It has been a busy yr for giant firms’ IT departments. Corporations starting from Marks & Spencer to Jaguar Land Rover (JLR) have seen their operations disrupted by cyberattacks. The incident at Jaguar is believed to have price Tata (JLR’s homeowners) just below £2 billion. Whereas not a cyberattack, the outage at Amazon Net Companies in October additionally introduced swathes of the web to a halt, demonstrating that “when a single upstream supplier experiences points, the affect doesn’t keep contained; it cascades throughout industries”, says Fadl Mantash, chief data safety officer of worldwide pay-tech firm Tribe Funds. Such circumstances are simply the “tip of the iceberg”, in response to Jonathan Frost, director of worldwide advisory for EMEA at BioCatch. No surprise, then, that firms offering cybersecurity and resilience providers are in demand.
Why cybersecurity is extra essential now than ever
The primary purpose cybersecurity and cyberresilience are so essential now could be that “an growing quantity of life is performed on-line, with virtually all our units related, not directly, together with vacuum cleaners and washing machines”, says Marijus Briedis, chief expertise officer at NordVPN. Nevertheless, whereas individuals “nonetheless don’t absolutely realise how a lot knowledge they’re sharing and the way a lot connectivity is occurring”, there’s a rising consciousness that “they must take care with their on-line exercise and wish some safety from the assorted threats… on the market”.
That is notably true of the post-Covid enterprise world, “the place persons are more and more working away from the workplace”, says Kate Steele, companion within the business dispute decision workforce at Hill Dickinson. In consequence, firms “are relying way more on expertise, each by way of distant working methods, but in addition issues like AI”. And “all the assorted crime statistics counsel that there was an enormous improve yr on yr in each kind of cybercrime, from knowledge theft to on-line scams”, says Steele.
MoneyWeek
Subscribe to MoneyWeek at present and get your first six journal points completely FREE
Get 6 points free
Signal as much as Cash Morning
Do not miss the newest funding and private funds information, market evaluation, plus money-saving suggestions with our free twice-daily e-newsletter
Do not miss the newest funding and private funds information, market evaluation, plus money-saving suggestions with our free twice-daily e-newsletter
BioCatch’s Jonathan Frost, who beforehand labored on the Metropolis of London Police, notes that within the 2025 Nationwide Crime Survey, 1% of all UK firms stated they’d been victims of ransomware, the place servers are hijacked, reputable customers locked out after which money demanded handy again management. Whereas 1% might not appear a lot, “this works out to 19,000 companies throughout Britain, and represents a doubling of assaults since 2024”.
What’s extra, firms might not have a alternative as to whether or not they shield themselves, says Hill Dickinson’s Kate Steele. It is because governments and regulators are actually recognising “that firms must take motion to defend themselves, as such assaults not solely hurt them, but in addition harm their prospects, staff and different individuals of their care”. Witness the UK’s Cyber Safety and Resilience (Community and Data Programs) Invoice, at the moment going by Parliament, “which locations an obligation on essential sectors to report main incidents inside 24 hours, with giant fines in the event that they don’t”.
It’s not stunning, then, that during the last 5 to 10 years, discussions about such cyberthreats are not “the background dialog that solely befell in sure industries and companies”, says Brendan Gulston, co-manager of the WS Gresham Home UK Multi Cap Earnings Fund. As a substitute, cybersecurity is “a board degree dialogue that’s talked about in virtually each annual report of most of most companies, regardless of trade”, says Gulston. General, knowledge from accountants PwC means that round 85% of companies anticipate their cyber budgets to extend over the following 12 months, says Zain Javid, cofounder and chief technical officer of Quotation Cyber.
