[1] https://ung.edu/continuing-education/news-and-media/cybersecurity.php
[2] https://business.bofa.com/content/dam/flagship/bank-of-america-institute/transformation/cybersecurity-landscape-impact-what-comes-next.pdf
[3] 2023 Gartner CIO and Technology Executive Survey
[4] https://blog.equinix.com/blog/2022/09/14/6-reasons-why-you-need-ai-ml-in-your-data-center/
[5] https://media.isc2.org/-/media/Project/ISC2/Main/Media/documents/research/ISC2-Cybersecurity-Workforce-Study-2022.pdf?rev=1bb9812a77c74e7c9042c3939678c196
[6] https://transformainsights.com/research/forecast/highlights
How AI will redraw the cybersecurity industry landscape
Cybersecurity is already a dynamic industry and a rich hunting ground for investors. AI should further improve its prospects.
Written by
Yves Kramer
Senior Investment Manager
If you get a badly spelt email offering you a share of a mysterious inheritance, you smell a rat. But what about an authentic-looking missive from your Human Resources department or a pleading voice note from your child? With the help of artificial intelligence (AI), cyber-attacks are set to become ever more sophisticated and harder to spot. That presents a big challenge for the cybersecurity industry – but also a big opportunity for security companies that can harness AI’s power.
Cyberattacks are already a huge problem: there is a hacker infiltration every 39 seconds, and an estimated 3.8 million records are stolen through breaches every day.1 It’s not surprising, therefore, that the cybersecurity industry is forecast to grow by nearly 14 per cent this year, according to Gartner. Yet as AI becomes more ubiquitous, we believe growth could be even faster in future.
Because it can increase the scale and severity of attacks, AI is sure to boost investment in cybersecurity across a vast swathe of industries.
The large language models (LLMs) that are powering the new forms of AI are making coding much easier which in turns means it will become easier and quicker to produce malware. Even without specialist tech skills, a would-be attacker will be able to ask AI for details of how a historical breach was carried out, and can then use the information to stage similar attacks – potentially on multiple sites simultaneously.
Well-targeted, highly personalised spear-phishing emails which deploy malware are already starting to replace clumsy generic text and PDF efforts.
Generative AI thus expands the reach of disinformation. And it makes it easier for attackers to sift through the information they manage to get, and to fill in any gaps in that data. Attackers may also be able to manipulate their victims’ AI models to their own advantage, covering their tracks or even perpetuating attacks.
This could compromise not just individuals but companies and governments. The implications stretch beyond data – with the increased use of autonomous or semi-autonomous vehicles, for example, transport safety could be at risk.
And the risks of AI don’t end with active attacks. Company executives are also worried about compliance with data privacy regulations and the intellectual property implications of content created by AI. As a result, they are prioritising investment in data security and governance solutions.2
According to Gartner, two-thirds of companies are planning to increase investment into cyber and information security this year compared to 2022, with the fear of financial loss a key motivator.3
Fig.1 - Security tech remains an investment priority for business
% of businesses surveyed intending to increase/decrease investment in technology security in 2023 vs 2022
Therein we believe lies an opportunity – both for the security industry and for investors. Cybersecurity companies that are able to embrace AI in building digital defences will have strong growth prospects over the coming years. And that’s especially the case for those prioritise investment in infrastructure – such as Equinix.
The company understands that the proliferation of connected devices and the growing use of AI is creating ever more data, all of which needs to be stored and transferred securely, which in turn demands safe infrastructure. Equinix is therefore using machine learning to improve security of its data centres by identifying any potential weaknesses and eliminating them.
That can include using machines to analyse video footage for any suspicious activity in or around the data centre, as well as to monitor how customers access their data and to flag up any anomalies.4
Another way for firms to gain competitive edge in an increasingly AI-dominated cybersecurity industry is through the development of specialist security software applications and services. This is the route favoured by firms such as the US’s Crowdstrike. The company is leveraging its extensive data and telemetry history to equip new modules on its Falcon Platform with AI capabilities. Popular with large US companies, Falcon is designed to detect cyber threats on a company’s computers at an early stage. In a similar vein, Palo Alto Networks, the largest standalone cybersecurity vendor, now offers a range of cloud- and AI-centred solutions. And there is a growing market for secure software to be used in autonomous vehicles to ensure transport security.
AI may also give rise to new sub-sectors within the cybersecurity industry. It could, for instance, create a new market for the policing of the information that AI systems generate. New methods to verify human identity will also be needed. This could open the door for innovative start-ups as well as providing growth opportunities for existing security firms. The challenge for security businesses is to build a new generation of cybersecurity tools that incorporate generative AI to enable the recognition of malware at speed and scale. Greater reliance on AI as a support in delivering cybersecurity will only gain in importance, given the skill shortage in the industry.
