Cybersecurity faces transformation from generative AI – Global X ETF

We believe that cybersecurity will be an attractive topic in 2024. There are several reasons for this. First, the evolving attack landscape requires businesses to remain vigilant and increase security spending. The second is the increasing relevance of generative AI, which is a double-edged sword. Generative AI helps malicious actors discover vulnerabilities and improve attack methods, while also helping security teams build better defenses, detect threats, and manage operations more efficiently. You will be able to do it. The cybersecurity industry is on the brink of further transformation amid the proliferation of AI, which is expected to create many opportunities to gain share, including through consolidation. Cybersecurity could be attractive to investors seeking exposure to AI beyond the obvious beneficiaries.

• Despite increased investments in cybersecurity, high-profile cyberattacks continue to take a toll on organizations. The emergence of generative AI poses new threats.
• Generative AI can also help cyber experts build effective defenses. Leading cybersecurity vendors are rapidly developing AI-powered tools to augment human analysts, automate security operations, and detect anomalies.
• Despite economic headwinds, global cybersecurity spending is projected to increase by more than 14% to $215 billion in 2024 due to increasing attacks and the urgency to strengthen defenses against AI-powered threats. .¹

Even the most technologically sophisticated organizations are not immune to cyber-attacks. In 2023, Microsoft suffered a sustained state-sponsored attack by the Russian hacking organization Midnight Blizzard, which attempted to infiltrate Microsoft's source code repositories and internal systems using information gleaned from the company's email systems. Ta.² Johnson Controls, a major electrical equipment supplier, received a $51 million ransomware demand from Dark Angels who claimed access to the company's private drives containing over 27 terabytes of data.³ At MGM Resorts, hackers stole the personal data of more than 10 million customers.^Four

Government assets are also becoming targets. China-based hackers have successfully gained access to employee email accounts at approximately two dozen organizations since May 2023, including the US Department of State and the Department of Commerce. The breach was not discovered by him for three months.^Five

By 2025, cyberattacks are expected to cost businesses and governments $10.5 trillion worth of damage annually, an increase of nearly 300% from 2015.⁶ Global cybersecurity spending of $225 billion annually is insufficient to defend against these attacks and keep up with the dynamic changes in the technology landscape.⁷

One such change is the increased prominence of sophisticated generative AI models, which has particular implications for phishing and social engineering-based attacks. Large language models can incorporate information such as real-time news and updates and personally identifiable information to generate increasingly realistic-looking malicious links, emails, and fake websites. . Since nearly 88% of all security breaches occur due to human error, generative AI can help hackers exploit human vulnerabilities to gain access to a wide range of systems.⁸ Zscaler, a leader in cloud security, reported a 47% increase in AI-enabled phishing attacks in 2022.⁹

Additionally, unlike human hackers, AI agents are available 24/7 and can be designed to monitor digital assets such as websites, tools, and systems for vulnerabilities. AI agents, which can attack and overwhelm websites due to their high utilization rates, are also a growing threat.^Ten Another threat is the increase in unsupervised access to online digital assistants, which could result in company employees sharing personal information. Many large companies restrict access to these models until guardrails are in place.¹¹

AI can also help strengthen cybersecurity

Primarily, AI aids in anomaly detection by scanning routine corporate traffic for deviations from the norm and quickly revealing those patterns to human decision makers. These tools can be particularly effective for less technologically sophisticated companies or those with small teams. AI also helps summarize cybersecurity alerts, breaches, and log data in simple language, allowing engineers to quickly understand her IT issues. At a time when there is a severe labor shortage for cyber-related jobs, these simple systems can significantly improve productivity. Organizations can also use AI to perform penetration tests and create scenarios to penetrate corporate systems and identify weaknesses in the network.

The industry is quickly responding to this dynamic demand driven by AI. In 2023, endpoint security leader CrowdStrike launched Charlotte AI, designed to act as a low-level security analyst capable of performing day-to-day tasks.¹² The system has a tight feedback loop that includes insights from human operators, intrusion detectors, and incident response teams. The system also improves the intelligence CrowdStrike tracks across more than 200 adversaries, learning their increasingly sophisticated tactics and compromise techniques.

Similarly, Check Point launched a generative AI support and automation assistant called Infinity AI Copilot to automate operations. This could be a solution to the global shortage of cybersecurity experts.¹³ Identity management service provider Okta has launched a series of AI-specific tools to help with employee and customer identity.¹⁴ Palo Alto Networks, Zscaler, Fortinet, and nearly every other major cybersecurity vendor have plans to launch similar products.¹⁵

Major cloud vendors are also leveraging AI to expand their market share in the cybersecurity space. Available in April 2024, Microsoft Security for CoPilot enables security and IT professionals to ask questions, assess threats, write code, and support security and defense operations. Become.¹⁶ The models that power Security for CoPilot have been refined based on the more than 78 trillion security signals that Microsoft processes every day.¹⁷ The platform is expected to help experienced security professionals make their overall analysis 22% faster and nearly 7% more accurate. 97% of security professionals who have used the platform said they would use it again.¹⁸

Last year, Google integrated generative AI across its threat intelligence and cybersecurity operations platforms. Google will combine Mandiant cyber intelligence products and the Chronicle security operations platform with Vertex AI infrastructure solutions to create an AI system called Sec-PaLM that will be the core of the company's AI-based security offerings.¹⁹ The core of this system is software from Mandiant, which Google acquired in 2022.

AI could benefit security spending

Despite the broader IT industry entering a slowdown, cybersecurity spending was projected to increase by 10.6% in 2022 and 14.2% in 2023.²⁰ We believe this resiliency demonstrates the urgency and commitment to continue building comprehensive defenses against new threats that may emerge, especially as AI becomes more pervasive. Global X predicts that annual security spending could exceed $450 billion by 2030.^{twenty one} Spending on artificial intelligence solutions for cybersecurity is expected to increase to $61 billion by 2028.^{twenty two}

Given the predictable nature of recurring revenue models common in cybersecurity, software-based spending can exhibit unique resilience. The industry is also moving toward consumption-based pricing models that place a greater emphasis on unit economics. Areas such as identity security, application security, penetration testing, endpoint security, and zero trust solutions are expected to show significant momentum.

Additionally, industry-wide mergers and acquisitions (M&A) are poised to return this year and continue as major companies continue to prefer purchasing solutions from a variety of vendors in an increasingly fragmented market. We think this is highly possible. Already in 2024, Zscaler announced it would acquire Avalor and CrowdStrike would acquire Flow Security, both deals aimed at adding AI-first solutions to their portfolio.^23,24

Bottom line: AI can power continued growth in cybersecurity

Generative AI poses new cybersecurity threats, but it also helps businesses create dynamic solutions that can thwart attacks. Leading cybersecurity vendors are rapidly developing AI-powered tools to augment human analysts and automate security operations, and cloud providers are rapidly developing AI-powered tools to augment their cybersecurity stacks. It is integrated into. Despite economic headwinds, cybersecurity spending is expected to increase steadily, and industry consolidation is expected to continue as companies seek AI capabilities to enhance their product portfolios. In our view, these growth-oriented moves demonstrate that there is an urgency to cybersecurity growth that investors may want to consider.

Related ETFs

Bug – Global X Cybersecurity ETF

CLOU – Global X Cloud Computing ETF

AIQ – Global X Artificial Intelligence & Technology ETF

Click on the fund name above to view its current performance and holdings. Stocks held may change. Current and future holdings involve risks.