08 Jul 2019 3 min read

Cybersecurity and the new Facebook currency

By Aanand Venkatramanan , Howie Li

As tech giants rush into digital currencies and payments, it’s not just consumers who will need to be careful; the likes of Facebook and Apple will have to invest heavily in cybersecurity to guard against the next Stuxnet or WannaCry.


Facebook has now revealed the first details of its long-awaited digital currency, which will be called Libra.

Libra is not the first digital currency, nor is it likely to be the last, but what distinguishes it is its potential scale. Not only does Facebook have more than two billion users – which would make it the largest country in the world by population – but 28 other major organisations, including Visa and Uber, are backing the new currency too. Libra will also be pegged to a basket of other currencies, rather than simply ethereal.

All of these advantages augur well for Libra, but we don’t really know yet whether it will become widely adopted or the dominant digital currency – let alone displace traditional currencies.

What we do know, however, is that more and more of our financial life is moving online. Facebook’s move is just the latest in a long series of attempts by businesses to capture this transition. In a different part of this ecosystem, for example, earlier this year Apple sought to consolidate the position of its Apple Pay business by launching a ‘digital first’ credit card.

At the same time, each new corporate venture into this space seems to be followed by news of another major hack. A few days after Facebook introduced Libra, a city in the US had to pay a six-figure ransom to hackers who took over its computer system. The same day that Apple unveiled its new card, it was reported that malware had been installed on more than a million computers through a backdoor.

Taking bits out of Apple

This is not purely coincidence: 100 ransomware attacks take place every 20 minutes, according to Cybersecurity Ventures. Many of these are directed at individuals or smaller businesses, but the dangers are evident at the corporate level too. Since 2005, Bloomberg has recorded almost 200 data breaches worldwide that have affected at least one million records each; 48 of those involved over 10 million records each and occurred within the past five years. On average, there has been a hack that has breached at least 10 million records approximately every 36 days.

This should be particularly alarming for the likes of Facebook and Apple pushing into digital payments and currencies: technology companies have been by some distance the worst hit, with the sector accounting for 63% of attacks in which more than 10 million records were unlawfully accessed.

These breaches cost businesses more than their reputations. Facebook is facing a $1.6 billion fine, and British Airways a penalty of €1 billion. Under the General Data Protection Regulation (GDPR), the fines associated with significant data breaches can now be up to 4% of a company’s revenues – equivalent to billions for large-caps.

These sums are not lost on executives. Forbes has reported that JP Morgan’s budget for cybersecurity was $500 million in 2016 while Bank of America Merrill Lynch’s was $400 million, both huge in their own right but dwarfed by the near $20 billion spent by the US government on cybersecurity in its 2017 budget, according to Nasdaq Global Indexes. Overall, Cyber Security Ventures has estimated that global cybersecurity spending grew by a multiple of 35 between 2004 and 2017 and is set to pass $1 trillion by 2021.

Protect and server

From an investor’s perspective, the money that organisations are devoting to fighting cyber threats clearly creates an interesting opportunity. Yet it is worth bearing in mind that not every cybersecurity provider has the necessary skills or tools to defend against every variety of attack: companies and institutions require data encryption, financial transaction protection, email security, and many more services.

We therefore believe that not only is active bottom-up research essential for identifying the companies specialising in cybersecurity, but that investors can also benefit from investing across a basket of stocks focused on different aspects of this complex ecosystem.

We do not yet know what cyber attacks will be directed at Facebook and its peers as they push further into digital payments and currencies. But we do know that a host of malicious actors will be targeting them. Malware like WannaCry and Stuxnet has now become well known; we hope that the billions being invested in cybersecurity mean we never have to hear the names of any more.

Aanand Venkatramanan

Head of ETFs, EMEA

Aanand leads the development and growth of the ETF business. Aanand joined the investment manager from ETF Securities after the successful acquisition of the Canvas ETF business which completed in March 2018. He joined ETF Securities as a Director, Quantitative Investment Strategies in May 2017. Prior to that, he worked at Barclays Capital and Goldman Sachs International as a vice president within their index research and structuring groups respectively; and at University of Sussex as an assistant professor in Finance. He has published papers in top academic journals and co-authored book chapters. Aanand holds a PhD in Mathematical Finance and Master’s in applied Mathematics from the University of Reading.

Aanand Venkatramanan

Howie Li

Global Head of Index & ETFs

Howie leads the development and growth of the global index and ETF business where he and his team develop and manage assets across a range of solutions spanning from traditional market-cap index strategies to innovative actively-designed systematic strategies which are found in LGIM’s mutual funds, ETFs, mandates and other client-orientated solutions.  Howie joined the investment manager as Head of ETFs following LGIM’s successful acquisition of the Canvas ETF business in March 2018 from ETF Securities. During his time there for almost 10 years, Howie held various roles including CEO of Canvas, Co-Head of Canvas ETFs and Head of Legal.  Howie trained and worked at Simmons & Simmons in London advising the alternative investment funds industry and is a qualified solicitor in England and Wales.

Howie Li