Cybersecurity Outlook Report for Investors

Cybersecurity Market Forecast: Top Trends for Cybersecurity in 2025

Cybersecurity is becoming increasingly important in today’s ultra-connected world. Find out what insiders are saying about the cybersecurity forecast for 2025.

In today’s digital world, cybersecurity is not just important — it’s essential.

An alarming rise in cyberattacks is fueling demand for cybersecurity solutions; 2024 brought data breaches targeting large corporations such as AT&T (NYSE:T), Fidelity, Dell (NYSE:DELL) and Snowflake (NYSE:SNOW), and in January 2025, the US accused China of hacking into the Office of Foreign Assets Control and the Department of the Treasury.

Not only is the frequency of cyberattacks growing, but they are also costing companies more. In 2023, IBM (NYSE:IBM) found that during the previous year the average data breach cost was US$4.45 million.

A 2024 IBM report reveals that the price of a data breach had risen to US$4.88 million between March 2023 and February 2024, primarily due to business disruptions and post-breach recovery efforts.

With cyber threats becoming increasingly sophisticated and the cost of incidents skyrocketing, what investment opportunities are available for those looking to capitalize on this critical and growing market?

Market research paints a compelling picture. MarketsAndMarkets projects the size of the global cybersecurity market will reach US$298.5 billion by 2028, rising at a compound annual growth rate (CAGR) of 9.4 percent from 2022. Grand View Research sets the bar even higher, projecting a market value of US$500.7 billion by 2030. Both firms highlight emerging opportunities in the areas of artificial intelligence (AI) and machine learning for threat detection and response.

North America, which is currently dominating the cybersecurity market, is poised for continued growth. In the US, Statista projects revenue growth at a CAGR of 7.12 percent between 2025 and 2029.

Meanwhile, Mordor Intelligence estimates Canada’s cybersecurity sector will reach US$24.23 billion by 2030.

AI a double-edged sword for cybersecurity

AI advancements are changing the threat landscape, requiring AI-powered cybersecurity solutions. While AI offers powerful tools to combat cybercrime, it also empowers malicious actors with new and sophisticated methods of attack.

The IBM report highlights a concerning trend: personally identifiable information from customers remains the most common target for cybercriminals. AI amplifies the potential damage that can be caused by personally identifiable information breaches, as attackers now have more tools to leverage this information.

The report also notes that, despite the benefits of AI and automation in reducing breach costs, only 12 percent of organizations say they have fully recovered from a data breach. Experts see AI-powered attacks — along with ransomware, supply chain attacks, deepfakes and cloud jacking — as major cybersecurity threats in the coming years.

The weaponization of AI, such as the use of deepfakes and AI-replicated voices, also poses a growing threat, as Mark Fernandes, global chief information security officer at CAE, emphasized at the Toronto Global Forum. This trend is substantiated in a Financial Times article that examines AI-generated phishing attempts targeting corporate executives.

Additionally, IBM found that shadow data, which is unmanaged data within organizations, was involved in 35 percent of breaches and led to higher costs and longer breach lifecycles. A multi-layered approach combining various technologies and strong data governance practices is crucial for effectively managing shadow data risks.

Modern cybersecurity programs leverage a combination of AI-powered solutions.

AI-driven attack surface management provides continuous visibility into potential vulnerabilities, while AI-powered security information and event management (SIEM) automates threat detection. AI also enhances posture management by enabling automated red-teaming exercises to proactively identify weaknesses.

Palo Alto Networks (NASDAQ:PANW), for example, offers a platform approach with Prisma Cloud, integrating AI across various security domains, including network security, cloud security and security operations. The company projects its security offerings will lead to continued growth in the second quarter of 2025 after expanding its offerings to the industrial sector and acquiring a cloud-based version of IBM’s AI-enabled QRadar SIEM.

For its part, CrowdStrike Holdings (NASDAQ:CRWD) progressively incorporated AI into its SIEM offerings in 2024.

