Select another investor profile To access more content, select your investor profile

How AI will redraw the cybersecurity industry landscape

Active Equity
Cybersecurity is already a dynamic industry and a rich hunting ground for investors. AI should further improve its prospects.

If you get a badly spelt email offering you a share of a mysterious inheritance, you smell a rat. But what about an authentic-looking missive from your Human Resources department or a pleading voice note from your child? With the help of artificial intelligence (AI), cyber-attacks are set to become ever more sophisticated and harder to spot. That presents a big challenge for the cybersecurity industry – but also a big opportunity for security companies that can harness AI’s power.

Cyberattacks are already a huge problem: there is a hacker infiltration every 39 seconds, and an estimated 3.8 million records are stolen through breaches every day.https://ung.edu/continuing-education/news-and-media/cybersecurity.php It’s not surprising, therefore, that the cybersecurity industry is forecast to grow by nearly 14 per cent this year, according to Gartner. Yet as AI becomes more ubiquitous, we believe growth could be even faster in future.

Because it can increase the scale and severity of attacks, AI is sure to boost investment in cybersecurity across a vast swathe of industries. The large language models (LLMs) that are powering the new forms of AI are making coding much easier which in turns means it will become easier and quicker to produce malware. Even without specialist tech skills, a would-be attacker will be able to ask AI for details of how a historical breach was carried out, and can then use the information to stage similar attacks – potentially on multiple sites simultaneously.

Well-targeted, highly personalised spear-phishing emails which deploy malware are already starting to replace clumsy generic text and PDF efforts. Generative AI thus expands the reach of disinformation. And it makes it easier for attackers to sift through the information they manage to get, and to fill in any gaps in that data. Attackers may also be able to manipulate their victims’ AI models to their own advantage, covering their tracks or even perpetuating attacks.

This could compromise not just individuals but companies and governments. The implications stretch beyond data – with the increased use of autonomous or semi-autonomous vehicles, for example, transport safety could be at risk.

And the risks of AI don’t end with active attacks. Company executives are also worried about compliance with data privacy regulations and the intellectual property implications of content created by AI. As a result, they are prioritising investment in data security and governance solutions.https://business.bofa.com/content/dam/flagship/bank-of-america-institute/transformation/cybersecurity-landscape-impact-what-comes-next.pdf

According to Gartner, two-thirds of companies are planning to increase investment into cyber and information security this year compared to 2022, with the fear of financial loss a key motivator.2023 Gartner CIO and Technology Executive Survey

Fig.1 - Security tech remains an investment priority for business

% of businesses surveyed intending to increase/decrease investment in technology security in 2023 vs 2022

Source: 2023 Gartner CIO and Technology Executive Survey

Therein we believe lies an opportunity – both for the security industry and for investors. Cybersecurity companies that are able to embrace AI in building digital defences will have strong growth prospects over the coming years. And that’s especially the case for those prioritise investment in infrastructure – such as Equinix.

The company understands that the proliferation of connected devices and the growing use of AI is creating ever more data, all of which needs to be stored and transferred securely, which in turn demands safe infrastructure. Equinix is therefore using machine learning to improve security of its data centres by identifying any potential weaknesses and eliminating them.

That can include using machines to analyse video footage for any suspicious activity in or around the data centre, as well as to monitor how customers access their data and to flag up any anomalies.https://blog.equinix.com/blog/2022/09/14/6-reasons-why-you-need-ai-ml-in-your-data-center/

Another way for firms to gain competitive edge in an increasingly AI-dominated cybersecurity industry is through the development of specialist security software applications and services. This is the route favoured by firms such as the US’s Crowdstrike. The company is leveraging its extensive data and telemetry history to equip new modules on its Falcon Platform with AI capabilities. Popular with large US companies, Falcon is designed to detect cyber threats on a company’s computers at an early stage. In a similar vein, Palo Alto Networks, the largest standalone cybersecurity vendor, now offers a range of cloud- and AI-centred solutions. And there is a growing market for secure software to be used in autonomous vehicles to ensure transport security.

AI may also give rise to new sub-sectors within the cybersecurity industry. It could, for instance, create a new market for the policing of the information that AI systems generate. New methods to verify human identity will also be needed. This could open the door for innovative start-ups as well as providing growth opportunities for existing security firms. The challenge for security businesses is to build a new generation of cybersecurity tools that incorporate generative AI to enable the recognition of malware at speed and scale. Greater reliance on AI as a support in delivering cybersecurity will only gain in importance, given the skill shortage in the industry.

Fig.2 - Security spending a structural trend

Worldwide spending on security solutions, in USD billion

Source: Gartner, Forecast Analysis Information Security and Risk Management Worldwide

AI's importance to cybersecurity businesses is also growing because of a change in their commercial priorities. 

In recent years, the industry has undergone a significant shift, one that has seen firms focus less on products that protect end points (desktops, laptops and mobile devices) and more on those that secure entire organisational networks and operate in the cloud.

These are areas where AI presents even greater cybersecurity risks. 

As a result, companies are developing zero trust solutions that continuously verify the credentials of individuals interacting with an organisation, both internally and externally.

Overall, then, advances in AI and machine learning represent long-term trends that will boost demand for cybersecurity services among governments, companies and individuals. Because AI security solutions offer greater automation - automating many of the repetitive tasks carried out by analysis in security operations centres - they can be expected to trigger a rise in security software spending. This, in turn should also help alleviate a global cybersecurity workforce shortage, which currently stands at 3.4 million people.https://media.isc2.org/-/media/Project/ISC2/Main/Media/documents/research/ISC2-Cybersecurity-Workforce-Study-2022.pdf?rev=1bb9812a77c74e7c9042c3939678c196

All of which will further strengthen the industry’s potential for growth: today there are some 15 billion connected devices in the world; in 10 years’ time that number is forecast to double and each one of them needs to be protected.https://transformainsights.com/research/forecast/highlights Those security companies that use the latest tech advances to their advantage are likely to benefit the most.