(Picture credit score: Jose Sarmento Matos/Bloomberg by way of Getty Photos)
The three key threats to cybersecurity
NordVPN’s Briedis thinks the growing variety of threats stem from three principal sources. There are the so-called “script-kiddies”, the youngsters “taking part in across the web and attempting to determine tips on how to hack your neighbour”. Nevertheless, there’s additionally an growing risk from cybercriminals, many linked to organised crime, who’re concentrating on firms. They usually both attempt to steal commercially delicate knowledge or launch ransomware assaults.
Even worse, “in a rising variety of circumstances many international locations now have their very own cybersecurity teams that specialize in finishing up assaults”, says Briedis. Jonathan Frost agrees, noting that Europe “is dealing with elevated hostile exercise throughout cyber, infrastructure and data domains from regimes akin to Russia”. These so-called “hybrid conflicts” are “beneath the brink of warfare however above the brink of regular state relations”. For instance, this yr “the Dutch authorities recognized a cybersabotage assault on the digital management system of a Dutch public service”, which they ultimately traced again to the Russian state. Russia can also be thought of the prime suspect for the JLR assault.
North Korea, too, is “at all times at or close to the highest of the listing of hostile states, as is Iran and China”, says Chris Gannatti, world head of analysis for WisdomTree. He factors out that earlier this month AI start-up Anthropic claimed that Chinese language hackers had launched cyberattacks in opposition to them in an try and co-opt Claude, their AI system, in order that it could possibly be used for sinister functions. With such an in depth connection within the digital world between knowledge and sovereignty, “it’s unsurprising that the rise in geopolitical tensions has coincided with the rise in cyberattacks in opposition to civilian or authorities infrastructure”, says Axel Belorde, head of enterprise improvement for EMEA & Asia at VettaFi.
AI is ushering in a brand new period of cybercrime
(Picture credit score: Getty Photos)
Anthropic’s expertise highlights the truth that, as almost all of the specialists I spoke to agreed, AI is displaying “the power to broaden cybercrime exponentially”, says NordVPN’s Briedis. With generative AI permitting for “vibe coding” – the power to create packages by merely specifying what you need to create – even the least technically savvy hacker “can kind one thing into ChatGPT and create a easy virus or malware in seconds”.
Whereas lots of the bigger AI fashions are desperately attempting to construct in safeguards to stop this, they might be too late – “for a number of thousand kilos you may get entry to your personal bespoke AI system that received’t have any of those restrictions”, says Briedis.
As AI turns into ever extra refined, its use may broaden past merely making it simpler for hackers to put in writing malicious code. AI may create “agentic” packages that may be despatched out to wreak havoc on their very own, with out the necessity for fixed human course. Tom Kynge, portfolio supervisor at Sarasin & Companions, says that even earlier than the Chinese language assault, tech start-up Anthropic had finished “some actually fascinating testing on this entrance, with outcomes displaying that AI methods can display behaviours akin to deception, artistic problem-solving and manipulation”.
AI-powered social engineering could make issues worse
(Picture credit score: Getty Photos)
AI can even assist hackers perform what’s often called “social engineering”, the place hackers persuade individuals to voluntarily hand over essential safety particulars by impersonating buddies, household, colleagues or prospects. This issues as a result of, as safety firms have turn out to be higher at bolstering defences in opposition to viruses and safety breaches, “cybercriminals are more and more specializing in social engineering”, says Rupert Small, founder and CEO of Egregious, an evaluation platform that goals to guard the web from AI deception. He notes that in some circumstances, the newest fashions can “make us imagine no matter they need us to… that fully transcends what every other human can do, together with your personal shut household”.
Silver-tongued chatbots and deep-fake movies symbolize the chopping fringe of social engineering. However extra mundane AI instruments can even pose a risk. Hill Dickinson’s Kate Steele says hackers are already utilizing AI “to ship out random emails to numerous individuals at a a lot bigger scale than they had been beforehand capable of”. What’s extra, generative AI is making certain that, “whereas the emails from fraudsters was once straightforward to identify, because the grammar or spelling wouldn’t be fairly proper, they’re now way more convincing”.
