29 Apr 2024 4 min read

How is cyber security changing, and what does this mean for investors?

By Aude Martin

We take stock of today's cyber security landscape, and consider the potential drivers of growth in the years ahead.


Every passing day seems to bring news of another high-profile cyber attack. Meanwhile, terms such as ransomware, spear-phishing and advanced persistent threats are no longer the preserve of technical specialists – public awareness of the many different forms of cyber attack has never been greater.

Does this mean the cyber security industry has now reached saturation point?

In a word, no. Despite the vast sums that are spent on cyber security every year – an estimated $160-170 billion in 2023 – it’s estimated the industry penetration rate is currently no more than 10%.1 This should perhaps come as no surprise, given that the cyber security landscape constantly evolves, as both attackers and defenders race to deploy the latest technologies and stay ahead of the other side.

Revenues in the cyber security market are expected to grow to $183 billion in 2024, at a compound annual growth rate (CAGR) of 10.2%.2 This headline growth figure, however, belies a more complex landscape, in which mature sub-segments are diminishing in importance while emerging segments are coming to the fore.

The cyber security solutions segment is expected to lead this growth in revenues, with an estimated 15.2% CAGR, whereas cyber security services are expected to slow down.3

Cyber security in the age of AI

Artificial intelligence (AI) has become a hotly discussed topic in the mainstream press, raising hopes of increased labour productivity but also leading to fears around data privacy and misinformation. In the cyber security space, AI is similarly double-edged.

From the cyber attacker’s perspective, generative AI can be used to create data and help develop attack capabilities. An example of the former is bespoke phishing email content, aiming to target the weakest link in the cyber security chain: the end user.

Cyber security research group Rubrik Zero Labs has also noted the emergence of hacker-friendly generative AI chatbots such as FraudGPT and WormGPT, which are specifically designed to enable “even those with minimal technical” skills to launch sophisticated cyber attacks.4

AI also provides cyber security providers with new ways to identify potential attacks, enabling them to be stopped before they cause harm.

One example is the screening of potentially harmful email. Historically, this has been done by identifying and blocking specific email addresses, domains or email contents. While this allows known attacks to be blocked, these features are constantly being changed.

AI-powered screening technology is instead able to identify the underlying characteristics of emails (such as requests for identifiable information) to flag potentially dangerous content even when it originates from a source not previously blacklisted.5

What will drive the next wave of cyber security growth?

AI provides a useful reminder of how new technologies can radically shift the cyber security landscape. But this is just one example among many showing how the cyber attack surface has expanded in recent years.

Let’s not forget that just five years ago the market was disrupted by the pandemic, leading to a transformative shift to remote working and the rise in demand for cloud protection services.

Attacks have also become more sophisticated, and cyber solutions providers are constantly developing solutions to match the pace of new attacks. An everyday example of how this works in practice is the ‘unseen cyber’ work that happens in the background every time you open your email client: ad-blocking, AI tools and an array of other systems are all working together to protect the end-user from thousands of potentially damaging attacks.

More businesses, more cyber attacks

The acceleration of enterprise itself may emerge as the greatest driver of the cyber security industry in the decade ahead.

It’s estimated that 50% more new businesses per year are being created than five years ago.6 This creates underlying unseen risks; if we take the example of digital businesses, cyber security is commonly overlooked. At the current rate of growth, it is estimated that cyber crime costs will reach about $10.5 trillion annually by 2025 – a 300% increase from 2015 levels.7

For large, established companies, the costs continue to rise. To pick just one example that’s been in the news recently, banking giant JPMorgan Chase* has been experiencing a wave of cyber attacks, with the bank’s head of asset and wealth management stating fraudsters are getting “smarter, savvier, quicker, more devious, more mischievous”.

The company reportedly spends $15 billion on technology every year and employs 62,000 technologists, with many focused solely on combating the rise in cyber crime.8

*For illustrative purposes only. Reference to a particular security is on a historic basis and does not mean that the security is currently held or will be held within an LGIM portfolio. The above information does not constitute a recommendation to buy or sell any security.


1. Source: What is cybersecurity? | McKinsey

2. Source: Cybersecurity - Worldwide | Statista Market Forecast

3. Source: ibid.

4. Source: Is artificial intelligence the solution to cyber security threats? (ft.com)

5. Source: https://darktrace.com/research/analysis-of-email-structure-to-detect-malicious-intent

6. Source: Six misconceptions in cybersecurity risk management | McKinsey

7. Source: Cybersecurity trends: Looking over the horizon | McKinsey

8. Source: JPMorgan suffers wave of cyber attacks as fraudsters get ‘more devious’ (ft.com)

Aude Martin

ETF Investment Specialist

Aude joined L&G ETF in July 2019 as a cross-asset ETF Investment Specialist. Prior to that, Aude worked as a delta one trader at Goldman Sachs and within the structured-products sales teams at HSBC and Credit Agricole CIB. As an investment specialist, she contributes towards the design of investment strategies and actively supports the ETF distribution and marketing efforts. She graduated from EDHEC Business School in 2016 with an MSc in Financial Markets.

Aude Martin