In today’s digital world, cybersecurity is not just important — it’s essential.
The alarming rise in cyberattacks is fueling the demand for cybersecurity solutions; in 2024, we witnessed data breaches targeting large corporations such as AT&T (NYSE:T), Fidelity, Dell (NYSE:DELL) and Snowflake (NYSE:SNOW), and on January 1, 2025, the US accused China of hacking into the Office of Foreign Assets Control and the Office of the Treasury Secretary.
Not only is the frequency of cyberattacks growing, but they are costing companies more. In 2023, an IBM (NSE:IBM) research report found that the average data breach cost in the previous year was US$4.45 million. A 2024 report reveals that the price of a data breach had risen to US$4.88 million between March 2023 and February 2024, attributed primarily to business disruption and post-breach recovery efforts.
As a result, 23.5 percent of organizations surveyed for IBM’s report said they would increase security investments following a breach, and 63 percent said they would raise the price of goods and services as a result of increased cybersecurity spending.
With cyber threats becoming increasingly sophisticated and the cost of breaches skyrocketing, what investment opportunities are available for those looking to capitalize on this critical and growing market?
Market research paints a compelling picture. MarketsAndMarkets projects the global cybersecurity market size will reach US$298.5 billion by 2028, a compound annual growth rate (CAGR) of 9.4 percent from 2022. Grand View Research sets the bar even higher, projecting a market value of US$500.7 billion by 2030.
Both firms highlight emerging opportunities in areas of artificial intelligence (AI) and machine learning (ML) for threat detection and response.
North America, currently dominating the cybersecurity market, is poised for continued growth. In the US, Statista projects revenue growth at a CAGR of 7.12 percent between 2025 and 2029. Meanwhile, Mordor Intelligence estimates Canada’s cybersecurity sector will reach US$24.23 in value.
AI: Cybersecurity’s double-edged sword
AI advancements are changing the threat landscape, requiring AI-powered cybersecurity solutions. While AI offers powerful tools to combat cybercrime, it also empowers malicious actors with new and sophisticated methods of attack.
The IBM report highlighted a concerning trend: customer personally identifiable information (PII) remains the most common target for cybercriminals. AI amplifies the potential damage caused by PII breaches, as attackers now have more tools to leverage this information. The report also determined that, despite the benefits of AI and automation in reducing breach costs, only 12 percent of organizations say they have fully recovered from a data breach. Experts foresee AI-powered attacks — along with ransomware, supply chain attacks, deepfakes, and cloud jacking — as major cybersecurity threats in the coming years.
The ‘weaponization of AI’, such as the use of deepfakes and AI-replicated voices, also poses a growing threat, as Mark Fernandes, Global Chief Information Security Officer at CAE, emphasized at the Toronto Global Forum. This trend was substantiated in a report published by The Financial Times on January 1, 2025, that examined AI-generated phishing attempts targeting corporate executives.
Additionally, IBM found that shadow data, the unmanaged data within organizations, was involved in 35 percent of breaches and led to higher costs and longer breach lifecycles. To combat this, a multi-layered approach combining various technologies and strong data governance practices is crucial for effectively managing shadow data risks.
Modern cybersecurity programs leverage a combination of AI-powered solutions. AI-driven Attack Surface Management (ASM) provides continuous visibility into potential vulnerabilities, while AI-powered Security Information and Event Management (SIEM) automates threat detection. AI also enhances posture management by enabling automated red-teaming exercises to proactively identify weaknesses.
Palo Alto Networks (NASDAQ:PANW), for example, offers a platform approach with Prisma Cloud, integrating AI across various security domains, including network security, cloud security and security operations. The company projects its security offerings will lead to continued growth in the second quarter of 2025 after expanding its offerings to the industrial sector and acquiring a cloud-based version of IBM’s AI-enabled QRadar SIEM
CrowdStrike (NASDAQ:CRWD) progressively incorporated AI into its SIEM offering throughout 2024. The company unveiled new AI-powered functions for its Falcon Next-Gen SIEM platform in May 2024, then upgraded the model in July by integrating generative AI with its Falcon Complete Next-Gen MDR service, which co-monitors the IT environment with data collected by its SIEM system. Despite experiencing a major outage in July caused by a faulty update to the Falcon sensor software, CrowdStrike’s Falcon platform and AI integration earned the company the distinction of being named a leader and outperformer in the 2024 GigaOm Radar Report for Ransomware Prevention, with multiple research firms also recognizing CrowdStrike as an innovator in this sector.
