
Investment Opportunities in Cybersecurity

In September 2023, a cyberattack caused chaos in two of Las Vegas’s largest casinos. A hacking group known as Scattered Spider infiltrated MGM Resorts International, shutting down its digital systems, including casinos, ATMs, and hotel room access keys. Guests were locked out of rooms, and the attack cost the company an estimated $100 million. Days later, Caesars Entertainment disclosed that it had fallen victim to the same attack, ultimately paying cybercriminals $15 million to unlock its systems. The attack exposed vulnerabilities in both companies’ cybersecurity defenses and disrupted operations for weeks. Beyond financial losses, it shattered customer trust, spotlighted industry-wide weaknesses, and underscored the urgent need for next-generation defenses.
The Vegas saga highlights the surging cyber threat environment that has emerged over the last decade. Ransomware attacks like MGM/Caesars are projected to cost companies hundreds of billions of dollars in financial damage by 2030, while the average cost of a data breach has climbed to nearly $5 million. Cybersecurity also has become a national security concern as state-funded bad actors target critical infrastructure.
This heightened threat environment, in concert with technological innovation, new work models, and artificial intelligence (AI), are transforming the cybersecurity sector. Traditional security measures can no longer keep pace. This paper explores how next-generation technologies are redefining the industry, enabling companies to both anticipate and defend against ever more sophisticated attacks—and opening new opportunities for investors to identify companies positioned to provide solutions amid the evolving threat landscape.
Secular Growth Trends in Cybersecurity
Cybersecurity has been one of the strongest-performing industries over the last decade, driven by robust secular growth dynamics. Companies spent $162 billion on cybersecurity in 2023, according to Gartner,1 more than double what they allocated a decade ago. The combination of accelerating cyber threats, regulatory pressures, and technological innovation is propelling this trajectory.
A More Distributed Digital World
Widespread use of digital applications, remote work, and cloud computing have transformed how businesses operate. Websites and mobile apps have become the primary interfaces between companies and customers, while remote and hybrid work models have distributed employees and corporate data across geographies and devices. To adjust to this increasingly digital, distributed world, companies are migrating to multi-cloud environments and utilizing software-as-a-service (SaaS) platforms. These shifts have introduced new security challenges.
Historically, security teams were charged with protecting a defined corporate boundary—a single office or owned data center—using firewall devices, static passwords, and antivirus software. But today’s networks have expanded across continents, connecting employees from a myriad of devices, and storing sensitive data (intellectual property, customer information, employee payroll files, etc.) in more locations. The side-effect of digitization and remote work is a much larger and more valuable attack surface for hackers to infiltrate.
Cybersecurity index 10-year performance
Compelling secular growth dynamics have fueled the cybersecurity sector’s outperformance over the past decade. Within this sector-wide growth story, there are ample opportunities for investors to identify long-term winners that are aligned with next-generation trends in protecting digital assets.
The performance data quoted represents past performance. Past performance is no guarantee of future results. Current performance may be lower or higher than the performance data quoted.
The Evolving Threat Landscape
Cybercriminals and their methods have evolved significantly over the last two decades. What was once the domain of lone hackers seeking notoriety or financial gains has grown into a sophisticated ecosystem of organized crime syndicates and nation-states. Groups funded by the governments of China, Russia, and North Korea target critical infrastructure, including telecom and energy sectors, while ransomware attacks increasingly deploy advanced tactics such as social engineering, file-less malware, and advanced persistent threats. Making matters worse, attackers have begun using generative AI as a weapon, executing personalized, high-impact attacks at massive scale.
Regulatory and Insurance Pressures
Governments and regulatory bodies are responding to the enhanced threat environment with stricter compliance requirements. For instance, the General Data Protection Regulation in Europe, and the Cybersecurity Maturity Model Certification in the U.S. mandate robust cybersecurity measures for companies handling sensitive data. Non-compliance can result in stiff fines, driving organizations to adopt advanced cybersecurity solutions to meet these regulatory demands.
In addition, as financial damages accumulate, cyber liability insurance providers are requiring policyholders to implement advanced security protocols as a prerequisite for coverage. Insurers are mandating tools such as next-generation endpoint detection and response, zero-trust network architectures, and privileged access management (PAM) solutions to mitigate risk.
A Large, Growing Addressable Market
What does all this mean from an investment perspective? Companies globally are forecast to spend enormous amounts on next-gen technology to stay compliant with regulators, satisfy insurers, and keep out would-be hackers. Gartner projects the cybersecurity space will see major increases in spending over the next several years. In 2024, companies are expected to allocate around $190 billion on security measures; by 2028, that figure is forecast to grow to $293 billion, a 54% increase over four years. The cybersecurity vendors tasked with protecting our digital infrastructure are participating in a giant addressable market.
Next-Gen Solutions in Cybersecurity
The main beneficiaries of the evolving threat landscape will be next-gen cybersecurity platforms that manage the major facets of today’s expanded attack surface: devices, user identities, network connections, and cloud environments.