On a extra optimistic notice, there’s proof that AI can be utilized to defend us in opposition to safety threats in addition to create them. “There are lots of start-ups, lots of them created within the UK, that are utilizing AI to detect scams created by social engineering and phishing,” says Small. All of the proof thus far is that AI “might be superb at detecting such scams at scale”. These utilizing AI for defensive functions could also be “a number of steps behind” these utilizing it for felony functions. Nevertheless, “the defensive instruments undoubtedly exist, it’s only a query of getting them adopted”.
Cat McDonald, a companion at venture-capital agency AlbionVC, takes an identical view. Utilizing AI to detect fraud can result in false positives, but AI can even “assist discover patterns that wouldn’t be seen to the human eye, permitting you to defend your self much better and faster than you’d be capable to do in any other case”. NordVPN’s Briedis notes that his firm is already utilizing its personal machine-learning algorithms to fight phishing and rip-off websites. Sooner or later, cybersecurity “goes to be more and more AI versus AI”, says Briedis.
Risk from quantum computing
(Picture credit score: Getty Photos)
AI isn’t the one expertise “shaping the following cyber battlefield”, says Quotation Cyber’s Javid. Quantum computing can also be seen as a risk. The exponentially quicker computing speeds it guarantees imply it should turn out to be doable to interrupt encryption methods that usually would take 1000’s of years to crack utilizing at present’s expertise, rendering them “irrelevant”, says Tom Peirson-Webber, VP of engineering at Harbr. This future may be much less distant than individuals suppose. The UK’s Nationwide Cyber Safety Centre means that firms “ought to plan on being quantum-ready someday between 2030 and 2035”.
IBM has predicted that by 2029, “we’re going to start out getting helpful outputs from quantum machines which are past the attain of classical machines”, notes WisdomTree’s Gannatti. Actually, “there’s been a variety of speak in each the encryption and cryptocurrency communities about tips on how to cope with this rising risk, with a number of start-ups engaged on tips on how to make encryption quantum-proof”. In an indication that the risk is being taken significantly on the highest ranges, the Nationwide Institute of Requirements and Know-how within the US has revealed papers on how quantum-safe encryption requirements may work.
Nevertheless, even when quantum-proof encryption strategies are developed in time, they’ll nonetheless should be rolled out. Whereas Peirson-Webber likens the issue to the millennium bug, the place many individuals nervous in regards to the affect of the date change on laptop methods, just for the transition to go comparatively easily, this isn’t as reassuring as it would sound. In spite of everything, the millennium bug was solely overcome “as a result of individuals began planning for it in 1990, relatively than leaving every part to the final minute”, a mistake he worries that some firms could also be making. One other danger comes from “individuals stealing encrypted knowledge at present, within the hope that quantum will allow them to decrypt it in a number of years’ time”.
Large winners within the rising demand for cybersecurity
So which kind of firms will profit probably the most from the increase in cybersecurity? AlbionVC’s McDonald thinks the trade is dominated by a “few, very giant platforms providing a broad suite of providers”. These platforms “have robust manufacturers, established belief and are preferred by the safety groups of enormous organisations, who’re fully overwhelmed by the massive variety of options on the market and discover that having a one-stop store might be very useful”.
Nevertheless, she additionally notes that the current wave of each safety breaches and outages have proven the downsides of getting an excessive amount of consolidation “and made enterprises just a little extra cautious about having all of their eggs in a single basket”. She additionally notes that lots of the giant platforms “have reached the stage the place they aren’t capable of innovate rapidly sufficient”. That is creating alternatives for “a variety of very thrilling early-stage cybersecurity firms, together with many popping out of academia, which are on the lookout for options that may assist defend in opposition to new assaults”.