The firm unveiled new AI-powered functions for its Falcon Next-Gen SIEM platform in May 2024, and then upgraded the model in July by integrating generative AI with its Falcon Complete Next-Gen MDR service, which co-monitors the IT environment with data collected by its SIEM system. Despite experiencing a major outage in July caused by a faulty update to the Falcon sensor software, CrowdStrike was named a leader and outperformer in the 2024 GigaOm Radar Report for Ransomware Prevention, with multiple research firms also recognizing it as an innovator in this sector.

In addition, AI can now simulate attacks to identify vulnerabilities. In May 2024, IBM announced new X-Force Red testing services that use generative AI techniques to identify and mitigate vulnerabilities.

AI-driven automation that continuously analyzes security posture and recommends improvements helps ensure optimized defenses. However, organizations must extend their security posture management to encompass the AI models themselves. In AI-powered applications, a rising security risk is prompt injection attacks, where attackers insert malicious instructions to control AI models. Recognizing this need, Cisco Systems (NASDAQ:CSCO) moved to buy Robust Intelligence, a company specializing in protecting AI systems, in September 2024.

According to a press release announcing the deal, the purchase will “serve as a safety layer for Cisco Security Cloud, providing AI applications and models with default protection.”

The power of blockchain in cybersecurity

Blockchain offers unique capabilities for securing data, building trust and enhancing resilience through its secure and immutable record of transactions. Each block in the chain contains transaction data and a unique hash, relying heavily on cryptography to ensure data integrity and prevent tampering. This is particularly crucial in the realm of cryptocurrencies, where encryption prevents double spending and secures the transfer of funds.

This gives blockchain technology major applications in securing digital identities, transactions and supply chains. Recognizing its potential, tech companies are investing in blockchain cybersecurity.

Major tech firms Microsoft (NASDAQ:MSFT), Amazon (NASDAQ:AMZN), Oracle (NYSE:ORCL) and IBM are all making significant contributions to the field of blockchain cybersecurity.

Microsoft’s Azure Confidential Ledger provides a highly secure environment for storing sensitive data, while Amazon, IBM and Oracle all offer enterprise-grade blockchain platforms and services to facilitate the development of secure applications for various use cases, including supply chain management and data sharing.

Companies like privately-held Guardtime are developing solutions to address existing challenges to implementing blockchain with cybersecurity, such as scalability issues faced by traditional blockchains like Bitcoin.

Guardtime’s Keyless Signature Infrastructure (KSI) is based on a special kind of Merkle tree — a data structure that allows for efficient verification of data integrity without needing to download the entire blockchain — called a hash calendar, which only records the hashes of data at specific time intervals.

In addition to drastically reducing storage needs, KSI doesn’t rely on a proof-of-work consensus mechanism, eliminating the need for energy-intensive computations without compromising the speed of transaction processing.

The quantum leap in cybersecurity

Quantum computing, an emerging technology, utilizes the principles of quantum mechanics to perform calculations beyond the capabilities of traditional computers.

Quantum computing is based on qubits, which can exist in a state of superposition (being in multiple states at once until measured), unlike classical bits, which can be expressed as either 0 or 1. This allows quantum computers to process more data in less time than it would take traditional computers, giving them the potential to revolutionize cryptography.

Although NVIDIA (NASDAQ:NVDA) CEO Jensen Huang has suggested that “very useful quantum computers” are likely still 20 years away, quantum computing poses both risks and opportunities for cybersecurity.

Dr. Michele Mosca from the University of Waterloo’s Institute for Quantum Computing argues that while quantum computing may initially appear to threaten cybersecurity by potentially breaking current encryption, it also presents an opportunity to establish stronger and more resilient security foundations for the digital economy.

Google (NASDAQ:GOOGL), a leader in quantum computing research since 2014, and the first to claim quantum supremacy in 2019, achieved a breakthrough with its Willow quantum processor at the end of 2024, when it demonstrated significantly improved error correction and scalability in quantum computing.

This brought the possibility of potentially breaking current encryption methods closer to reality, and underscored the urgency of developing and implementing quantum-resistant solutions.

