The upheaval resulting from the recent faulty software update from cyber-security firm CrowdStrike – estimated by Fitch to amount to just under $10bn in insured loss – serves as a stark reminder of the growing vulnerability of our digital networks as they continue to grow at lightning speed.
While the cause of that outage has been traced to a defect rather than a security incident or targeted cyber-attack, cybersecurity is firmly in the spotlight.
As businesses around the world scramble to bolster their digital defences, there are compelling investment opportunities to be found in the companies building and employing solutions to cybersecurity risks.
Cybercrime affects our lives every single day. From the poorly spelled text message from a dubious law firm offering you a share of a mysterious inheritance, to the authentic-looking missive from your chief executive pleading with you to send sensitive corporate information, the methods employed by adversaries are developing at a ferocious pace.
Cybercrime cost the global economy an estimated $8trn in 2023. That’s $15.2m every minute and, if measured as a country, it’s greater than the annual GDP of every country on the planet with the exception of the US and China.
Globally, there is a hacker infiltration every 39 seconds, and an estimated 3.8 million records are stolen through breaches every single day. It’s not surprising, therefore, that the cybersecurity industry is forecast to grow by nearly 14% this year, reaching an annual spend of approximately $210bn. Unfortunately, however, the cost of cybercrime is keeping pace, with the average cost of a breach reaching $4.5m in 2023.
Hacktivism and phising get a GenAI makeover
With over 50 countries and 4.2 billion people globally voting in national and regional elections this year, we can expect nation states, bad actors and other interested parties to be using all kinds of disinformation, extortion campaigns and hacktivism to influence outcomes.
Artificial intelligence (AI), and generative AI in particular, looks set to exacerbate this already worrying picture. The growth in ransomware attacks reaccelerated to +70% year-on-year in 2023, as hackers began to use GenAI tools to help them create malware faster than ever before.
Phishing attacks are also getting a GenAI makeover. Deep fakes for digital images and voice cloning, combined with multi-modal campaigns, can trip up even the normally vigilant. Meta’s GenAI speech synthesis tool Voicebox is said to work so well that the company has, for now, decided not to release it to the public.
Bad actors are also using GenAI to find novel ways to get at us every day. The use of GenAI itself is creating a much wider attack surface, providing another route to expose sensitive corporate and personal data.
Digital defences promise strong growth prospects
While the above paints a worrying picture for business – not to mention society – it does also open up investment opportunities. Cybersecurity companies that are able to utilise AI effectively in building digital defences should have strong growth prospects over the coming years.
A change in commercial priorities is leading to the growth of AI's importance to cybersecurity businesses. In recent years, the industry has undergone a significant shift, one that has seen firms focus less on products that protect endpoints (i.e. desktops, laptops and mobile devices) and more on those that secure entire organisational networks, including cloud infrastructure. These are areas where AI presents even greater cybersecurity risks.
Consequently, hyperscale cloud vendors are also placing more focus on security. Microsoft’s security business is now a more than $20bn run rate platform, with an estimated $4bn annual research and development budget.
Alphabet also has strong credentials in security, having added to its platform with the acquisition of Mandiant (the threat-hunting expert famed for uncovering the SolarWinds hack) and Forseeti (cyber-attack simulation specialist) in 2022.
Compared to Microsoft, Alphabet had been relatively quiet about its intentions in cybersecurity, however, the company’s recently rejected $23bn bid for cloud security software vendor Wiz, highlights the importance the firm is placing on improving its own security platform.
Advances in AI and machine learning represent long-term secular trends that should boost demand for cybersecurity services among governments, companies and individuals.
Today there are some 15 billion connected devices on the planet; according to Gartner, over the next decade that number is forecast to double and each one of them needs to be protected.
Those security companies that use the latest tech advances to their advantage are (in our view) likely to benefit the most. And those companies that use these solutions most effectively should be able to ensure they have the best line of defence to protect their assets and their stakeholders.
Tom Fitzgerald is fund manager of the EdenTree Responsible & Sustainable Global Equity fund. The views expressed above should not be taken as investment advice.