Despite the global scale of the ransomware attack dubbed “WannaCry,” its creators have reportedly collected just $50,000 in bitcoin from the hack as of early Monday.
Meanwhile, the cybersecurity industry’s valuation rose billions over the weekend, as investors bet on an increase in cyber attacks driving business to those who know how to defend against it.
In total, the market capitalizations of the five biggest cyber security-related companies in the industry, as ranked on the PureFunds ISE Cyber Security exchanged-traded fund, rose $5.9 billion in early trading Monday. Shares of Symantec alone has added $750 million to its market cap since Friday.
The WannaCry attacks, which first surfaced Friday, became a sign to investors that the cybersecurity industry would grow even further as cyber attacks become more sophisticated in future years. Microsoft’s Chief Legal Officer for instance wrote Sunday that the U.S. government should work with tech companies to approach cyberattacks with the same gravitas it applies to military attacks. And the U.S. certainly takes its military and defense very seriously. About 17% of the country’s near $4 trillion budget currently goes toward defense spending, according to the Congressional Budget Office.
By early Monday, the cyber security ETF, which tracks 40 companies in the industry, rose 3.3% in trading, beating the S&P 500’s 0.5% pop in the same day. Its five biggest constituents are Cisco(which rose 2.8%), Symantec (4%), Check Point Software(2.4%), Juniper Networks(0%), and Palo Alto Networks(3.7%).
Cisco in particular received a slight boost after Morgan Stanley analysts upgraded the company to the equivalent of “Buy” Monday, with Morgan Stanley saying companies would increasingly focus on cybersecurity from now on.
Companies that saw their stocks jump the most following the hacks though were Mimecast(11%), Sophos Group (7.8%), Proofpoint(7.3%), and Fireeye (7%). Curiously, Sophos once boasted that it protected the U.K.’s National Health Services — one of the organizations most heavily affected by the attacks. Sophos later removed that tidbit from its website.