Extended Detection & Response (XDR)
Corporate endpoints—laptops, desktops, mobile devices, and servers— are the primary tools employees use to access corporate networks and sensitive data. These devices are also the most common entry points for cyberattacks, as they often operate outside secure corporate environments, connecting through home networks, public Wi-Fi,and other less secure channels. Traditional antivirus solutions have become inadequate for defending against modern endpoint breaches. Legacy antivirus technology uses inferior signature-based approaches (circumventable by hackers with AI tools at their disposal) and degrade device performance (bad employee experience).
Next-gen XDR platforms like CrowdStrike and SentinelOne help solve these issues by taking a data-first approach and using AI to analyze endpoint behavior in real-time. These companies use machine learning to detect anomalies, such as privilege escalation and lateral movement, which are common indicators of malicious behavior. They then extend threat detection capability beyond endpoints, consolidating and correlating information from network traffic, email, and cloud workloads, offering comprehensive visibility across an organization’s entire digital estate. This approach helps neutralize threats before they cause widespread damage. Both companies have been rapidly taking share in the $13 billion endpoint protection market and leveraging their endpoint agents to address other security use cases.
The Growing Cyber Threat Environment
The vast scale and impact of cyberattacks is prompting companies across industries to dramatically increase their cybersecurity spending, creating opportunities for investors who can identify companies that provide next-gen solutions.
$4.9 million Average cost of data breach in 20232 | $42 billion Estimated value destruction from ransomware attacks3 |
$265 billion Annual ransomware cost projected by 20314 | $10.5 trillion Total estimated cost of cybercrime5 |
73% Percent of all organizations that have fallen prey to a ransomware attack6 | $2.2 million Average cost savings for organizations that used security, AI, and automation exclusively in prevention vs those who did not7 |
Network Security and SASE
Traditional network security relied on tools such as physical firewalls, secure web gateways, and VPNs to build a perimeter around centralized offices and data centers. These on-premise products focus on two things—analyzing network traffic to prevent external bad actors from accessing data in the data center and preventing employees from accessing malicious websites from the office. The rise in remote work and the proliferation of cloud applications have caused a major paradigm shift, rendering these traditional tools insufficient. Employees now connect to corporate systems from unsecured networks, while SaaS applications like Salesforce and Office 365 host data outside of corporate-owned data centers.
Secure Access Service Edge (SASE) technology—offered by vendors such as ZScaler—addresses these challenges by combining networking and security functions into a single cloud-delivered framework. Unlike traditional methods that reroute all traffic through a central data center, SASE enables fast, direct, and secure connections to cloud resources. By integrating zero-trust principles, SASE validates each user and device per connection session, reducing latency and minimizing vulnerabilities.
Adoption of SASE has financial benefits, too. Fully implementing SASE can pay for itself in as little as six months, offering a 200% to 300% return over three years through cost savings, improved network efficiency, and reduced administrative burdens. With companies like Zscaler leading the market, SASE solutions are quickly becoming a cornerstone of modern network security infrastructure.
Identity Security
Verizon’s 2023 Data Breach Investigations Report noted that 86% of data breaches involve the use of stolen employee credentials. The MGM hackers, for example, tricked a help desk employee into giving them login information. Once the hackers used that password to enter the network, they were able to move laterally and gain access to critical servers that controlled everything from reservation systems to slot machines. The proliferation of digital applications has led to a sprawl in user credentials that hackers are constantly seeking to exploit. The MGM example illustrates that password-based authentication and role-based access controls alone are not enough.
Privileged access management (PAM) platforms, such as those developed by CyberArk, are redefining how organizations protect identities. These solutions focus on securing the most sensitive credentials and accounts by providing just-in-time access, automated session monitoring, and real-time credential rotation. Modern PAM platforms are also helpful in protecting machine identities—API keys, tokens, certificates, and AI agents—which are increasingly targeted in automated attacks. These machine IDs outnumber human IDs 45:1 and are proliferating at an even faster rate, making privileged access controls more important than ever. Companies like CyberArk help detect, store, and manage all the privileged human and machine identities across an organization, thus mitigating the damage hackers can cause if they breach a corporate network.
Cloud Security
Lastly, the migration to the cloud has created an entirely new category of security called cloud native application protection programs (CNAPPs). While running IT systems in the public cloud (using compute and storage from providers like AWS, Microsoft Azure, and Google) dramatically improves the scalability, agility, and cost of creating digital applications, it introduces new challenges for security teams. Modern cloud apps are distributed across multiple servers, leverage hundreds of connections and microservices, and are designed to be updated and changed continuously by developers. They generate massive volumes of data across multiple locations and services. CNAPPs help companies protect their cloud environments by (i) mapping the web of connections and servers to find any risky misconfigurations; (ii) scanning containers and code for maliciousness, and (iii) offering real-time threat detection and protection of cloud resources at run-time.