While established players such as IBM continue to advance quantum computing with platforms like Qiskit, new entrants like Quantinuum, backed by investors including JPMorgan Chase (NYSE:JPM), are emerging to build quantum computers and develop applications for them. Other companies, such as PQShield, ISARA and SandboxAQ, are developing post-quantum cryptography solutions using mathematical algorithms that are believed to be resistant to attacks from both classical and quantum computers. SandboxAQ, which began as a team within Google, held its latest US$300 million funding round in December, bringing its valuation to US$5.3 billion.

Investor takeaway

The cybersecurity market is a compelling area to watch in 2025. Investors should focus on companies that are adapting to emerging trends, driving innovation and fostering collaboration to protect the future of the digital landscape.

Don’t forget to follow us @INN_Technology or real time updates!

Securities Disclosure: I, Meagen Seatter, hold no direct investment interest in any company mentioned in this article.

Cybersecurity Stocks: 10 Biggest Companies in 2025

We profile the 10 largest publicly traded cybersecurity companies by market cap, including Microsoft, Broadcom, Cisco Systems and IBM.

Cybercrime is a growing concern, and it’s estimated that the annual cost of fighting cyber crime will reach US$10.5 trillion by 2025. Cybersecurity companies are working to address the challenge.

As investor interest in this potentially lucrative sector increases, the Investing News Network (INN) is profiling the top 10 biggest cybersecurity companies by market cap from eSecurity Planet’s list of the top cybersecurity companies to watch.

The list from eSecurity Planet features 20 privately held and publicly traded cybersecurity companies across a range of stock exchanges. The firm employed criteria such as user reviews, product features and benefits, analyst reports, independent security tests and use cases to evaluate companies in the cybersecurity sector.

The largest cybersecurity companies by market cap shown below are all listed on the NASDAQ and NYSE. Stock data was current as of market close on January 9, 2025.

1. Microsoft (NASDAQ:MSFT)

Company Profile

Market cap: US$3.16 trillion
Share price: US$424.56

The largest cybersecurity company by market cap is Microsoft. The tech giant is a major player in the cloud security market, which includes cloud native application protection platform (CNAPP) products and services. In fact, Microsoft is the largest CNAPP solution provider, according to KeyBanc Capital.

Prominent cybersecurity firm Security Risk Advisors recently became a member of the Microsoft Intelligent Security Association.

2. Broadcom (NASDAQ:AVGO)

Company Profile

Market cap: US$3.16 trillion
Share price: US$424.56

Global technology firm Broadcom has built a large portfolio of embedded and mainframe security solutions, as well as payment authentication software.

The company broadened its offerings with the Symantec Enterprise Cloud in November 2019 with the acquisition of the enterprise software division of Symantec, which has since changed its name to Gen Digital (NASDAQ:GEN). Broadcom’s Symantec offerings include secure access service edge technologies and zero-trust security.

3. Cisco Systems (NASDAQ:CSCO)

Company Profile

Market cap: US$235.78 billion
Share price: US$59.20

For a number of years now, Cisco Systems has increasingly invested in boosting its cybersecurity services. Today, the company offers an array of products for cloud security, endpoint security and security analytics. To address the cybersecurity skills shortage, Cisco offers certification programs for IT professionals.

In response to rising security risks in AI-powered applications, Cisco acquired Robust Intelligence, a company specializing in protecting AI systems from vulnerabilities and attacks, in September 2024.

4. IBM (NYSE:IBM)

Company Profile

Market cap: US$206.36 billion
Share price: US$223.18

IBM’s security division offers customers an advanced and integrated portfolio of enterprise security products and services. IBM X-Force helps businesses and organizations integrate security solutions into their everyday functions and provides help with risk assessment, incident detection and threat response. The company is harnessing the power of AI to combat cybersecurity threats.

In May 2024, IBM announced new X-Force Red testing services that focus on identifying and mitigating vulnerabilities in generative AI applications and models. Like Cisco, IBM also offers cybersecurity certification programs.

5. Palo Alto Networks (NASDAQ:PANW)

Company Profile

Market cap: US$113.41 billion
Share price: US$172.83

Palo Alto Networks bills itself as “the global cybersecurity leader.” The company’s security portfolio includes advanced firewalls and cloud-based offerings that protect more than 80,000 organizations across their clouds, networks and mobile devices.

