AI is redefining cybersecurity, accelerating both the scale of threats and the sophistication of defenses. More and more, threat actors utilize AI to automate attacks, while enterprises race to defend against them by deploying AI-powered defenses like behavior-based detection and autonomous response systems. Widespread corporate adoption of AI apps and Agentic AI systems will only expand the attack surface and further complicate defense strategies.
As a result, the total market opportunity for cybersecurity is expanding rapidly. Leading cybersecurity firms are rushing to integrate AI into their products, driving operating leverage and expanding margins through platformization, subscription-based revenue, and mergers and acquisitions (M&A). Notably, cybersecurity has proven to be one of the most resilient areas in Information Technology (IT), with steady demand even during economic uncertainty, offering investors durability amid broader market volatility.1
Amid ongoing AI-driven growth and the sector’s intrinsic resilience, we believe the Cybersecurity theme is positioned for strong growth through 2025. In our view, the Global X Cybersecurity ETF (BUG) offers a compelling way for investors to gain targeted exposure to companies within this space.
Key Takeaways
- Rapid generative AI adoption is expanding the cyber threat landscape but also enabling the development of advanced AI-powered defense tools.
- Cybersecurity is projected to grow by over 15% year-over-year (YoY) in 2025 to over $277 billion, outpacing broader IT spending.2 Also, amid economic uncertainty, cybersecurity remains one of the most defensible IT priorities, with Chief Information Officers (CIOs) ranking it among the least likely to face cuts amid the current economic uncertainty.3
- Leading cybersecurity players exhibit strong fundamentals and compelling profitability prospects and offer investors differentiated exposure to AI-driven growth potential.
AI Reshapes the Cyber Threat Landscape
The rise of AI is not just empowering businesses but is also giving cybercriminals new capabilities to scale their operations. Threat actors now use AI to automate phishing campaigns, generate evasive malware, and circumvent traditional security defenses.4 In 2024, the global average cost of a data breach rose to a record $4.9 million, up 10% (YoY).5 In 2025, cybercrime is projected to cost the world $10.5 trillion, nearly 10% of global GDP.6
Investment in AI-driven defense mechanisms, such as behavior-based threat detection and autonomous response systems, is now essential. And firms increasingly have compelling solutions at their disposal with major cybersecurity vendors rapidly developing and releasing AI-powered tools to augment human analysts, automate security operations, and detect anomalies. According to one estimate, the global market for AI-based cybersecurity products could surge from $15 billion in 2021 to about $135 billion by 2030.7
For example, CrowdStrike’s Charlotte AI is a generative AI assistant designed to act as a low-level security analyst that can perform mundane operations such as triaging alerts, investigating incidents, gathering threat intelligence, and recommending remediation steps.8 Charlotte AI also brings substantial productivity benefits for its users. Its Detection Triage feature automates alert assessments with over 98% accuracy, saving security operations center teams more than 40 hours of manual work per week on average.9 Similarly, Check Point’s Infinity AI Copilot is an AI-powered assistant designed to help security analysts detect, investigate, and respond to threats faster and more accurately, potentially being a solution for the global shortage of cybersecurity professionals.10 Network security leader Fortinet offers Forti AI to help security analysts query cyber ops data and understand threat patterns.11
As AI costs decline and model capabilities advance, we expect this wave of innovation to accelerate, bringing a steady stream of increasingly powerful cybersecurity tools to market.
