The cyber security industry faces a challenge that is anything but business as usual. The prospect of offensive attacks using artificial intelligence (AI) is prompting increases in cyber security budgets as organizations try to understand the impact of generative AI on their security. AI is already used for threat detection, and its greater adoption will undoubtedly help offset attacks. However, learning how to counter AI-led attacks will take time, and cyber security vendors and users will face a bumpy ride for the next two to three years, says GlobalData, a leading data and analytics company.
Forecasts
GlobalData’s latest report, “Cyber security – Thematic Intelligence”, reveals cyber security budgets will grow in line with information technology ( IT) budgets in 2024 as organizations come to terms with AI’s impact on their operations. The firm forecasts that the global cyber security market will be worth $290 billion by 2027, growing at a compound annual growth rate (CAGR) of 13% between 2022 and 2027. Managed security services, application security, and identity and access management will be high-growth areas.
David Bicknell, principal analyst, thematic intelligence at GlobalData, comments: “Organizations have learned how to cope with cyber-attacks that deliberately target enterprise technology, such as networks, cloud storage, and endpoint devices. But AI is a game-changer. Now, organizations must respond to AI attacks that can adapt to a specific environment, seek out weaknesses, and exploit them. This is uncharted territory.” He adds: “It is still too early to know where the balance lies in how AI impacts organizations’ cyber security positioning. AI can help organizations improve their efficiency in threat detection, hunting, and incident response, but at the same time, adversaries will use AI in cyber-attacks. A simple example is cyber criminals using generative AI to strengthen phishing attacks by eliminating the telltale signs of fake messages, such as poor grammar and spelling mistakes.”
The expected significant change in the cyber security market will drive a strong focus on cyber security mergers and acquisitions deal activity throughout 2024. Cisco’s $28 billion acquisition of Splunk will be the catalyst for AI-led cyber security mergers and acquisitions deals in 2024.
Bicknell furher says: “Both startups and maturing cyber security companies are expected to be on the radar of larger vendors looking for products and talent. In addition, cyber security mergers and acquisitions is anticipated to attract regulators’ interest, particularly as a small group of private equity players are snapping up numerous cyber security companies.” In October 2022, according to Bicknell, US PE firm Thoma Bravo acquired identity and access management provider ForgeRock in a $2.3 billion deal that was eventually cleared by US regulators. Recently, Thoma Bravo announced plans to acquire Darktrace, the UK’s best-known cybersecurity firm, so regulators should be on alert for anti-competitive practices.