Thematic Take

Cyrus Mewawalla, Head of Thematic Intelligence, GlobalData

Foreword: Cybersecurity in the age of AI

At GlobalData, we define a theme as any issue that keeps a business leader awake at night. Companies are impacted by multiple themes that frequently conflict with one another. What is needed is an effective methodology that reflects, understands, and reconciles these conflicts.

Our thematic research ecosystem is a single, integrated global research platform that provides an easy-to-use framework for tracking all themes across all companies in all sectors. Viewing the world’s data by themes makes it easier to make critical decisions. Companies that invest in the right themes become success stories. Those that miss the essential themes in their industry end up as failures.

The cybersecurity industry faces a challenge that is anything but business as usual. The prospect of offensive attacks using artificial intelligence (AI) is prompting increases in cybersecurity budgets as organizations try to understand the impact of generative AI on their security. Hacking groups will likely use large language models (LLMs) trained on malware to target their attacks more effectively. AI is already used for threat detection, and its greater adoption will help offset attacks. However, learning how to counter AI-led attacks will take time, and cybersecurity vendors and users will face a bumpy ride for the next two to three years.

Cybersecurity budgets will grow in step with IT budgets in 2024 as organizations come to terms with AI's impact on their operations. PwC’s 2024 Global Digital Trust Insights report states that cyber investments will take 14% of the total IT, operational technology (OT), and automation budget in 2024, up from 11% in 2023.

Overall, GlobalData forecasts that the cybersecurity market will be worth $290 billion by 2027, growing at a compound annual growth rate of 13% between 2022 and 2027. Managed security services, application security, and identity and access management will be high-growth areas.

09/18/2024 15:56:12

Theme briefing

Navigating the AI-driven cybersecurity landscape

Credit: Bert van Dijk/Getty images.

The cybersecurity industry is at a critical juncture as the integration of artificial intelligence (AI) in both defensive and offensive cyber strategies becomes more prevalent.

AI presents both opportunities and challenges for cybersecurity. On one hand, it enhances threat detection and response capabilities, enabling organizations to better protect their assets. On the other hand, cyber attackers are increasingly using AI, particularly large language models (LLMs) trained on malware, to conduct more targeted and effective attacks. As a result, cybersecurity vendors and users are bracing for a turbulent period over the next two to three years as they adapt to this new reality.

As companies grapple with the implications of AI on their security frameworks, cybersecurity budgets are set to expand considerably. According to PwC's 2024 Global Digital Trust Insights report, cybersecurity investments will constitute 14% of the total IT operational technology and automation budget in 2024, up from 11% in 2023. This uptick reflects the urgent need to defend against increasingly sophisticated cyber threats.

The cybersecurity market: industry insight and forecast by GlobalData.

Market size and growth forecasts

GlobalData forecasts that the cybersecurity market will reach $290 billion by 2027, growing at a compound annual growth rate (CAGR) of 13% between 2022 and 2027. Software-based cybersecurity products will be the largest market segment, contributing 44% of total revenue in 2027, with services accounting for 37%.

Managed security services – those outsourced to an external vendor or supplier – will be the largest single sub-segment within the cybersecurity market in 2027, as cybersecurity skill gaps drive a trend towards outsourcing security services. Revenues will increase by a CAGR of 13.5% between 2022 and 2027, reaching $107 billion in 2027.

The next largest segment is identity and access management (IAM) products, which are used to restrict end users from unauthorized access and monitor their behavior in a network. Revenues will rise by a CAGR of 13.7% between 2022 and 2027, reaching $28.9 billion in 2027.

IAM is one of the most important preventative security measures because of the rise in cloud computing and the increase in distributed workforces. According to Verizon’s 2023 Data Breach Investigations Report, 74% of all breaches include the human element, with people involved either via error, privilege misuse, use of stolen credentials, or social engineering.

M&A and investment trends in cybersecurity

The cybersecurity sector remains a focal point for mergers and acquisitions (M&A), driven by the relentless need for security companies to enhance their offerings amid constant cyber threats. This urgency is fueled by attacks on corporate clients, critical national infrastructure, and the security vendors themselves.

