Cybersecurity – The rush to catch up with reality Cybersecurity – The rush to catch up with reality Cybersecurity – The rush to catch up with reality

Cybersecurity – The rush to catch up with reality

Anders Nysteen

Senior Quantitative Analyst, Saxo Bank

Summary:  Cyberattacks continue to become even more hideous and sophisticated, and due to the closely connected global digital infrastructure, spillover effects may likely cause damage to places other than the intended target of a cyberattack. The invasion of Ukraine was a major wake-up call globally for both governments and private companies who are rushing to bolster their cyber defences.

In the weeks prior to the invasion of Ukraine, the country was hit by multiple cyberattacks. On February 15, major websites of the defence ministry, army and two of Ukraine’s largest banks were down. A more severe attack on February 23 also took down multiple government websites, as well as placing data-wiping malware on computers belonging to multiple Ukrainian organisations. And after the invasion began, the number of cyberattacks over the following 48 hours increased by more than 800 percent.  

Following a request from Ukraine, EU sent its Cyber Rapid Response Team to assist. The intention is of course to assist Ukraine in securing critical infrastructure, but it’s likely also aimed at avoiding spillover effects to the global digital infrastructure. As we saw in June 2017 with one of the most severe global cyberattacks, NotPetya, a well-organised cyberattack can do extensive financial damage. The attack was primarily targeting Ukraine with around 80 percent of its hits targeting ministries, banks and transportation infrastructure. Large logistics companies such as Maersk and FedEx were also affected, and the estimated revenue loss was $200-$300m and $400m, respectively.  

Governments call for cyber defense boost 

The invasion of Ukraine was a wake-up call for nations to reinforce their cyber defences, especially within their critical infrastructure such as transportation networks, the health care system and important supply lines. In many countries the majority of the critical infrastructure is owned by private companies, which do not always meet the required standards for cyber defence. One notable infrastructure cyberattack was against the largest fuel pipeline in the US, the Colonial Pipeline; all pipeline operations had to be halted to contain the attack.  

Because of the invasion, governments have called on organizations to bolster their cyber defenses against online attacks, with Britain’s National Cyber Security Center and the US Cybersecurity & Infrastructure Security Agency as examples. The latter is stating that “While there are not any specific, credible, cyber threats to the U.S., we encourage all organizations – regardless of size – to take steps now to improve their cybersecurity and safeguard their critical assets,”. The US Senate also followed this by passing a bill requiring critical infrastructure operators and federal agencies to report cyberattacks within 72 hours and ransomware payments within 24 hours.  

Cybersecurity industry growing rapidly 

The volume and complexity of global cyberattacks were already growing prior to the invasion. According to a report by Coro, the number of cyberattacks against small-to-medium businesses has increased by 150 percent over the past two years, and the companies’ defences have not grown accordingly. One issue is a shortage in workforce, which needs to grow by 65 percent for organisations to be able to sufficiently defend their critical assets, according to research among cybersecurity professionals by (ISC)2.  

The cybersecurity industry is a rapidly growing industry and in Saxo Bank we monitor trends in the cybersecurity market through one of our thematic baskets. The theme basket contains 25 of the largest cybersecurity companies which are involved in creating, implementing and managing security protocols, in applications ranging from mobile phones to large-scale IT infrastructure; see table 1 below. Over the past couple of years, the companies have in general had large revenue growth rates, as shown in figure 1 below. However, more than half of the companies reported a negative operating margin every year, measured over 12-month trailing figures. The cybersecurity industry is clearly an industry where growth has been prioritised over profitability, and it is undergoing a rapid consolidation with many of major cybersecurity companies acquiring smaller players. This is expected to improve profitability over time.  

The evolution in global digitalisation demands an equivalent increase in cyber protection, and with the growing volume and complexity of cyberattacks, we expect the cybersecurity industry to continue to show high growth numbers relative to the general equity market. 

NameMarket Cap
(USD mn.)
growth (%)
margin (%)
Palo Alto Networks Inc53,77528.4-6.7
Fortinet Inc44,88828.819.5
Crowdstrike Holdings Inc43,69866.0-9.8
Cloudflare Inc28,75252.3-19.5
Zscaler Inc28,37860.4-31.4
Okta Inc24,14155.6-59.0
VeriSign Inc22,4924.965.3
Splunk Inc19,39919.9-42.9
Check Point Software Technologies Ltd17,8164.941.9
NortonLifeLock Inc16,08210.441.5
F5 Inc11,80910.814.6
SentinelOne Inc8,784100.2-124.1
Avast PLC8,6785.441.9
Trend Micro Inc/Japan8,1299.422.9
CyberArk Software Ltd6,0198.3-15.6
Rapid7 Inc5,95430.1-22.4
Tenable Holdings Inc5,72122.9-7.7
Qualys Inc4,97513.321.3
Varonis Systems Inc4,34333.3-25.3
Sailpoint Technologies Holdings Inc4,10820.2-13.5
Darktrace PLC4,09348.2-7.2
Venustech Group Inc3,33745.817.2
CommVault Systems Inc2,6928.35.4
Radware Ltd1,47014.66.4
F-Secure Oyj8597.37.5
Aggregate / median359,49120.2-6.7

Source: Bloomberg and Saxo Group, data from 14 Mar 2022.
Sales and EPS growth is measured on 12-month trailing figures.

