Technology is constantly moving forward, and modern digital infrastructure allows for unprecedented connectivity that has created new opportunities in all kinds of industries, from pharmacology to robotics.
Unfortunately, the same advancements have also exposed companies to sophisticated, scalable cyberattacks — according to Statista, cybercrime cost American businesses an estimated US$320 billion in 2023, an increase of over US$300 billion since 2017. That figure could swell to approximately US$1.82 trillion by 2028.
The ever-evolving nature of online threats means that up-to-date cybersecurity measures are now an essential part of any business. This changeability also means the industry is likely to experience significant growth in the years to come, making it a potentially lucrative sector for investors. Indeed, Grandview Research predicts that the global cybersecurity market will grow at a CAGR of 12.3 percent from 2023 to 2030, reaching an estimated US$500.7 billion.
Defending against cyberattacks in 2024
Cyberattacks are steadily increasing in both volume and scale across countries and industries, and this trend doesn’t show signs of letting up. In fact, while investigating cyber threats for 2024, researchers at NordVPN uncovered a troubling development: a new generation of cybercriminals is seeking tutorials on the dark web.
The cybersecurity sector follows patterns set by malicious actors, and Google Cloud’s Cybersecurity Forecast 2024 identifies several directions cybercriminals may go in the coming year. For example, political and social events like elections in the US and Taiwan and the 2024 Summer Olympics could be targets for state-sponsored cybercriminals.
Another key trend discussed in the report is the potential for improved and scaled phishing campaigns as generative artificial intelligence (AI) makes infiltration attempts more convincing. Grammatical and colloquial errors that distinguished suspicious messages in the past will be reduced or eliminated as language models improve.
With that in mind, one of the most important current topics of discussion in cybersecurity is the development of AI-powered technology designed to combat AI attacks. Generative AI poses the most significant threat to online security because it can learn how to circumvent even newly implemented security features.
Just as attacks powered by generative AI will learn to work around security measures, safeguards that use generative AI will learn from attacks and infiltration attempts, identifying and repairing vulnerable points of entry. AI can also be used to enhance and secure biometric systems, further strengthening multi-factor authentication.
Yogen advised businesses to be alert to phishing attempts, which include fraudulent emails and phone calls. “Companies must (conduct) ongoing phishing testing campaigns internally to become more resilient to that. These are becoming much more sophisticated, especially spear phishing attacks, where (attackers) do the homework (of) intelligence gathering, and they send very believable emails with context,’ he explained.
Simplification could be the best defense
Yogen believes cyber defense measures should be as streamlined as possible and predicts that cybersecurity programs will be simplified in 2024. “One of the reasons why it’s so much easier for an attacker today is because most large organizations have very complex IT environments,” he pointed out. “Some of them are built through acquisitions, so they’re very complex with lots of different technologies that they support. (So) simplification is going to be a theme. The more you simplify, the more you can get better visibility about your entire environment.”
EY’s 2023 Global Cybersecurity Leadership Insights Study reveals that 84 percent of companies are looking to add two or more new cybersecurity technologies to their existing measures. The authors point out that ‘technology clutter’ makes it harder to spot abnormalities that indicate threats, and suggest relying on a single cybersecurity platform.
Amazon (NASDAQ:AMZN), Google (NASDAQ:GOOGL) and Microsoft (NASDAQ:MSFT) are the dominant players in tech, and all three have taken an interest in cybersecurity, acquiring private companies and integrating their technologies into their respective cloud platforms to create more comprehensive and integrated suites of security services.
“These folks are building rich, very sophisticated feature functionality (for their) platforms,” said Yogen. However, while having a few large platforms available certainly makes things simpler for businesses, he noted that these tech giants represent a real threat to smaller security vendors, which run the risk of being closed out of the market.
IBM (NYSE:IBM) is pursuing a different strategy by been investing in private cybersecurity companies without necessarily acquiring them or integrating their technologies into its cloud platform. Instead, it has been partnering with these companies to offer their solutions to its customers as part of its security portfolio. This innovative partnership approach allows IBM to offer a wide range of security solutions from multiple vendors, while also allowing the private companies to retain their independence and serve other customers beyond IBM.
Cybersecurity labor shortage a growing concern
As the cybersecurity industry’s rapid growth continues, labor is becoming a major challenge.
According to the International Information Systems Security Certification Consortium’s 2023 Cybersecurity Workforce Study, the cybersecurity workforce grew by 8.7 percent between 2022 and 2023. However, the talent gap grew at a faster rate, increasing by 12.6 percent year-on-year. In a mid-2023 article, Canadian cybersecurity company Field Effect discusses some of the reasons behind the talent gap, which include a lack of diversity in STEM fields.
A cybersecurity talent shortage could have a significant and far-reaching impact on the broader economy, including increased cyber risks, reduced competitiveness and innovation, higher costs, reduced productivity and supply chain interruptions. At the company level, attacks can have a lasting negative impact, including a loss of stock value, eroded trust and a decline in clients as users switch to the services of another company in the wake of an incident.
The bottom line
The cybersecurity industry is growing rapidly as cyberattacks rise, and businesses need to take steps to protect themselves. Investing in security measures, staying up to date on the latest threats, educating employees about cybersecurity risks and simplifying cybersecurity solutions are all important in today’s world.
When it comes to cybersecurity stocks, there are a number of factors that could impact their performance in 2024. These include the continued growth of the sector, the development of new technologies and the evolving threat landscape. The biggest names in tech are dominating the market, but moving forward it’s possible that smaller companies with innovative solutions may have a chance to thrive in this constantly changing industry.
Securities Disclosure: I, Meagen Seatter, hold no direct investment interest in any company mentioned in this article.