25-06-2025
Cybersecurity and AI: Just a trend or the backbone of the future economy?
In an era of mounting global uncertainty, cybersecurity stands out as a resilient, long-term investment theme. With the rise of AI-driven threats, escalating costs of data breaches, and a growing skills gap, protecting digital infrastructure has become business-critical. This article explores why cybersecurity is not just a tech trend but a structural necessity — and a R35-trillion investment opportunity in the making.
No one can deny that we live in a time of enormous uncertainty. Investors are used to seeing market cycles with peaks and troughs, but even the most seasoned investors will agree that we are entering especially volatile territory with the rise of new technological, political and economic power dynamics against the backdrop of a rapidly changing and precarious world order.
Yet even amid the heightened volatility, some themes stand out for their durability. These are known in the investment world as secular trends, or mega trends in plain language – long-term, structural trends in our world that we anticipate will continue to grow regardless of short-term market cycles, geopolitical upheavals, global power dynamics or economic spikes and crashes.
For me, one important theme dominates our time: cybersecurity. This technological mega trend will carry on regardless of what happens on the global stage in the next two, five or 10 years.
As portfolio managers navigating this uncertain global environment, we find comfort in investing in growth themes that are driven by greater fundamental, non-cyclical forces. We like cybersecurity because it is not a passing fad — it will be deeply integral to how the global economy and societies function in the future.
The case for investing in cybersecurity
Cybersecurity is no longer optional for modern enterprises — it's business-critical. Some of the most valuable assets any company possesses are its customer data, intellectual property and brand reputation. All three are increasingly vulnerable to sophisticated cyberattacks, and significant manipulation as well as enhancement by artificial intelligence (AI).
In 2024, the world witnessed the largest global internet outage on record, caused by a faulty software update from a cybersecurity vendor — the CrowdStrike crash. This cascading failure highlighted how interconnected and fragile today's digital infrastructure has become. Crashes like these may become more frequent in the future and will cost the global economy billions in damages — so we need to be prepared.
Malicious security breaches that cause disruptions and outages are equally, if not more, concerning. According to IBM's annual Cost of a Data Breach Report, the average breach now costs our biggest corporations about R89-million per incident. In the healthcare sector, the figure is even higher due to the sensitivity of patient data and outdated IT systems. The financial services sector, which also handles very sensitive customer data, is the second most targeted industry. Both these industries sit on the kind of data that criminals find very enticing. This is why, globally, the cost of cybercrime is projected to exceed R186-trillion annually by 2025.
An expanding threat landscape enabled by GenAI
Meanwhile, the threat landscape is expanding rapidly. Generative AI (GenAI), used by criminals to craft their attacks with more accuracy, has made phishing attacks more convincing and frequent. Previously, fraudulent emails were easy to spot due to poor grammar or formatting. Now, AI can generate perfectly written content, mimic the tone of colleagues, and target individuals during high-stress periods when they might be less cautious and more vulnerable to clicking on harmful links. This has resulted in a significant spike in phishing activity since the public release of ChatGPT in late 2022.
But this is only one dimension of the issue. As businesses adopt cloud computing, smart devices and remote work policies, the surface areas for attacks have grown exponentially since the days when everyone worked in office, on the same network, behind the same firewalls. In fact, it's estimated that global endpoint volumes are growing at 30% annually, vastly expanding the attack surface that needs to be protected.
Adding to a perfect storm, the World Economic Forum is also projecting a gap of 85 million skilled cybersecurity workers by 2030. The case for security automation becomes more obvious, but so does the need to train and retain the most skilled and dedicated cybersecurity specialists. Companies must rely on intelligent systems to detect, analyse and respond to threats in real time, and highly skilled professionals who can ensure that strategies remain responsive and that C-suites and workforces are aligned on how to protect their businesses from threats.
It's because of this expanding threat landscape that spending on cybersecurity continues to be one of the most resilient IT budget items for chief information officers (CIOs) globally. Even amid economic slowdown, surveys reveal CIOs are least likely to cut their budgets for security and AI because of how business-critical they are.
Investing in platforms, not just tools
For many companies, using a plethora of separate cybersecurity tools has become unsustainable, because of the sheer complexity and cost. This is why the desire for consolidated security ventures has reached an all-time high. Increasingly, enterprises are consolidating their cybersecurity tools into single, integrated platforms that provide broad protection across multiple vectors of vulnerability. This is a 'best of suite' approach, as opposed to 'best of breed'. This is when a single supplier offers a comprehensive suite of cybersecurity solutions for a set price — and while each solution in the bag might not be the best there is, it reduces complexity and cost.
Platform-based players like Palo Alto Networks and CrowdStrike are emerging as leaders in this space. Their ability to scale and streamline a collection of security solutions makes them compelling long-term investments. At Ashburton, we prefer this platform-based model and have re-engaged with the sector during recent pullbacks, recognising that short-term market volatility can create great entry points into robust secular growth stories.
A two trillion dollar opportunity
The current global cybersecurity vended market is about $250-billion (R4.5-trillion), but McKinsey estimates that the total addressable market could be as much as $2 trillion (R35-trillion) over time as new customer needs emerge and vendors scale their offerings. For investors, this represents a long runway for value creation — especially as regulation increases and cyber resilience becomes a boardroom priority.
In a world where policy shocks and political upheaval can send markets reeling, secular trends like cybersecurity and AI offer a rare source of clarity, predictability and long-term opportunity for patient investors. These industries may not be immune to volatility, and they are still going through their infancy growing pains, but their overall direction looks quite certain. For long-term investors, these trends are not just compelling — they are essential opportunities for the long run. DM
