The Trump bit
Trump is tariffing again. For fear of adding to the Trump headlines inevitably flying into your inbox (and for fear of the tariff commentary here already being out of date by the time you read this, given the breakneck pace of Trump’s whims), here is a quick breakdown of what we have seen over this past week.
Despite fresh rounds of trade letters aimed at multiple nations delivered via the modern carrier pigeon that is Truth Social, trade aggression aimed at Canada, the EU, Brazil, and Vietnam, and even trade tariffs aimed at copper, the S&P 500 continues to hum along, serenely indifferent, even reaching all-time highs.
Why the calm? Perhaps investors are leaning on the “TACO” doctrine, Trump Always Chickens Out, or maybe they’re just numb. The market has seen this maximalist script before. 1st August (the new new deadline) looms, but no one’s scrambling for cover. Whether this is yet another elaborate bluff or part of a deal-making ritual will reveal itself in time. Either way, we’re watching closely and remain tactically agile.
Cybersecurity: The real national security threat
For something less dramatic than tariffs, but equally impactful, look no further than the digital realm. Over the past few months alone, the frequency and severity of cyberattacks have intensified to such a degree that it’s no longer a matter of “if” your systems will be hit, but rather “when,” “how badly,” and “how publicly.”
Close to home, the M&S cyberattack in April wasn’t just a boardroom problem or a share price tremor, it was a logistics and supply chain crisis. A “sophisticated impersonation” attack on one of its third-party users not only wiped £300 million from operating profit projections, but it also left shelves empty as far afield as the stores here in the Channel Islands. When your local sandwich selection becomes collateral damage, you begin to realise cyber risk isn’t abstract.
And M&S weren’t alone. Qantas had the personal data of millions of customers breached. The International Criminal Court suffered a targeted digital incursion. Canada blamed China-linked hackers, Salt Typhoon, for breaking into critical telecom infrastructure. It was revealed the US Treasury Department, tasked with protecting financial stability with the utmost sensitivity, has been breached three times in five years, including during the current administration. Even the Schengen border system, meant to track terrorists and criminals, was found to be riddled with high-severity vulnerabilities. All these incidents and discoveries have happened in just the last month.
Meanwhile, the AI arms race is fully underway as we have discussed in numerous weekly updates, though that of course expands to both the good and the bad guys. Xbow, an AI hacker created by a former Oxford professor, just topped the HackerOne leaderboard, outperforming every human in America at finding critical software flaws. Machines are now hacking machines. The future is already here.
Old hacks, new consequences
It’s easy to think that cyberattacks are a recent affliction, a product of modern AI and increasing digital dependence. But in truth, we’ve been living with these risks for over a decade but we, as a general society, haven’t taken much notice.
Take WannaCry, the 2017 ransomware worm that tore through the NHS and scores of organisations across 150 countries. The malware exploited an unpatched Windows vulnerability and locked up computers with a ransom note. It could have been catastrophic, particularly for potentially bringing the NHS to its knees with operations cancelled, ambulances rerouted and patient records inaccessible. But a young security researcher stumbled upon a built-in “killswitch”, an inexplicable failsafe left behind by the malware’s creators. With one domain registration, the attack was neutralised. Had that not been found, the UK's health service might have faced a systemic collapse. The only thing that saved us was luck, not foresight.
Then there’s the Bangladesh Bank Attack of 2016, a cyber robbery known as the Lazarus Heist that nearly emptied the country’s national reserves. Hackers infiltrated the central bank’s systems and issued fraudulent instructions via the SWIFT network, attempting to steal nearly $1 billion. They successfully transferred $81 million but were then stopped. How? Because they used the word “Jupiter” in one transaction, the name of a ship on a US sanctions list, which triggered a compliance review across a range of the outwards Bangladesh transactions. Had they typed “TACO” instead, Bangladesh could’ve been economically crippled. Once again, like WannaCry, the escape was purely down to luck.
Finally, there's Shady RAT, the so-called “quiet hack” that flew under the radar for nearly five years starting in 2006. At the time, it seemed benign, a widespread spear-phishing campaign by Chinese-affiliated groups targeting government bodies, defence contractors, and critical infrastructure. Because it left little visible damage, it was largely dismissed. But in the years since, it’s become clear that critical IP was captured by these Chinese hackers, including blueprints of advanced US fighter jets, and that the campaign may have planted long-term vulnerabilities across Western infrastructure. In other words, it worked. And it all started with people clicking dodgy email attachments.
We’re only hearing about this in the mainstream now because the stakes are rising, and the lines between military, corporate and civilian digital life have blurred. Everything, from your fridge to your fleet, is connected, and AI is only accelerating the pace and sophistication of attacks.
How we're doing our bit on your behalf
Cybersecurity isn’t just an IT department’s concern anymore, instead it’s a board-level, portfolio-level and sovereign-level risk. No company, industry, or country is untouchable. As individuals, we need to be aware of the risks that exist out there. As investors, we need to be open to the opportunities that these risks can present.
In the Global Blue Chip Fund, we’ve brought in CrowdStrike, a leading enterprise cybersecurity software specialising in threat detection, mitigation, and active response, using its proprietary CharlotteAI to combat threats. This goes back to the machine vs machine comment earlier and how the good guys must get on a level playing field with the bad guys out of necessity. We’ve also gone further through our new exposures to Raytheon (RTX), BAE Systems, and Kongsberg Gruppen, all of which maintain significant cybersecurity capabilities alongside traditional defence operations. This reflects our view that digital warfare is inseparable from conventional deterrence, which, along with our thoughts on the broader defence landscape, you can read more about in our latest Blue Chip Insights.
Final byte
The next hack won’t start with a bang, it’ll start with a glitch. The screens won’t go black, they’ll lie. Tankers will drift, banks will pause transfers, and maybe, just maybe, your local M&S won’t have any strawberry and cream sandwiches (though that may only be a Wimbledon special anyhow). We’re positioning accordingly, have a good week.