The sector saw robust M&A activity with 422 deals in 2021, a slight dip to 371 deals in 2022, and a rebound to 445 deals in 2023. Cisco’s $28 billion acquisition of Splunk marks a pivotal moment for AI-driven cybersecurity M&A. This deal is expected to catalyze further consolidation in the industry as larger companies seek to acquire startups and emerging firms to bolster their AI capabilities.

Key acquisitions in 2023 also highlighted a focus on cloud security, network security, and identity management, with CrowdStrike, HPE, and Delinea making significant moves. Looking ahead, the M&A focus is expected to shift towards companies with AI capabilities, reflecting the growing importance of AI in cybersecurity solutions.

Private equity firms are playing a dominant role in the cybersecurity landscape. Thoma Bravo's $2.3 billion acquisition of ForgeRock in August 2023 exemplifies this trend, despite facing scrutiny from the US Justice Department over competition concerns in identity access management. Thoma Bravo's cybersecurity portfolio, valued at approximately $45 billion as of December 2023, underscores the significant investments private equity firms are making in this sector. Other prominent investors include Insight Partners, TA Associates, Francisco Partners, and Advent International.

The surge in M&A activity will likely attract the attention of regulators, especially as a few private equity players continue to dominate the cybersecurity market. Ensuring competition and innovation within the industry will be critical as these acquisitions proceed.

Venture financing, essential for the growth of new cybersecurity firms, saw a decline in 2023. There were 431 venture capital (VC) deals, down from 680 in 2022 and 708 in 2021, per GlobalData. Despite the drop, notable successes like Splunk, founded in 2003 and backed by venture firms, highlight the critical role of VC in nurturing cybersecurity innovations. In 2023, there were 431 venture capital (VC) deals involving cybersecurity companies, a considerable fall from 2022, when there were 680 VC deals, and an even bigger decline from 2021, when there were 708 VC deals, according to GlobalData.

Key players in the cybersecurity landscape

Cybersecurity providers offer a range of products and services to secure client systems, from chip-based security and identity management to managed security services and risk compliance.

The cybersecurity ecosystem comprises various players specializing in different areas. Notable leaders and challengers across pivotal areas include:

In Identity Management, leaders like Okta, Thales, and Microsoft, with challengers such as Duo Security and Ping Identity.
In Network Security: leaders such as Fortinet and Palo Alto Networks, with challengers like Appgate and IBM.
In Cloud Security, leaders including Microsoft and Zscaler, with challengers like IBM and Skyhigh Security.

Geopolitical factors impacting the cybersecurity space

Geopolitical tensions are significantly shaping the cybersecurity landscape, with ongoing conflicts in regions like Ukraine and the Middle East providing fertile ground for cyber attackers. State-sponsored actors and independent groups are leveraging these instabilities to launch sophisticated cyberattacks, particularly targeting critical infrastructure such as power grids and communication networks. These attacks have caused widespread disruptions, underscoring the need for robust cybersecurity measures.

In 2024, national elections in at least 64 countries, including the United States, the United Kingdom, Russia, and India, present significant opportunities for cyber attackers to influence outcomes and create discord. Cyber threats during these periods range from disinformation campaigns to direct attacks on election infrastructure, undermining electoral integrity and public trust in democratic institutions. This heightened risk necessitates comprehensive security protocols to protect electoral systems.

Nation-state actors increasingly use cyber operations for geopolitical objectives, extending beyond espionage to sabotage, intellectual property theft, and public opinion manipulation. These sophisticated operations require a coordinated response from national governments and the private sector to effectively defend against the complex and multifaceted nature of cyber threats.

GlobalData, the leading provider of industry intelligence, provided the underlying data, research, and analysis used to produce this article.

GlobalData’s Thematic Intelligence uses proprietary data, research, and analysis to provide a forward-looking perspective on the key themes that will shape the future of the world’s largest industries and the organisations within them.

09/18/2024 15:56:12

Theme briefing

Key trends impacting cybersecurity

Credit: Bert van Dijk/Getty images.

