any loss, damage, costs or expenses (including direct, indirect, special and consequential) howsoever arising which any person may suffer or incur as a result of viewing or utilising any information included in this document.
The document is protected by copyright. The use of any trademarks and logos displayed in the document without Heptagon Capital LLP’s prior written consent is strictly prohibited. Information in the document must not be published or redistributed without Heptagon Capital LLP’s prior written consent.
Heptagon Capital LLP, 63 Brook Street, Mayfair, London W1K 4HS
tel +44 20 7070 1800
email [email protected]
Partnership No: OC307355 Registered in England and Wales Authorised & Regulated by the Financial Conduct Authority
Heptagon Capital Limited is licenced to conduct investment services by the Malta Financial Services Authority.
GET THE UPDATES
Sign up to our monthly email newsletter for the latest fund updates, webcasts and insights.