An example of its more recently launched offerings include Prisma Cloud, which integrates AI across various security domains, including network security, cloud security and security operations. In October 2024, Palo Alto expanded its offerings to the industrial sector.

6. CrowdStrike Holdings (NASDAQ:CRWD)

Company Profile

Market cap: US$88.36 billion
Share price: US$358.72

CrowdStrike Holdings is a software-as-a-service solutions provider. This team of cybersecurity professionals uses advanced endpoint detection and response applications and techniques in its machine-learning-powered antivirus protection offerings to ensure breaches are stopped before they occur.

This is another major cybersecurity company that is incorporating AI, adding it to its security information and event management (SIEM) offerings.

Its new AI-powered functions for its Falcon Next-Gen SIEM platform were first released in May 2024, including the integration of its Charlotte AI. Then, in July, CrowdStrike announced its Falcon Complete Next-Gen MDR service, which incorporates data from its SIEM platform and AI capabilities.

7. Fortinet (NASDAQ:FTNT)

Company Profile

Market cap: US$73.61 billion
Share price: US$96.04

Fortinet provides end-to-end cybersecurity infrastructure products and services, such as firewalls, antivirus tools, intrusion prevention and endpoint security. The company’s cybersecurity platform can address critical security challenges and can protect data across digital infrastructure systems, whether in networked, application, multi-cloud or edge environments. Fortinet’s client base includes major sports teams, including the Vancouver Canucks NHL hockey team and the Pittsburgh Steelers NFL football team.

8. Zscaler (NASDAQ:ZS)

Company Profile

Market cap: US$28.74 billion
Share price: US$187.78

Cloud security company Zscaler’s Zero Trust Exchange platform can be used to secure user-to-app, app-to-app and machine-to-machine communications over any network. The company also offers cloud migrating services. Zscaler is known for setting the standard in the field of security service edge, and it claims the Zero Trust Exchange is the world’s most-used security service edge platform.

In December 2024, the company expanded its partnership with IT services and consulting company Cognizant (NASDAQ:CTSH) as the pair work together to help enterprises address cyber threats by providing an advanced, AI-enabled zero trust cloud security platform.

9. Check Point Software (NASDAQ:CHKP)

Company Profile

Market cap: US$20.15 billion
Share price: US$183.19

Check Point Software is part of the unified threat management sector, and it offers a wide variety of products to protect users on mobile, networks and the cloud. It also provides users with various security management services to prevent future cyber attacks and data breaches.

Check Point acquired Avanan, a cloud email and collaboration security company, in 2021. At the end of 2024, technological research and consulting firm Gartner recognized Check Point as a leader in the 2024 Gartner Magic Quadrant for Email Security Platforms.

10. Okta (NASDAQ:OKTA)

Company Profile

Market cap: US$14.64 billion
Share price: US$85.46

Okta is an identity and access management company that provides cloud software solutions for managing and securing user authentication, as well as building identity controls into applications, website services and devices. The company is investing in AI technologies to monitor customer signals and proactively identify potential risks.

Gartner recognized Okta as a Leader in the 2024 Gartner Magic Quadrant for Access Management for the eighth consecutive year.

This is an updated version of an article first published by the Investing News Network in 2016.

Don’t forget to follow us @INN_Technology for real-time news updates!

Securities Disclosure: I, Melissa Pistilli, hold no direct investment interest in any company mentioned in this article.

4 Biggest Cybersecurity ETFs in 2025

Explore the four largest cybersecurity ETFs that offer investors exposure to cybersecurity stocks as cyberattacks increase.

As data breaches and cyberattacks rise, cybersecurity exchange-traded funds (ETFs) are gaining traction.

The term cybersecurity originated in 1989, and today is defined as the measures taken to protect a computer or computer system against unauthorized access or cyberattack threats. These measures can include people, policies and processes.

The number of security incidents is increasing every year, as are the costs companies must pay. In fact, according to a 2024 research report from IBM (NYSE:IBM), the average cost of a single data breach event globally was US$4.48 million — up 10 percent over the previous year and the highest cost in the 19 years since the first report was issued.