In today's fast-paced digital world, staying ahead of cybersecurity threats is critical for businesses. Here we summarise some of the technology, macroeconomic, and regulatory trends shaping the cybersecurity industry. For a more in-depth analysis of all trends relevant to the cybersecurity landscape, download GlobalData’s latest cybersecurity report.

Technology trends impacting cybersecurity

AI as a threat and a solution

Artificial intelligence (AI) is revolutionizing cybersecurity, offering significant benefits and challenges. While AI enhances threat detection, hunting, and incident response, it also empowers cybercriminals. Generative AI, for instance, can refine phishing attacks by eliminating typical indicators like poor grammar, making them harder to detect.

Organizations now face AI-powered cyberattacks that adapt and exploit specific vulnerabilities. Cybercriminals may use large language models (LLMs) trained on malware to craft sophisticated attacks. Key risks include prompt injection, where attackers manipulate AI applications into unauthorized actions, and insecure output handling, allowing malicious instructions if outputs aren't properly validated.

Despite these threats, AI provides substantial defensive benefits. It enables deeper network insights and faster threat identification. A 2023 IBM report revealed that organizations using AI and automation could identify and contain breaches 108 days quicker than those without these technologies. AI applications in cybersecurity include biometric authentication, threat detection, and incident response. For example, CrowdStrike's Falcon uses AI to detect anomalies like unusual traffic patterns and unauthorized data access.

The AI-driven security landscape is transforming cybersecurity roles. A February 2024 survey by the International Information System Security Certification Consortium (ISC2) found that 88% of professionals expect AI to impact their jobs significantly. However, 82% foresee increased efficiency, and 56% believe AI will handle routine tasks, allowing them to focus on higher-value activities.

Ransomware attacks are on the rise

The evolving ransomware threat continues to challenge businesses globally with its increasing sophistication and frequency. 2023 was notable for relentless cyberattacks. Some criminals started copying and stealing data, demanding ransom for not publicizing it, and selling it on the dark web.

Check Point reports that one in every 10 organizations worldwide faced attempted ransomware attacks in 2023, a 33% increase from 2022. Organizations globally experienced over 60,000 attacks on average, equating to 1,158 attacks per organization per week. High-profile victims included MGM Resorts, Boeing, and the UK’s Royal Mail.

Ransomware payments in 2023 surpassed $1 billion, marking a record high, excluding the economic impact of productivity loss and repair costs. The ransomware industry attracted numerous new players, with Recorded Future identifying 538 new ransomware variants in 2023. The trend of "big game hunting" became dominant, focusing on fewer attacks but demanding larger ransoms, with payments increasingly involving sums of $1 million or more.

Leading anti-ransomware companies include Gen Digital (Avast and Norton), Bitdefender, Check Point Software, CrowdStrike, Illumio, and Sophos.

Supply chain attacks

Cyberattacks targeting software supply chains are increasingly prevalent and highly disruptive. These attacks can cripple an entire supply chain, causing massive business interruptions.

According to IBM’s 2023 Cost of a Data Breach report, it takes an average of 233 days to identify and 74 days to contain such breaches, totaling 307 days. This is 37 days longer than other types of data breaches. In 2023, 15% of organizations reported supply chain compromises as the source of data breaches.

Supply chain attacks gained prominence in 2020 with the SolarWinds hack, where Russian hackers inserted malicious code into the company's software, affecting thousands of organizations, including the US government.

The UK government's Cyber Security Breaches Survey 2023 indicates that most large businesses now review their supply chain risks, with 55% of large businesses assessing immediate supplier risks, up from 44% in 2022.

A significant 2023 attack involved MOVEit, a managed file transfer software. Exploiting SQL injection vulnerabilities, attackers manipulated data, disclosed sensitive information, gained administrative privileges, exfiltrated files, and deployed ransomware. This attack impacted organizations such as the BBC, Zellis, and Norton, underscoring the critical need for robust supply chain security measures.

Cloud-based security

The COVID-19 pandemic accelerated cloud adoption as companies transitioned to remote work, increasing their exposure to cyber threats. Misconfigured security settings in cloud environments have become a significant issue, making it easier for attackers to steal data.

A 2023 Thales study highlights that businesses face numerous challenges due to a cloud-first, multicloud approach, with 79% of respondents using more than one cloud provider. Each additional provider introduces new security controls and data protection models, complicating the security landscape.

