A 2024 IBM report reveals that the price of a data breach had risen to US$4.88 million between March 2023 and February 2024, primarily due to business disruptions and post-breach recovery efforts.
With cyber threats becoming increasingly sophisticated and the cost of incidents skyrocketing, what investment opportunities are available for those looking to capitalize on this critical and growing market?
Market research paints a compelling picture. MarketsAndMarkets projects the size of the global cybersecurity market will reach US$298.5 billion by 2028, rising at a compound annual growth rate (CAGR) of 9.4 percent from 2022. Grand View Research sets the bar even higher, projecting a market value of US$500.7 billion by 2030. Both firms highlight emerging opportunities in the areas of artificial intelligence (AI) and machine learning for threat detection and response.
North America, which is currently dominating the cybersecurity market, is poised for continued growth. In the US, Statista projects revenue growth at a CAGR of 7.12 percent between 2025 and 2029.
Meanwhile, Mordor Intelligence estimates Canada’s cybersecurity sector will reach US$24.23 billion by 2030.
AI a double-edged sword for cybersecurity
AI advancements are changing the threat landscape, requiring AI-powered cybersecurity solutions. While AI offers powerful tools to combat cybercrime, it also empowers malicious actors with new and sophisticated methods of attack.
The IBM report highlights a concerning trend: personally identifiable information from customers remains the most common target for cybercriminals. AI amplifies the potential damage that can be caused by personally identifiable information breaches, as attackers now have more tools to leverage this information.
The report also notes that, despite the benefits of AI and automation in reducing breach costs, only 12 percent of organizations say they have fully recovered from a data breach. Experts see AI-powered attacks — along with ransomware, supply chain attacks, deepfakes and cloud jacking — as major cybersecurity threats in the coming years.
The weaponization of AI, such as the use of deepfakes and AI-replicated voices, also poses a growing threat, as Mark Fernandes, global chief information security officer at CAE, emphasized at the Toronto Global Forum. This trend is substantiated in a Financial Times article that examines AI-generated phishing attempts targeting corporate executives.
Additionally, IBM found that shadow data, which is unmanaged data within organizations, was involved in 35 percent of breaches and led to higher costs and longer breach lifecycles. A multi-layered approach combining various technologies and strong data governance practices is crucial for effectively managing shadow data risks.
Modern cybersecurity programs leverage a combination of AI-powered solutions.
AI-driven attack surface management provides continuous visibility into potential vulnerabilities, while AI-powered security information and event management (SIEM) automates threat detection. AI also enhances posture management by enabling automated red-teaming exercises to proactively identify weaknesses.
Palo Alto Networks (NASDAQ:PANW), for example, offers a platform approach with Prisma Cloud, integrating AI across various security domains, including network security, cloud security and security operations. The company projects its security offerings will lead to continued growth in the second quarter of 2025 after expanding its offerings to the industrial sector and acquiring a cloud-based version of IBM’s AI-enabled QRadar SIEM.
For its part, CrowdStrike Holdings (NASDAQ:CRWD) progressively incorporated AI into its SIEM offerings in 2024.
The firm unveiled new AI-powered functions for its Falcon Next-Gen SIEM platform in May 2024, and then upgraded the model in July by integrating generative AI with its Falcon Complete Next-Gen MDR service, which co-monitors the IT environment with data collected by its SIEM system. Despite experiencing a major outage in July caused by a faulty update to the Falcon sensor software, CrowdStrike was named a leader and outperformer in the 2024 GigaOm Radar Report for Ransomware Prevention, with multiple research firms also recognizing it as an innovator in this sector.
In addition, AI can now simulate attacks to identify vulnerabilities. In May 2024, IBM announced new X-Force Red testing services that use generative AI techniques to identify and mitigate vulnerabilities.
AI-driven automation that continuously analyzes security posture and recommends improvements helps ensure optimized defenses. However, organizations must extend their security posture management to encompass the AI models themselves. In AI-powered applications, a rising security risk is prompt injection attacks, where attackers insert malicious instructions to control AI models. Recognizing this need, Cisco Systems (NASDAQ:CSCO) moved to buy Robust Intelligence, a company specializing in protecting AI systems, in September 2024.