Security Spending Accelerates Ahead of the Broader IT Market
In 2025, the cybersecurity market is projected to grow over 15% YoY to nearly $278 billion in annual spending, outpacing global IT spending growth by over 5 percentage points.12,13 Despite this expected growth, cybersecurity spending only accounts for roughly 6% of overall IT spending in 2025, suggesting healthy room for growth ahead.14
Supporting continued spending growth is the highly fragmented nature of the cybersecurity market, which demands a broad array of solutions, which can include solutions such as endpoint security, network security, identity security, cloud security, data security, and other specialized measures. For example, the ongoing data center infrastructure upgrade is expected to benefit cyber end-markets like network security, which is expected to accelerate from 6.2% YoY growth in 2023 to 15.1% growth in 2025.15
We also believe that the recent spate of cyberattacks targeting U.S. government infrastructure, the power grid, defense systems, and other critical assets is likely to elevate cybersecurity as a national priority. This heightened focus could boost procurement of network security systems, firewalls, zero-trust solutions, identity management services, and related technologies. The federal budget for fiscal year (FY) 2025 proposed $75 billion for IT spending, spread across various government agencies. Cybersecurity was ranked a top priority. 16 The Department of Defense, for example, sought an additional $14 billion for its 2025 budget, in part to advance the implementation of technology like zero-trust.17
Cybersecurity Fundamentals Have Strengthened
Leading cybersecurity firms currently boast healthy operating margins, helped in recent years by mature sales channels and strong distribution networks. Between 2021 and 2024, these firms significantly expanded their operating margins, largely by securing bigger contracts without a proportional rise in marketing costs.18 Companies like Palo Alto Networks and CrowdStrike prioritize platformization, where they bundle product offerings and accelerate product cycles to secure eight-figure deals. Vendor consolidation is also gaining momentum as enterprises tighten budgets and streamline tech stacks, particularly in a weak macroeconomic environment.
Also working in the cybersecurity industry’s favor is that many of its products are now sold on a subscription basis, which can result in stickiness, high repeatability, and recurring revenues, helping companies boost margins. Given these dynamics, cybersecurity companies have better average sales growth and higher net dollar retention rates relative to non-cyber software companies.19
Profitability for cybersecurity leaders has been improving as operating leverage kicked in. Palo Alto Networks improved operating margins by 7.9% between fiscal year 2022 and 2024, with roughly 6% growth in free cash flow margins.20 CrowdStrike’s subscription-heavy software offering resulted in a 78% gross margin in fiscal year 2025, with free cash flow of $1.07 billion, up from $938 million in fiscal year 2024.21 Such a strong financial footing can enable companies to stay nimble and continue to invest in cutting-edge technologies.
Cybersecurity May Offer Durable Growth Amid Economic and Tariff Headwinds
Protecting critical infrastructure, corporate data, and national security is a non-discretionary priority for many organizations and governments.22 According to a Q1 2025 CIO survey, security and AI are the least likely areas to face budget cuts in a downturn and are targeted for the largest increases in spending.23 This expected resilience makes cybersecurity stand out in 2025, especially as trade tensions and tariff uncertainty rattle markets and growth investors seek sectors with durable demand.
Moreso, unlike hardware-centric industries that are more exposed to tariffs and global supply chain disruptions, cybersecurity firms can benefit from software-based, subscription-driven business models. These recurring revenue models decouple top-line growth from hardware price-volatility and enable vendors to maintain pricing power and supports margin stability, even in a turbulent trade environment.
BUG is Aligned to Seek to Capitalize on Cybersecurity’s Long-Term Growth
We believe that the Global X Cybersecurity ETF (BUG) is well-positioned to capture the upside of rising cybersecurity budgets, accelerating AI adoption, and the shift towards subscription-based cybersecurity solutions. In summary, BUG seeks:
- Pureplay Exposure: BUG is a passively managed fund that seeks to track an index whose methodology requires potential constituents to derive at least 50% of their revenue from cybersecurity activities. This high threshold targets companies with primary focus on cybersecurity solutions, spanning key markets such as network security, endpoint security, data security, cloud security and more.
- Bias Towards Category Leaders: The strategy uses a modified market-cap weighting approach, prioritizing exposure to cybersecurity leaders, allowing investors to gain access to companies at the forefront of innovation within cybersecurity.
- Geo-Diversification: BUG offers broad geographic diversification by capturing cybersecurity leaders from critical and rapidly growing markets, including Israel, Japan, and other parts of Asia, in addition to the United States. This ensures investors are exposed to global leaders in cybersecurity.
Conclusion: Cybersecurity Offers Potential Growth and Resilience Amid Uncertainty
AI is reshaping the digital battlefield, further catalyzing growth for the Cybersecurity theme. New solutions are in demand across the public and private sectors as AI increasingly complicates an already complicated threat landscape, and cybersecurity leaders are rapidly innovating and capitalizing on these opportunities. As spending accelerates and the market evolves, we believe that the Cybersecurity theme is well-positioned for sustained growth, offering growth investors defensibility amid broader market volatility.
Related ETFs
BUG - Global X Cybersecurity ETF
Click the fund name above to view current performance and holdings. Holdings are subject to change. Current and future holdings are subject to risk.