The survey found that 38% of respondents identified software as a service (SaaS) applications as the primary target for cyberattacks, followed by cloud storage at 36%. Nearly half (46%) reported experiencing a data breach in their cloud environments, underscoring the risk associated with cloud data exposure. As cyber threats evolve, organizations must enhance their security measures to protect cloud-based resources.

Leading players in cloud security include Amazon, Broadcom, CrowdStrike, Microsoft, Alphabet, Netskope, Palo Alto Networks, and Zscaler.

Chip-based security

The evolution of chip-based security is becoming essential as more chips are integrated into mission-critical servers and safety-critical applications. The increasing trend of systems vendors and original equipment manufacturers (OEMs) designing their own chips has shifted the focus of security requirements to a more internalized concern.

The 2017 discovery of high-profile security vulnerabilities like Meltdown and Spectre forced chip vendors to patch security holes with software, resulting in reduced performance improvements for upgraded servers. Consequently, vendors began developing custom chip architectures to achieve better performance and power gains while maintaining control over chip security.

The economic landscape of hardware attacks has changed, making hacking tools accessible to ordinary criminals. As computing becomes more pervasive and connected, the attack surface expands, increasing the likelihood of hardware attacks. The OpenTitan coalition's February 2024 announcement of the first commercial silicon chip with open-source built-in hardware security exemplifies this trend. OpenTitan provides an on-chip source of cryptographic keys that are inaccessible remotely, ensuring tamper-free security infrastructure.

Macroeconomic trends impacting cybersecurity

The Ukraine conflict

Since the annexation of Crimea in 2014, Russia has employed cyberattack tactics against Ukraine, with notable incidents like the 2015 attack on the Ukrainian power grid and the 2017 NotPetya ransomware attack. The full-scale Russian invasion of Ukraine in February 2022 escalated the frequency of cyberattacks on Ukraine, with Russian-affiliated groups targeting critical infrastructure and communication systems. High-impact attacks, such as the December 2023 assault on Kyivstar, Ukraine's largest mobile network operator, highlight the severe disruptions caused by cyber warfare.

State-sponsored attacks

The frequency of state-sponsored cyberattacks is expected to rise in 2024, driven by numerous national elections worldwide. These events often catalyze targeted cyberattacks aimed at disrupting electoral campaigns or the voting process. The US and UK are among the countries facing significant cyber threats during their elections. Previous instances, such as the unsuccessful cyberattacks during Estonia's 2023 parliamentary elections and the disruptions during the US midterm elections in 2022, underscore the growing threat of state-sponsored cyber activities.

Cybersecurity skills shortages

The global cybersecurity workforce gap reached a record four million people in 2023, despite a 9% increase in the workforce to 5.5 million. The demand for cybersecurity talent continues to outpace supply, driven by the increasing complexity of technology and the relentless task of securing systems, networks, and data against cyberattacks. The rise of AI-based attacks further exacerbates the need for skilled cybersecurity professionals.

Regulatory trends impacting cybersecurity

Ransomware regulations

Ransomware attacks pose a significant threat to businesses, often resulting in substantial financial losses. Involving law enforcement in ransomware incidents can reduce the total cost of breaches. According to IBM's 2023 report, organizations that involved law enforcement experienced lower breach costs compared to those that did not. Although paying a ransom is not illegal in many jurisdictions, organizations are advised against it due to the minimal cost savings and potential legal consequences if payments are made to sanctioned entities.

EU cybersecurity legislation

The EU's NIS2 directive, adopted in November 2022, sets stricter cybersecurity obligations for member states, including risk management, reporting, and information sharing. EU countries have until October 2024 to transpose the directive into national law. The directive aims to harmonize cybersecurity measures across the EU, enhance cooperation, and establish a European vulnerability database. Additionally, the European Commission plans to adopt regulations for a European cybersecurity certification scheme (ECCS) in 2024, covering a wide range of IT products and setting high standards for security components.

GlobalData, the leading provider of industry intelligence, provided the underlying data, research, and analysis used to produce this article.

09/18/2024 15:56:12