According to a press release announcing the deal, the purchase will “serve as a safety layer for Cisco Security Cloud, providing AI applications and models with default protection.”
The power of blockchain in cybersecurity
Blockchain offers unique capabilities for securing data, building trust and enhancing resilience through its secure and immutable record of transactions. Each block in the chain contains transaction data and a unique hash, relying heavily on cryptography to ensure data integrity and prevent tampering. This is particularly crucial in the realm of cryptocurrencies, where encryption prevents double spending and secures the transfer of funds.
This gives blockchain technology major applications in securing digital identities, transactions and supply chains. Recognizing its potential, tech companies are investing in blockchain cybersecurity.
Major tech firms Microsoft (NASDAQ:MSFT), Amazon (NASDAQ:AMZN), Oracle (NYSE:ORCL) and IBM are all making significant contributions to the field of blockchain cybersecurity.
Microsoft’s Azure Confidential Ledger provides a highly secure environment for storing sensitive data, while Amazon, IBM and Oracle all offer enterprise-grade blockchain platforms and services to facilitate the development of secure applications for various use cases, including supply chain management and data sharing.
Companies like privately-held Guardtime are developing solutions to address existing challenges to implementing blockchain with cybersecurity, such as scalability issues faced by traditional blockchains like Bitcoin.
Guardtime’s Keyless Signature Infrastructure (KSI) is based on a special kind of Merkle tree — a data structure that allows for efficient verification of data integrity without needing to download the entire blockchain — called a hash calendar, which only records the hashes of data at specific time intervals.
In addition to drastically reducing storage needs, KSI doesn't rely on a proof-of-work consensus mechanism, eliminating the need for energy-intensive computations without compromising the speed of transaction processing.
The quantum leap in cybersecurity
Quantum computing, an emerging technology, utilizes the principles of quantum mechanics to perform calculations beyond the capabilities of traditional computers.
Quantum computing is based on qubits, which can exist in a state of superposition (being in multiple states at once until measured), unlike classical bits, which can be expressed as either 0 or 1. This allows quantum computers to process more data in less time than it would take traditional computers, giving them the potential to revolutionize cryptography.
Although NVIDIA (NASDAQ:NVDA) CEO Jensen Huang has suggested that “very useful quantum computers” are likely still 20 years away, quantum computing poses both risks and opportunities for cybersecurity.
Dr. Michele Mosca from the University of Waterloo's Institute for Quantum Computing argues that while quantum computing may initially appear to threaten cybersecurity by potentially breaking current encryption, it also presents an opportunity to establish stronger and more resilient security foundations for the digital economy.
Google (NASDAQ:GOOGL), a leader in quantum computing research since 2014, and the first to claim quantum supremacy in 2019, achieved a breakthrough with its Willow quantum processor at the end of 2024, when it demonstrated significantly improved error correction and scalability in quantum computing.
This brought the possibility of potentially breaking current encryption methods closer to reality, and underscored the urgency of developing and implementing quantum-resistant solutions.
While established players such as IBM continue to advance quantum computing with platforms like Qiskit, new entrants like Quantinuum, backed by investors including JPMorgan Chase (NYSE:JPM), are emerging to build quantum computers and develop applications for them. Other companies, such as PQShield, ISARA and SandboxAQ, are developing post-quantum cryptography solutions using mathematical algorithms that are believed to be resistant to attacks from both classical and quantum computers. SandboxAQ, which began as a team within Google, held its latest US$300 million funding round in December, bringing its valuation to US$5.3 billion.
Investor takeaway
The cybersecurity market is a compelling area to watch in 2025. Investors should focus on companies that are adapting to emerging trends, driving innovation and fostering collaboration to protect the future of the digital landscape.
Don’t forget to follow us @INN_Technology or real time updates!
Securities Disclosure: I, Meagen Seatter, hold no direct investment interest in any company mentioned in this article.