Equally, VettaFi’s Belorde thinks the current AWS outage “is an effective reminder that there’s not often such factor as 100% reliability”. Corporations must “fastidiously assess their remedial plans”. Within the case of safety providers, which means having a number of suppliers, whereas with regard to storing their knowledge, it is sensible to make sure that cloud storage isn’t the one possibility used, with probably the most confidential knowledge saved on correctly secured bodily servers. In brief, the “rising want for extra progressive cybersecurity options” will profit an “whole ecosystem of firms”.
Methods to put money into the cybersecurity sector
The simplest approach to put money into firms benefiting from the increase within the cybersecurity sector is thru an exchange-traded fund (ETF) monitoring a broad portfolio of cybersecurity companies, such because the WisdomTree Cybersecurity Ucits ETF (LSE: WCBR). WidsomTree has constructed a portfolio of 25 companies by asking specialists who’ve labored at a variety of organisations, together with the US Nationwide Safety Company, to seek out firms that may profit from what it sees as eight key themes, starting from cloud safety to cybersecurity schooling. The most important holding is Crowdstrike, which accounts for 7% of the ETF, with the highest ten accounting for half the fund. It has a complete expense ratio (TER) of 0.45%.
The third-largest firm in WisdomTree’s portfolio is Akamai Applied sciences (Nasdaq: AKAM). Though its core enterprise was once offering a safe connection between the consumer and an web website, it has lately shifted in the direction of offering providers for cloud computing, together with cybersecurity. Not like many firms within the sector, Akamai shouldn’t be solely worthwhile but in addition trades at a comparatively modest valuation of lower than 13 occasions anticipated 2026 earnings. Nonetheless, it has a constant document of strong development of round 6%-7% a yr, with revenues rising 40% between 2019 and 2024.
One other main holding in WisdomTree’s portfolio is Qualys (Nasdaq: QLYS). Qualys gives a complete set of cybersecurity providers over a cloud-computing platform. It has a robust document of development, almost doubling gross sales between 2019 and 2024 whereas growing its earnings per share over the identical interval. It boasts robust working margins and a return on capital employed of greater than 30%, which makes the truth that it trades at 21 occasions anticipated 2026 earnings appear greater than cheap.
One cybersecurity firm that Tom Kynge, portfolio supervisor at Sarasin & Companions, deems one of many “winners” with regards to firewalls (a barrier designed to stop unauthorised individuals having access to a community) is Fortinet (Nasdaq: FTNT). Somewhat than simply offering a single service, it provides a platform that gives a variety of providers, from safe networking to AI-driven safety operations. It has almost tripled gross sales since 2019, with earnings per shares growing greater than sixfold. That justifies a 2026 value/earnings (p/e) ratio of 28.
One other cybersecurity agency Kynge likes, and a serious holding of HANetf’s Way forward for Defence Ucits ETF (Nato) – VettaFi’s Axel Belorde can also be concerned with this ETF – is Palo Alto Networks (Nasdaq: PANW). Its divisions embody Community Safety, Cloud Safety and Safety Operations. It additionally has a Risk Intelligence and Advisory Service. Despite the fact that the inventory trades on a 2026 p/e of 47, income has greater than doubled since 2021, and the group is anticipated to maintain increasing strongly.
One smaller firm that must also profit from growing company consciousness of cybercrime in fraud is PCI-PAL (LSE: PCIP). PCI-PAL specialises in making certain {that a} agency’s fee methods are safe, to allow them to take funds over the telephone or on-line with out danger of fraud. Brendan Gulston of the Gresham Home UK Multi Cap Earnings Fund thinks that PCI-PAL is “a fantastic instance of an organization that, whereas not in search of to supply cybersecurity straight, has developed a product that’s in demand due to firms’ worries about fraud”. PCI-PAL is a riskier funding because it has solely lately began to turn out to be worthwhile, but it surely has seen income develop fivefold since 2020.
This text was first revealed in MoneyWeek’s journal. Get pleasure from unique early entry to information, opinion and evaluation from our workforce of economic specialists with a MoneyWeek subscription.