Fig.2 - Security spending a structural trend
Worldwide spending on security solutions, in USD billion
AI's importance to cybersecurity businesses is also growing because of a change in their commercial priorities.
In recent years, the industry has undergone a significant shift, one that has seen firms focus less on products that protect end points (desktops, laptops and mobile devices) and more on those that secure entire organisational networks and operate in the cloud.
These are areas where AI presents even greater cybersecurity risks.
As a result, companies are developing zero trust solutions that continuously verify the credentials of individuals interacting with an organisation, both internally and externally.
Overall, then, advances in AI and machine learning represent long-term trends that will boost demand for cybersecurity services among governments, companies and individuals. Because AI security solutions offer greater automation - automating many of the repetitive tasks carried out by analysis in security operations centres - they can be expected to trigger a rise in security software spending. This, in turn should also help alleviate a global cybersecurity workforce shortage, which currently stands at 3.4 million people.5
All of which will further strengthen the industry’s potential for growth: today there are some 15 billion connected devices in the world; in 10 years’ time that number is forecast to double and each one of them needs to be protected.6 Those security companies that use the latest tech advances to their advantage are likely to benefit the most.
more on artificial intelligence
There's more to tech than ChatGPT
Generative AI may have enthused investors, but it's only a subplot in the much grander story of the technology sector's transformation.
September 2023
The investment implications of AI
How generative AI has re-ignited investor enthusiasm for tech stocks.
September 2023
The rise of generative AI
Generative AI has the potential to change the way we live and work and could soon redraw the landscape for investors in technology stocks.
May 2023
Large language models and work
Large language models like ChatGPT are a new technology that will change the way that we communicate: mostly for the better.
Sep 2023
Important legal information
This marketing material is issued by Pictet Asset Management (Europe) S.A.. It is neither directed to, nor intended for distribution or use by, any person or entity who is a citizen or resident of, or domiciled or located in, any locality, state, country or jurisdiction where such distribution, publication, availability or use would be contrary to law or regulation. The latest version of the fund‘s prospectus, Pre-Contractual Template (PCT) when applicable, Key Information Document (KID), annual and semi-annual reports must be read before investing. They are available free of charge in English on www.assetmanagement.pictet or in paper copy at Pictet Asset Management (Europe) S.A., 6B, rue du Fort Niedergruenewald, L-2226 Luxembourg, or at the office of the fund local agent, distributor or centralizing agent if any.
The KID is also available in the local language of each country where the compartment is registered. The prospectus, the PCT when applicable, and the annual and semi-annual reports may also be available in other languages, please refer to the website for other available languages. Only the latest version of these documents may be relied upon as the basis for investment decisions.
The summary of investor rights (in English and in the different languages of our website) is available here and at www.assetmanagement.pictet under the heading "Resources", at the bottom of the page.
The list of countries where the fund is registered can be obtained at all times from Pictet Asset Management (Europe) S.A., which may decide to terminate the arrangements made for the marketing of the fund or compartments of the fund in any given country.
The information and data presented in this document are not to be considered as an offer or solicitation to buy, sell or subscribe to any securities or financial instruments or services.
Information, opinions and estimates contained in this document reflect a judgment at the original date of publication and are subject to change without notice. The management company has not taken any steps to ensure that the securities referred to in this document are suitable for any particular investor and this document is not to be relied upon in substitution for the exercise of independent judgment. Tax treatment depends on the individual circumstances of each investor and may be subject to change in the future. Before making any investment decision, investors are recommended to ascertain if this investment is suitable for them in light of their financial knowledge and experience, investment goals and financial situation, or to obtain specific advice from an industry professional.
The value and income of any of the securities or financial instruments mentioned in this document may fall as well as rise and, as a consequence, investors may receive back less than originally invested.
The investment guidelines are internal guidelines which are subject to change at any time and without any notice within the limits of the fund's prospectus. The mentioned financial instruments are provided for illustrative purposes only and shall not be considered as a direct offering, investment recommendation or investment advice. Reference to a specific security is not a recommendation to buy or sell that security. Effective allocations are subject to change and may have changed since the date of the marketing material.
Past performance is not a guarantee or a reliable indicator of future performance. Performance data does not include the commissions and fees charged at the time of subscribing for or redeeming shares.
Any index data referenced herein remains the property of the Data Vendor. Data Vendor Disclaimers are available on assetmanagement.pictet in the “Resources” section of the footer. This document is a marketing communication issued by Pictet Asset Management and is not in scope for any MiFID II/MiFIR requirements specifically related to investment research. This material does not contain sufficient information to support an investment decision and it should not be relied upon by you in evaluating the merits of investing in any products or services offered or distributed by Pictet Asset Management.
Pictet AM has not acquired any rights or license to reproduce the trademarks, logos or images set out in this document except that it holds the rights to use any entity of the Pictet group trademarks. For illustrative purposes only.