Explore products at Saxo

The Saxo Group entities each provide execution-only service and access to Analysis permitting a person to view and/or use content available on or via the website is not intended to and does not change or expand on this. Such access and use are at all times subject to (i) The Terms of Use; (ii) Full Disclaimer; (iii) The Risk Warning; (iv) the Rules of Engagement and (v) Notices applying to Saxo News & Research and/or its content in addition (where relevant) to the terms governing the use of hyperlinks on the website of a member of the Saxo Group by which access to Saxo News & Research is gained. Such content is therefore provided as no more than information. In particular no advice is intended to be provided or to be relied on as provided nor endorsed by any Saxo Group entity; nor is it to be construed as solicitation or an incentive provided to subscribe for or sell or purchase any financial instrument. All trading or investments you make must be pursuant to your own unprompted and informed self-directed decision. As such no Saxo Group entity will have or be liable for any losses that you may sustain as a result of any investment decision made in reliance on information which is available on Saxo News & Research or as a result of the use of the Saxo News & Research. Orders given and trades effected are deemed intended to be given or effected for the account of the customer with the Saxo Group entity operating in the jurisdiction in which the customer resides and/or with whom the customer opened and maintains his/her trading account. Saxo News & Research does not contain (and should not be construed as containing) financial, investment, tax or trading advice or advice of any sort offered, recommended or endorsed by Saxo Group and should not be construed as a record of our trading prices, or as an offer, incentive or solicitation for the subscription, sale or purchase in any financial instrument. To the extent that any content is construed as investment research, you must note and accept that the content was not intended to and has not been prepared in accordance with legal requirements designed to promote the independence of investment research and as such, would be considered as a marketing communication under relevant laws.

Please read our disclaimers:
- Notification on Non-Independent Investment Research (
- Full disclaimer (

None of the information contained here constitutes an offer to purchase or sell a financial instrument, or to make any investments. Saxo does not take into account your personal investment objectives or financial situation and makes no representation and assumes no liability as to the accuracy or completeness of the information nor for any loss arising from any investment made in reliance of this presentation. Any opinions made are subject to change and may be personal to the author. These may not necessarily reflect the opinion of Saxo or its affiliates.

Saxo Capital Markets HK Limited
19th Floor
Shanghai Commercial Bank Tower
12 Queen’s Road Central
Hong Kong

Contact Saxo

Select region

Hong Kong S.A.R
Hong Kong S.A.R

Saxo Capital Markets HK Limited (“Saxo”) is a company authorised and regulated by the Securities and Futures Commission of Hong Kong. Saxo holds a Type 1 Regulated Activity (Dealing in Securities); Type 2 Regulated Activity (Dealing in Futures Contract); Type 3 Regulated Activity (Leveraged Foreign Exchange Trading); Type 4 Regulated Activity (Advising on Securities) and Type 9 Regulated Activity (Asset Management) licenses (CE No. AVD061). Registered address: 19th Floor, Shanghai Commercial Bank Tower, 12 Queen’s Road Central, Hong Kong.

Trading in financial instruments carries various risks, and is not suitable for all investors. Please seek expert advice, and always ensure that you fully understand these risks before trading. Trading in leveraged products may result in your losses exceeding your initial deposits. Saxo does not provide financial advice, any information available on this website is ‘general’ in nature and for informational purposes only. Saxo does not take into account an individual’s needs, objectives or financial situation. Please click here to view the relevant risk disclosure statements.

The Saxo trading platform has received numerous awards and recognition. For details of these awards and information on awards visit

The information or the products and services referred to on this site may be accessed worldwide, however is only intended for distribution to and use by recipients located in countries where such use does not constitute a violation of applicable legislation or regulations. Products and services offered on this website are not directed at, or intended for distribution to or use by, any person or entity residing in the United States and Japan. Please click here to view our full disclaimer.

Apple, iPad and iPhone are trademarks of Apple Inc., registered in the US and other countries. AppStore is a service mark of Apple Inc. Android is a trademark of Google Inc.