These threats are unlikely to fade anytime soon. The forecast for the cybersecurity market is strong through 2030, with trends in the space including the threats posed by AI and quantum computing.

There are multiple ways to invest in the cybersecurity market, including cybersecurity ETFs, which offer a low-cost way to enter the space. ETF fees and expenses are typically lower than those associated with mutual funds or other types of actively managed financial instruments. What’s more, ETFs provide exposure to a basket of stocks, meaning investors can spread their risk around.

According to ETF.com, there are nine cybersecurity ETFs listed in the US. Here’s a closer look at the top four cybersecurity ETFs by assets under management (AUM). ETFs with assets under management above US$500 million are included in this list. All numbers and figures were current as of January 9, 2025.

1. First Trust NASDAQ Cybersecurity ETF (NASDAQ:CIBR)

Company Profile

AUM: US$7.08 billion
Expense ratio: 0.6 percent

Launched in July 2015, this ETF tracks the NASDAQ CTA Cybersecurity Index (INDEXNASDAQ:NQCYBR) and has 33 holdings. The index, which includes companies categorized by the Consumer Technology Association as cybersecurity, is largely composed of tech firms but also offers some exposure to the defense and aerospace sectors.

The First Trust NASDAQ Cybersecurity ETF’s top holdings include Broadcom (NASDAQ:AVGO) at a weight of 10.95 percent, Infosys (NYSE:INFY) at an 8.14 percent weight, CrowdStrike Holdings (NASDAQ:CRWD) at 7.98 percent and Cisco Systems (NASDAQ:CSCO) at 7.85 percent.

2. ETFMG Prime Cyber Security ETF (ARCA:HACK)

Company Profile

AUM: US$1.81 billion
Expense ratio: 0.6 percent

The oldest cybersecurity ETF on this list is the ETFMG Prime Cyber Security ETF, which began trading in November 2014 and tracks the ISE Cyber Security Index (INDEXNASDAQ:HXR). HACK is run by ETFMG, a lesser-known company among the goliath ETF managers, and it has had a 12.19 percent annualized return over the past five years.

The cybersecurity ETF has 27 holdings, and its top holdings by weight include Broadcom at 13.87 percent, Cisco Systems at 7.18 percent, CrowdStrike Holdings at 5.62 percent and Palo Alto Networks (NYSE:PANW) at 5.45 percent.

3. iShares Cybersecurity and Tech ETF (ARCA:IHAK)

Company Profile

AUM: US$921.99 million
Expense ratio: 0.47 percent

Last on this cybersecurity ETFs list is the iShares Cybersecurity and Tech ETF. Founded in June 2019, it tracks the NYSE FactSet Global Cyber Security Index (INDEXNYSEGIS:NYFSSEC), and has a focus on developed and emerging markets in the cybersecurity industry.

The iShares Cybersecurity and Tech ETF has 37 holdings, including CyberArk Software (NASDAQ:CYBR) at a weight of 4.45 percent, Accton Technology (TPE:2345) at a 4.44 percent weight, Juniper Networks (NYSE:JNPR) at 4.39 percent and Okta (NASDAQ:OKTA) at 4.17 percent.

4. GlobalX Cybersecurity ETF (NASDAQ:BUG)

Company Profile

AUM: US$786.78 million
Expense ratio: 0.51 percent

The newest ETF on this list is the GlobalX Cybersecurity ETF, which was founded in October 2019. The ETF tracks a market-cap-weighted global index of companies selected based on revenue related to cybersecurity activities, as companies must generate at least 50 percent of their revenue from cybersecurity to be included.

The ETF has 22 holdings, with the top by weight being Fortinet (NASDAQ:FTNT) at a weight of 6.92 percent, CrowdStrike at 6.87 percent, Check Point Software Technologies (NASDAQ:CHKP) at 5.95 percent and Zscaler (NASDAQ:ZS) at 5.77 percent.

This is an updated version of an article originally published by the Investing News Network in 2018.

Don’t forget to follow us @INN_Technology for real-time news updates!

Securities Disclosure: I, Lauren Kelly, hold no direct investment interest in any company mentioned in this article.