Cloud adoption is still in early innings, representing somewhere between 20% and 40% penetration of total IT. Aggregate spending on cloud security reached $7 billion in 2023, growing +32% year-over- year, according to Gartner. While impressive, this still only represents 4% of aggregate cloud spend on hyperscalers such as AWS, Azure, and GCP in the same period. As cloud hyperscaler revenue continues to grow and as cloud security attach rates climb, the CNAPP segment is poised to be one of the fastest-growing areas not just in security, but in all of technology. We think this trend will bode well for both pure play startups like Wiz and for public security platform vendors like CrowdStrike and SentinelOne, which are are cross-selling AI- powered CNAPP technology to their installed base of XDR customers. Both CrowdStrike and SentinelOne have CNAPP businesses generating over $100 million in annualized revenue.
Next-Gen Cybersecurity Winners
XDR and CNAPPS
CrowdStrike Holdings is a cloud-architected SaaS cybersecurity vendor offering endpoint security, threat intelligence, and cyberattack response services. We like CrowdStrike for its impressive technological differentiation, high growth, and strong management team. The company’s moat derives from a lightweight software agent and a cloud-based threat graph database that allow it to access, sort, and protect customer data it can then use to launch new products and improve and automate its services. CrowdStrike is disrupting the end point protection market and extending its reach into all corners of cybersecurity, with multi-hundred million revenue segments in cloud security, identity threat detection and response, and security data lakes. We believe the company can grow rapidly given its visionary management team and large total addressable market.
SentinelOne is a cybersecurity vendor primarily focused on endpoint protection: preventing malicious attacks on corporate laptops, mobile devices, and servers. The company collects petabytes of data from over 15MM endpoints across its customer base and uses AI to learn behavior patterns, detect suspicious activity, proactively hunt threats, and roll-back devices to their pre-breach states to mitigate damage when attacks occur. SentinelOne has been winning market share away from legacy antivirus vendors that struggle to keep up with the rapidly evolving threat environment. The company has also leveraged its large security data set across customers to offer new products including cloud security and security data lake. These emerging solutions represent more than a third of bookings, are growing faster than core endpoint protection, and drive much higher long-term contract values. We expect the business to generate positive cash flow next year and healthy 20%-plus margins longer term.
Network Security
With a network of 150 data centers across five continents, Zscaler is the market leader in the SASE and network security sector. The firm’s Zero Trust Exchange features cyberthreat detection, data protection, and zero trust connectivity. It works by determining who/what is requesting access to a resource; verifying the identity and what is being requested in that specific instance; then whether to allow the connection and enforce the security policy per session. Adopting a zero-trust architecture is a key part of modernizing networks
and meeting U.S. federal government cybersecurity standards. We believe Zscaler’s approach will be implemented industry-wide as organizations adopt best practices.
Identity Protection
CyberArk Software is an identity security platform that focuses primarily on privileged access management (PAM). CyberArk’s technology prevents bad actors from stealing and exploiting the credentials of “superuser” accounts like IT administrators, cybersecurity managers, and network administrators. CyberArk detects, stores, and manages all the privileged credentials in an organization, monitors the critical IT systems, and helps contain the damage a hacker can cause if they breach a corporate network. The increasing frequency and severity of ransomware attacks, heightening geopolitical tension, and stricter regulatory disclosure requirements for public companies that experience breaches have all made PAM a higher priority IT spend category. CyberArk is the market leader in the PAM sector, with over 20% share. The company also recently closed its acquisition of Venafi, an identity security vendor that helps companies secure the machine identities, such as digital certificates and SSH keys, that facilitate computer-to-computer communication. The deal, which is accretive to CyberArk’s already healthy margins, makes CyberArk the most comprehensive identity solution in the market and expands the cross-sell opportunity.
Conclusion
As we have seen from recent cyberattacks on businesses such as MGM, United Healthcare, and AT&T, the fallout is financial, reputational, and long-lasting. Operational downtime, customer trust, cyber-insurance issues, and regulatory penalties are prompting companies to seek the ability to anticipate and respond to future attacks in real time. This demand is driving growth in the cybersecurity space.
These dynamics have created opportunities for companies producing next-gen defenses. As cybersecurity attacks grow more sophisticated, CFOs are increasingly willing to spend aggressively to avoid becoming the next MGM anecdote—a pay-now rather than pay-later mentality. Each new breach, while alarming and costly to companies, ensures this highly competitive market will continue to thrive for the next decade.
Featured Funds
Learn more about Baron Funds.
Baron Discovery Fund
- InstitutionalBDFIX
- NAV$35.17As of 02/07/2025
- Daily change-1.04%As of 02/07/2025
Baron Fifth Avenue Growth Fund
- InstitutionalBFTIX
- NAV$63.53As of 02/07/2025
- Daily change-0.41%As of 02/07/2025
Baron Opportunity Fund
- InstitutionalBIOIX
- NAV$52.88As of 02/07/2025
- Daily change-0.88%As of 02/07/2025
Baron Global Advantage Fund
- InstitutionalBGAIX
- NAV$42.62As of 02/07/2025
- Daily change0.00%As of 02/07/2025
Baron Technology Fund
- InstitutionalBTECX
- NAV$14.18As of 02/07/2025
- Daily change-0.63%As of 02/07/2025
Baron International Growth Fund
- InstitutionalBINIX
- NAV$27.76As of 02/07/2025
- Daily change-0.54%As of 02/07/2025