Quarterly Outlook
Q3 Investor Outlook: Beyond American shores – why diversification is your strongest ally
Jacob Falkencrone
Global Head of Investment Strategy
Saxo Group
In recent years, a growing number of listed companies have seen their market value drop sharply following cyberattacks—not because of the breach itself, but because investors questioned their resilience. The rules have changed.
The cybersecurity industry has evolved from a defensive IT function into a critical pillar of business continuity, geopolitical strategy, and capital allocation. Cloud adoption, AI integration, and data sprawl are expanding the attack surface. At the same time, public spending, regulatory pressure, and digital transformation are driving up demand for advanced protection.
This shift is creating both urgency and opportunity. The question is no longer whether cybersecurity is a growth sector but where the strongest signals are emerging and which businesses are building long-term value.
Global cybersecurity spending has surpassed USD 212 billion and is projected to reach USD 500 billion by 2030. This sharp rise reflects a broader shift: cybersecurity is now central to business continuity, operational resilience, and strategic planning.
Much of this growth is tied to how business operations have changed. Remote work, cloud adoption, and connected devices have expanded the number of vulnerable entry points. As data moves across more platforms, companies need better tools to manage access and protect information. This is driving strong demand for cloud security solutions.
At the same time, larger companies are acquiring specialised cybersecurity firms to offer more complete and integrated solutions. In this environment, providers with stable revenue, loyal customers, and the ability to adapt quickly are best positioned to benefit from consolidation and long-term demand.
These trends are turning cybersecurity into a long-term growth sector, driven by new rules, digital change, and the rising cost of cyber risks.
Artificial intelligence is reshaping how digital threats are detected and managed. Instead of relying on fixed rules, AI systems analyse patterns and identify anomalies in real time, often spotting attacks faster than human teams.
This is especially valuable as organisations process more data across multiple platforms. AI helps filter alerts, detect unusual behaviour, and automate responses, reducing the time it takes to contain breaches. For example, some of the biggest firms use security tools that now scan trillions of signals daily and flag phishing or ransomware attacks within seconds.
Still, these tools aren’t left to operate alone. Many companies combine AI models with expert review to avoid false alarms or missed threats. Human oversight adds context and judgement, while AI handles speed and volume.
From identity protection to fraud prevention, AI is being integrated into more parts of cybersecurity. That allows companies to improve response times and reduce pressure on security teams.
AI makes cybersecurity faster, but also more unpredictable. As defenders adopt machine learning tools, attackers are doing the same. Malicious actors now use AI to bypass detection, craft convincing phishing emails, and scan for vulnerabilities.
This shift introduces a new category of threats. Some AI systems can be tricked through manipulated data, known as adversarial inputs. Others make decisions that are difficult to trace, raising concerns about transparency and accountability. A false positive might block critical access; a false negative might miss a breach entirely.
There are also questions around bias, data privacy, and oversight. If an algorithm learns from flawed or limited data, it may overlook real threats or flag the wrong behaviour. Without clear testing and controls, security teams risk relying on tools they can’t fully understand or explain.
Regulators are starting to respond. In the EU, proposed AI laws require companies to audit high-risk systems and document their decision processes. In the US, federal agencies have issued guidance for responsible AI use in cybersecurity. While standards remain uneven, the direction is clear: critical AI systems must be auditable, transparent, and subject to human control.
More companies are moving operations to the cloud to scale faster and reduce costs. But this shift is exposing new weaknesses that cybercriminals are quick to exploit.
Some of the most common vulnerabilities include:
These risks have real financial consequences. A single exposed file or stolen credential can compromise customer data and disrupt operations, especially when cloud platforms host multiple systems in one place.
To reduce exposure, businesses are adopting zero-trust models and using cloud-native security tools that monitor activity, restrict access, and flag anomalies. These approaches aim to catch threats earlier and limit the damage when something goes wrong.
Strong and rising demand has positioned cybersecurity as a structural investment theme. As digital threats increase, so does spending on protection continues to grow, opening multiple ways to gain exposure:
Exchange-traded funds (ETFs) focused on cybersecurity offer diversified access to the sector. These funds typically include companies involved in network security, identity management, and cloud protection. Many track indices focused on cybersecurity innovation, allowing broad participation without requiring the selection of individual stocks. Holdings usually span established leaders and emerging firms, capturing sector-wide momentum while spreading risk.
Publicly listed cybersecurity companies offer direct exposure to areas such as endpoint protection, encryption, cloud security, and threat detection. Some firms operate in specialised high-growth niches, while others provide integrated platforms for governments and enterprises. Individual stocks may offer higher upside potential, but they typically also involve more volatility and require ongoing monitoring.
Several large technology providers now generate significant revenue from cybersecurity services. These offerings often support cloud platforms, enterprise infrastructure, and productivity software. While not dedicated cybersecurity firms, they provide cybersecurity exposure with broader revenue streams, which can offer greater stability.
Venture investment in cybersecurity remains strong, particularly in startups focused on AI-based threat detection, zero-trust architecture, and cloud-native protection. These companies may offer access to emerging trends before public market entry. However, private investments come with longer holding periods, higher risk, and limited liquidity, which is suitable mainly for experienced or institutional investors.
Cybersecurity is a growing priority for governments amid rising geopolitical uncertainty and public-sector digitalisation. Some defence and critical infrastructure companies are expanding into this space through in-house development or acquisitions. These firms often combine commercial revenue with public contracts, making them a distinct entry point for exposure to national cybersecurity demand.
Cybersecurity investments do not come without risks. Investors need to understand the structural and short-term challenges that could affect their returns:
Investor enthusiasm has led to elevated valuations in the cybersecurity sector, with many companies trading at high earnings multiples relative to broader market indices. While this underscores strong growth prospects, it also heightens sensitivity to performance shortfalls. Any slowdown in sales or cautious forward guidance can result in significant stock price volatility.
The sector is crowded with providers offering overlapping tools. Larger firms often acquire smaller players to strengthen their product range, which can create disruption. This dynamic can disrupt market positions and challenge investors to identify firms with unique value propositions, strong customer retention, and the agility to adapt to rapidly evolving threats.
Cybersecurity companies operate in a complex and evolving regulatory environment, with varying requirements across jurisdictions and industries. Emerging regulations, particularly concerning data privacy, critical infrastructure protection, and AI deployment, can impose additional compliance costs and necessitate product adjustments. These factors may impact profitability and delay market entry.
There is a global shortfall of skilled cybersecurity professionals, with millions of roles unfilled. This limits execution for both cybersecurity vendors and the companies they serve. In some cases, the lack of skilled staff delays implementation or weakens the effectiveness of cybersecurity strategies.
While cybersecurity demand is resilient, it is not immune to broader market cycles. Economic slowdowns, budget freezes, or rising interest rates can lead customers to delay purchases or scale back their spending (by opting for fewer features, smaller deployments, or shorter contract terms). Investor sentiment around tech and growth stocks also plays a role in short-term price movements.
Every digital system depends on trust. When that trust breaks, reputations suffer, operations stall, and market value disappears in minutes. That’s why cybersecurity is no longer a side concern but a frontline issue for companies, governments, and investors.
For anyone looking to the long term, this is a sector worth looking into. It responds to real risks, grows alongside technology trends, and tends to stay relevant even when markets turn. The threats will keep evolving, but so will the opportunity to support the firms building stronger defences.