Furthermore, AI can now automate red-teaming exercises, simulating attacks to identify vulnerabilities before real attackers do. In May 2024, IBM announced new X-Force Red testing services that leverage generative AI techniques to identify and mitigate vulnerabilities.
AI-driven automation that continuously analyzes security posture and recommends improvements helps ensure optimized defenses. However, organizations must extend their security posture management to encompass the AI models themselves. In AI-powered applications, a rising security risk is prompt injection attacks, where attackers insert malicious instructions to control AI models. Recognizing this need, Cisco (NASDAQ:CSCO) acquired Robust Intelligence, a company specializing in protecting AI systems from vulnerabilities and attacks, in September 2024. According to a press release announcing the deal, the acquisition will “serve as a safety layer for Cisco Security Cloud, providing AI applications and models with default protection.”
While AI provides powerful tools for threat detection and response, its effectiveness can be further amplified by integrating it with other technologies.
The power of blockchain in cybersecurity
Blockchain offers unique capabilities for securing data, building trust, and enhancing resilience through its secure and immutable record of transactions. Each block in the chain contains transaction data and a unique hash, relying heavily on cryptography to ensure data integrity and prevent tampering. This is particularly crucial in the realm of cryptocurrencies, where encryption prevents double-spending and secures the transfer of funds.
This gives blockchains major applications in securing digital identities, transactions and supply chains. Recognizing its potential, tech companies are investing in blockchain cybersecurity.
Microsoft (NASDAQ:MSFT), Amazon (NASDAQ:AMZN), Oracle (NYSE:ORCL), and IBM are all making significant contributions to the field of blockchain cybersecurity. Microsoft’s Azure Confidential Ledger provides a highly secure environment for storing sensitive data, while Amazon, IBM and Oracle all offer enterprise-grade blockchain platforms and services to facilitate the development of secure applications for various use cases, including supply chain management and data sharing.
Companies like privately-held Guardtime are developing solutions to address existing challenges to implementing blockchain with cybersecurity, such as scalability issues faced by traditional blockchains like Bitcoin. Guardtime’s Keyless Signature Infrastructure (KSI) is based on a special kind of Merkel Tree — a data structure that allows for efficient verification of data integrity without needing to download the entire blockchain — called a hash calendar, which only records the hashes of data at specific time intervals.
Not only does this drastically reduce storage requirements, KSI doesn’t rely on a Proof-of-Work consensus mechanism, eliminating the need for energy-intensive computations without compromising the speed of transaction processing.
The quantum leap in cybersecurity
Quantum computing, an emerging technology, utilizes the principles of quantum mechanics to perform calculations beyond the capabilities of traditional computers.
Quantum computing is based on qubits, which can exist in a state of superposition (being in multiple states at once until measured), unlike classical bits, which can be expressed as either 0 or 1. This allows quantum computers to process more data in less time than it would take traditional computers, giving them the potential to revolutionize cryptography.
Although NVIDIA (NASDAQ:NVDA) CEO Jensen Huang suggested that “very useful quantum computers” are likely still 20 years away, quantum computing poses both a risk and an opportunity for cybersecurity. Dr. Michele Mosca from the University of Waterloo’s Institute for Quantum Computing argues that while quantum computing may initially appear to threaten cybersecurity by potentially breaking current encryption, it also presents an opportunity to establish stronger and more resilient security foundations for the digital economy.
Google (NASDAQ:GOOGL), a leader in quantum computing research since 2014 and the first to claim quantum supremacy in 2019, achieved a breakthrough with its Willow quantum processor at the end of 2024 when it demonstrated significantly improved error correction and scalability in quantum computing.
This brought the possibility of potentially breaking current encryption methods closer to reality and underscored the urgency of developing and implementing quantum-resistant solutions.
While established players such as IBM continue to advance quantum computing with platforms like Qiskit, new entrants like Quantinuum, backed by investors including JP Morgan (NYSE:JPM), are emerging to build quantum computers and develop applications for them.
Other companies like PQShield, ISARA Corporation and SandboxAQ are developing post-quantum cryptography (PQC) solutions using mathematical algorithms that are believed to be resistant to attacks from both classical and quantum computers. Sandbox AQ, which began as a team within Google, held its latest US$300 million funding round in December, bringing its valuation to US$5.3 billion.
Investor takeaway
The cybersecurity market is a compelling area to watch in 2025. Investors should focus on companies that are adapting to emerging trends, driving innovation and fostering collaboration to protect the future of the digital landscape.
Securities Disclosure: I, Meagen Seatter, hold no direct investment interest in any company mentioned in this article.
